Security Cipher

NameDescriptionFamily
Cross Site Script (XSS)Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.VulnerabilityRead More >>
Burp SuiteBurp Suite is an integrated platform/graphical tool for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities.ToolRead More >>
Cross-Site-Script (XSS)XSS is a type of injection attack that occurs when malicious code is injected into your web application via user input. This can allow attackers to steal cookies, access sensitive information, redirect users, etc.Vulnerability
SQL InjectionSQL Injection is a form of injection attack where data entered into a web application forms a query string that is sent to a database server. An attacker may use this vulnerability to extract confidential information from databases, deface websites, delete data, or even modify transactions.Vulnerability
(Cross-Site Request Forgery (CSRF)CSRF is a type of request forgery attack that exploits a trusted session between a victim and a website. By manipulating the trusted session, an attacker can trick the victim into performing actions against their own interests.Vulnerability
Strict-Transport-Security (HSTS)HTTPS stands for Hypertext Transfer Protocol Secure. This protocol was designed to ensure that data sent between two computers is encrypted. When using HTTPS, the connection between your browser and website's server is secure. HSTS is a security measure that forces browsers to use only secured connections to websites. This helps prevent man-in-the-middle attacks, where someone can intercept and read your traffic without being detected.Security Header
(Open Web Application Security Project) OWASPOWASP (Open Web Application Security Project) is a community-driven open standard that helps organizations identify, analyze, and mitigate application security risks. OWASP provides free resources like guides, tools, training, events, and forums to help developers, testers, architects, and other IT professionals understand and effectively secure their applications.Community
DevSecOpsDevSecOps is a concept where developers and operations work together to deliver secure software faster.
JenkinsJenkins is a free open-source automation tool that can help you automate your workflow. Jenkins is a continuous integration server, meaning that it runs automated tests on your code before each commit. This helps ensure that your code works properly before you push it to GitHub.Tool
OWASP ZAPZAP stands for Zero Access Pathway. This project was created to help prevent attacks from malicious code that can be embedded into websites. By using this tool, we are able to scan our website for any vulnerabilities that may exist.Tool
OWASP Top 10The OWASP Top 10 is a list of the most common web application security risks. These risks include SQL injection, cross-site scripting, session management, insecure deserialization, directory traversal, parameter tampering, path disclosure, open redirects, insecure direct object references, and many others.
Username unumerationUsername enumeration is a technique that allows attackers to discover usernames from user accounts. This can be done through brute force attacks, dictionary-based attacks, or even social engineering. In this video we'll discuss how to perform username enumeration using Burp Suite.Vulnerability
Directory TraversalDirectory Traversal is the ability to access files that are not normally accessible. This can be done through the use of tools like FTP (File Transfer Protocol) or SSH (Secure Shell). Directory traversal is used to gain access to restricted directories.Vulnerability
Secure Shell Protocol (SSH)Secure Shell Protocol is used to transfer files securely over a network. SSH is a protocol that allows users to log into remote computers using passwords or public/private keys. SSH can be used to connect to any computer running a Unix-like operating system.Protocol
Secure Copy Protocol (SCP)Secure Copy Protocol is a file transfer protocol that uses encryption to ensure data integrity while being transferred between two hosts. SCP is commonly used to copy files from one host to another.Protocol
Simple Network Management Protocol (SNMP)Simple Network Management Protocol is a standard communications protocol for managing devices on IP networks. SNMP provides information about network elements like routers, switches, servers, etc.Protocol
Hypertext Transfer Protocol Secure (HTTPS)This protocol is used to transfer data securely over the internet. When you are using your browser to access websites, the website's address begins with https:// instead of http://. This means that any information sent from the site to your computer is encrypted, making sure that no one can read it while it travels across the web.Protocol
Hypertext Transfer Protocol (HTTP)his protocol is used when you want to visit a website. Your browser uses this protocol to communicate with the server.Protocol
Simple Mail Transport Protocol (SMTP)This protocol is usually used to send emails.Protocol
Local File Inclusion (LFI)Local File Inclusion is a type of security vulnerability that allows attackers to include files from remote locations into web pages served by vulnerable servers. This can allow them to steal sensitive information like usernames, passwords, credit card details, etc. LFI attacks are usually carried out through malicious links in emails or websites.Vulnerability
Remote File Inclusion (RFI)Remote File Inclusion is similar to local file inclusion but instead of including files locally, the attacker includes files remotely. This means that they don't need to have access to your server at all. They just need to know the path to the file. RFI attacks are usually carried through cross site scripting vulnerabilities.Vulnerability
Remote Code Execution (RCE)Remote code execution occurs when a malicious actor executes code remotely without having direct access to the system. This can occur via a variety of vectors, including web-based attacks, email attachments, infected USB devices, etc. There are many different ways that remote code execution can take place. Some common vectors include: Web Application Attacks, Email Attachments, Malicious Links, Infected USB Devices, and Other Methods.Vulnerability
wordpressWordPress is a free and open-source content management system (CMS) that allows users to easily publish their web pages or blogs online. WordPress was created by Automattic, LLC, the company behind the popular blogging platform Tumblr. WordPress is used by millions of people across the globe and has been downloaded over 100 million times.CMS
JoomlaJoomla! ® is free software released under the GNU/GPL license. Joomla!® was created to provide developers with a robust, reliable, and powerful content management system (CMS) platform that can be used to create websites and web applications. Joomla!™ is open-source software, meaning that its code is freely available for anyone to use and improve upon.CMS
StrapiStrapi is a free open-source platform that makes developing your own web applications easy. It's built using ReactJS (a JavaScript library) and GraphQL (an API query language). You can use any programming language to develop plugins for Strapi. Strapi is used to create modern websites and mobile apps. With its modular architecture, you can easily add features like authentication, user management, data storage, email sending, payment processing, analytics, etc.CMS
GraphqlGraphQL is a query language that allows you to define how data should be returned from your API. This is done through a simple interface where you can define what fields are returned and how they are formatted. You can then use this information to create client-side applications that consume your API. Apollo Client is a library that makes working with GraphQL easy. It provides a number of features including caching, subscriptions, error handling, and much more.Language
Java ScriptJavaScript is a programming language that can be used to create interactive web pages. JavaScript is embedded into HTML (HyperText Markup Language) documents to add interactivity and animation to your website. In this tutorial we are going to learn how to embed a simple Java Script code into our HTML document.Language
WiresharkWireshark is a network protocol analyzer that can capture packets from any interface on your computer. You can then use this information to analyze traffic on the network. This tool is useful for troubleshooting problems on the local area network (LAN) and helps identify what type of data is being sent over the wire.Tool
Aircrack-ngThis is a free software tool that allows you to crack WEP/WPA/WEP2 networks using only your wireless card. This program has been tested on Windows XP SP2, Vista, 7, 8, 10 and Mac OS X 10.5.8.Tool
GithubGitHub is a web-based hosting service that allows users to create online repositories where they can store files and share them with others. This allows developers to collaborate and work together easily from anywhere at any time. GitHub was founded in 2008 by Chris Wanstrath and PJ Hyett.
GitGit is a version control system (VCS) used to manage changes to software code. A VCS helps programmers keep track of who changed what, when, and why. Git was created by Linus Torvalds while he was working for Novell in 2004.
Kali LinuxKali Linux is a free open-source security distribution based on Debian GNU/Linux. Kali Linux was created by Offensive Security, Inc., a U.S.-based computer security company specialising in penetration testing and ethical hacking.Operating System
WindowsWindows Operating System (WOS) is a computer operating system developed and marketed by Microsoft Corporation. It was first released in 1985 as MS-DOS 6.0 and has since been updated several times. WOS is currently used on personal computers, servers, embedded systems, mobile devices, video game consoles, and other computing platforms.Operating System
Directory ListingDirectory listing vulnerabilities are a common problem that can occur when web servers are configured incorrectly. This type of vulnerability allows hackers to gain access to sensitive information about your website. A hacker may use this information to steal your customers' personal data, sell their information, or even shut down your site completely.Vulnerability
DOM Cross Site Scripting (DOM XSS)DOM Cross Site Scripting (XSS) is a type of security vulnerability that occurs when malicious code is injected into a web page's Document Object Model (DOM). This can allow attackers to steal cookies, inject ads, redirect users, or access sensitive information.Vulnerability
Java DeserializationThe Java serialization mechanism allows objects to be saved to files or streams. This can be used to store data that needs to be sent over networks or stored on disk. However, this feature has been exploited before. In fact, the first time I heard about this was back in 2004, but it wasn't until recently that I started to pay attention to this issue again. How does it work? Serialization works by converting an object into a stream of bytes. These bytes are then written to a file or streamed to other applications. When reading these bytes, the application reads them from the file or stream and converts them back into an object. What's the problem? This method of storing information is great, but it has some drawbacks. One of the biggest problems is that if the original object isn't properly initialized, it could cause a memory leak. If the object contains pointers to other objects, they may not be deallocated properly. Another problem is that the serialized form of the object doesn't contain any information about its type. This means that if the object is converted back into its original state, it won't know what kind of object it is.Vulnerability
Open RedirectionThe open redirect vulnerability allows attackers to use malicious URLs that point to any website other than the intended target. This can allow them to steal cookies, inject malware into your browser, or even change the content of the page you are viewing.Vulnerability
Session FixationSession fixation occurs when an attacker takes control of a user's session ID. They may then impersonate the user by logging into websites they have access to.Vulnerability
Server-Side Template Injection (SSTI)Server side template injection is a technique that allows attackers to inject malicious code into web pages without having access to the server's filesystem. This can allow them to bypass certain security controls, like firewalls, and gain remote control over vulnerable servers. SSTI works by using HTML tags to insert content from external files. These files are typically stored on the same server as the page being served, but they could also be stored on other servers. When a user requests a page containing an embedded file, the browser first sends a request to the server hosting the page. If the server does not have a copy of the file, it returns a 404 error message. However, if the server has a copy of the file and it contains malicious code, the server may serve it instead of returning a 404 error.Vulnerability
Host Header InjectionHost Header Injection is a technique that allows attackers to inject malicious code into web pages served by vulnerable servers. This can allow them to steal cookies from other users, redirect victims to phishing sites, or even install malware on their computers. IT is used to deliver ransomware, exploit banking websites, and launch DDoS attacks. An attacker can use this flaw to create a specially crafted request that will cause the application to perform actions on behalf of the user.Vulnerability
X-Frame-OptionsX-Frame-Options HTTP Response Header allows web browsers to prevent clickjacking attacks against pages that use framesets. This prevents malicious sites from tricking users into clicking links that take them out of their intended frame.Header
Content-TypeThe content type is used to identify the MIME format of the data being transmitted. This information can be used by a web server to determine how to handle the request.Header
X-Content-Type-OptionsThe header allows the client to specify that they want to prevent caching of the document. In other words, if the browser requests this document again, it should not use its cached version but instead send a fresh copy back to the user.Header
X-XSS-ProtectionThe header prevents cross site scripting attacks by setting the value of the 'script' attribute to 'false'. If a malicious script is injected into your page, this option will prevent it from executing.Header
Content-Security-PolicyContent Security Policy (CSP) is a W3C specification that allows web applications to declare what resources they are allowed to load from. This helps prevent cross-site scripting attacks. CSP can be used to restrict access to sensitive data like credit card numbers, passwords, etc.Header
JSON Web Token (JWT)JSON Web Token (JWT) is a JSON-based data structure that can be used to encode information about an identity, including its claims. JWTs are commonly used in OAuth 2.0 access tokens and OpenID Connect ID Tokens. They are based on the concept of signing and encrypting messages using HMAC SHA-256 hashing algorithms.
Security Assertion Markup Language (SAML)SAML is a standard that allows users to authenticate themselves to web services using their username and password. This is useful if your website uses a third-party service that requires authentication. SAML is used for Single Sign On (SSO) where a user logs into a single application and then can access other applications without having to log in again.
OAuthOAuth stands for Open Authentication. It's a protocol that allows third-party systems (such as social media sites) to access your information without having to ask for your username and password. This is especially useful if you're using multiple accounts from different websites. OAuth is used to authorize requests from clients, usually web applications, to obtain tokens that can be exchanged for a user's basic profile information. These tokens are short lived, typically only good for a few minutes, but they do allow the application to request specific pieces of data without exposing the user's credentials.
Cross-Origin Resource Sharing (CORS)The Cross-Origin Resource Sharing (or CORS) is a standard that allows web servers to specify what origins are allowed to access their resources. This can help prevent cross-site scripting attacks. When a website wants to load content from another domain, they have to use either JSONP or XMLHttpRequest. These methods allow JavaScript code to make requests to other domains, but they both have some drawbacks. In order to implement CORS, the server needs to add a header to its responses. This header contains information about which origins are allowed to access the resource.
HTML InjectionThe HTML injection vulnerability allows an attacker to inject arbitrary HTML into any page loaded from this domain.Vulnerability
HTTP MethodsHTTP Methods are used to communicate with a web server. They define how the client can interact with the server. There are five different types of HTTP methods that are defined as follows: GET, POST, PUT, DELETE, and HEAD. These methods are used to perform operations like retrieving data from a database, updating information, deleting records, etc.
CookiesCookies are temporary files that store information about your browsing activity on a website. They can be used to track what pages you visit and how long you spend on each page. Cookies are usually deleted once you close your browser but some websites may use them to keep track of your activities over time.
Subdomain TakeoverSubdomain takeover vulnerabilities are a type of attack that can occur when a website is compromised and the attacker gains access to other subdomains on the same domain name. This allows them to gain control over those subdomains and use them to spread malware, steal information, or even redirect users to malicious websites.Vulnerability
MalwareMalware is a term used to describe malicious software that can cause harm to your computer. This includes viruses, worms, trojans, adware, spyware, rootkits, etc.Term
VirusA virus is a type of malware that infects your computer's operating system. Viruses are usually spread through email attachments, websites, or other types of files. Once infected, they replicate themselves over and over again until they have taken control of your entire hard drive.Term
WormsWorms are small pieces of code that can copy themselves from one computer to another. They do this by using the internet to find computers that are vulnerable to them. Once they find a target, they attach themselves to the computer and wait for instructions. These instructions could be anything from sending spam emails to stealing personal information.Term
AdwareAdware is software that has been designed specifically to infect your computer without your knowledge or consent. This software can cause problems ranging from slow performance to complete system failure. Adware is usually bundled with other programs and often comes pre-installed on computers. Once installed, adware may continue to run even after you have uninstalled the original programTerm
SpywareSpyware is software that is designed to monitor what you do online. Some spyware is used to steal personal information from your computer while others are used to track your internet activity.Term
RootkitsRootkits are malicious software that can infect your computer without your knowledge. They are usually installed through other malware programs like viruses, Trojans, etc. Rootkits are designed to hide their existence from the user and make them undetectable. Once they have been installed, rootkits can monitor your activities and steal information from your system. This includes passwords, banking details, credit card numbers, personal data, etc.Term
Amazon Web Services (AWS)Amazon Web Services (AWS)nAmazon Web Services is a cloud computing service that provides Internet-based resources through virtual machines. AWS offers several different types of services including Elastic Compute Cloud (EC2), Simple Storage Service (S3), Elastic Block Store (EBS), Relational Database Service (RDS), Auto Scaling, Elastic Load Balancing, and CloudFormation. These services are designed to make it easy to set up, operate, and scale infrastructure.Cloud Platform
Microsoft AzureMicrosoft Azure is a cloud computing platform that allows users to build and deploy applications online. This helps businesses reduce costs and increase productivity. Microsoft Azure provides its customers with a wide range of services including web hosting, database management, email, storage space, and many others.Cloud Platform
Google Cloud Platform (GCP)Google Cloud Platform (GCP), is a fully managed service that provides developers with a suite of tools to build, deploy, and manage applications online. GCP offers a variety of services including storage, networking, databases, analytics, machine learning, messaging, APIs, and many others.Cloud Platform
Alibaba CloudAlibaba Cloud is a cloud computing service platform provided by Alibaba Group Holding Limited. It was launched in 2009 and has been expanding rapidly since then. It provides services including Infrastructure-as-a-Service (IaaS), Platform-as-a-service (PaaS) and Software-as-a- Service (SaaS).Cloud Platform
Oracle CloudOracle Cloud is a service that provides computing resources through the Internet. Oracle Cloud offers services like storage, databases, networking, and other IT infrastructure services. It is a platform-as-a-service (PaaS) offering from Oracle Corporation.Cloud Platform
Secure Socket Layer (SSL)This protocol was developed to provide secure communication between web browsers and servers. In other words, this protocol provides encryption and authentication of data that is sent over the internet. SSL uses public-key cryptography. Public-key cryptography relies on two keys: a public key and a private key. The public key can be shared freely while the private key should only be known to the owner. When a user wants to send information to a server, they use their own private key to encrypt the message. Only the recipient has access to the private key, so they are able to decrypt the message using the public key.Protocol
File Transfer Protocolhe file transfer protocol (FTP) is a standard way to move files between computers over a network. FTP is used to upload and download files from a server to your computer. You can use this method to send large amounts of data to and from your website.Protocol
Secure File Transfer Protocol (SFTP)Secure File Transfer Protocol (SFTP) is an encrypted version of the File Transfer Protocol (FTP). SFTP uses public-private key encryption to encrypt communications between client/server. This means that only the user who has the private key can decrypt the communication.Protocol
Demilitarized zone (DMZ)Demilitarized Zone (DMZ) is a term used to describe a portion of a network that has been separated from the rest of the network to prevent unauthorized access to sensitive information. DMZs are typically located between two firewalls, one internal and one external. This separation prevents any data from being transferred between the networks.Term
FirewallFirewalls are used to protect your computer from outside attacks. They can be either software-based (e.g., antivirus) or hardware-based (e. g., firewalls). Firewall is a type of gateway that controls incoming and outgoing network connections and allows only certain kinds of data to enter or leave a computer.Term
Intrusion Detection System (IDS)Intrusion detection system (IDS) is a network security device that monitors computer networks for unauthorized activity. An IDS can detect intrusions at various stages of their life cycle. Intrusions are detected using different methods including signature matching, anomaly detection, protocol analysis, host-based monitoring, and misuse prevention.Term
Intrusion Prevention System (IPS)Intrusion prevention system (IPS) is a network security device that monitors traffic entering or leaving a protected area. An IPS can detect and block unauthorized access attempts to a computer network.Term
Internet Service Provider (ISP)Internet Service Provider (ISP) is a company that provides access to the internet. ISPs are often referred to as broadband providers. There are many different types of ISP's including cable companies, satellite companies, DSL providers, wireless carriers, etc.Term
Virtual Private Network (VPN)A virtual private network (VPN) is a secure connection between two devices that allows them to communicate securely over a public network. A VPN creates a secure tunnel through the internet from your computer to a remote server allowing you to access resources on the other side of the internet without being exposed to hackers.Term
Domain NameDomain names are used to identify Internet resources, such as websites, computer servers, and other services that are connected to the Internet. A domain name consists of a series of characters that identifies a server's IP address. Domain names are organized into various top-level domains (TLDs), including.com,.net,.org, and many others.Term
Dynamic Host Configuration Protocol (DHCP)This protocol allows your computer to automatically obtain IP addresses from a central server. DHCP is used to assign IP addresses to computers that are connected to a network.Term
IP AddressAn IP address is a unique identifier that identifies each device connected to the internet. Every device has its own IP address, which allows computers to communicate with each other over the internet. An IP address consists of four numbers separated by dots (e.g., 192.168.1.1). Each number represents a different section of the network. The first three sections are called octets. Octet 1 is the network ID, octet 2 is the subnet mask, and octet 3 is the host ID.Term
BotnetsBotnets are networks of infected computers that are used to control other computers remotely. They can be used to perform any number of malicious activities, including sending spam email, stealing data, launching denial-of-service attacks, and even committing credit card fraud.
Denial of ServiceDenial of Service (DoS) attacks are a type of cyber attack that involves flooding a target computer system with requests from multiple sources until it becomes overwhelmed and either crashes or slows down to a crawl. This can cause significant damage to the targeted network.Attack
Distributed Denial-of-Service (DDoS)Distributed Denial-of-Service (DDoS) attacks involve sending malicious traffic from many different computers at once. This makes them harder to detect and stop than single-source DoS attacks.Attack
PhishingPhishing is a type of social engineering that involves sending emails to people pretending to be someone else (the “victim”) asking them to perform some action on their behalf. This can include requesting personal information like usernames, passwords, credit card details, etc.Attack
Social EngineeringSocial Engineering is the act of manipulating people into doing things they normally wouldn't do. This can either be done through deception or manipulation. Social engineering is used in many different ways, but some common examples are phishing (faking emails), phone scams, and even physical attacks. In this video we discuss how social engineering is being used today by hackers around the world to gain access to sensitive data and systems. We then explore the different ways that social engineering can be used to manipulate people.Attack
EncryptionEncryption is the process of converting data into a form that can only be read by those who have access to a specific code or key. This is done through the use of mathematical algorithms.Term
HashingHashing is the act of using a computer program to create a unique hash code from a string of text. This hash code can then be used to identify that same string of text later on. Hashing is typically used to make sure that two different strings are not identical.
ClickjackingClickjacking is a type of attack that involves tricking users into clicking on links/buttons that take them to malicious websites. This can happen if the user is tricked into thinking they are visiting a legitimate website but instead end up at a phishing site where their personal information is stolen.Vulnerability
Dark WebThe Dark Web is a hidden section of the internet that requires special software to access. This area of the web is used primarily for illegal activities such as buying and selling drugs, weapons, counterfeit goods, hacking into private databases, and other criminal activity.
DarknetDarknet is a term used to describe the hidden parts of the internet that are not indexed by search engines. These websites can be accessed through Tor (The Onion Router) browser, which allows users to browse anonymously. Darknet markets have been around since before Bitcoin was even created. They offer everything from drugs, weapons, stolen credit card details, and other illicit goods and services.
BitcoinBitcoin is a cryptocurrency that was created in 2008 by Satoshi Nakamoto. It uses peer-to-peer technology to facilitate instant payments. The total supply of Bitcoins is capped at 21 million coins, though this limit can change over time. Bitcoin offers low transaction fees, minimal volatility and allows users to send money across the world without borders or intermediaries.
NiktoNikto is a free online scanner that checks your server for vulnerabilities like SQL injection, directory traversal, cross-site scripting (XSS), file inclusion, remote code execution, etc. Nikto can scan both Apache and IIS web servers.Tool
Active DirectoryActive Directory (AD) is a Microsoft technology that provides centralized management of user accounts and resources across multiple devices and platforms. AD allows users to access their network resources from any device, anywhere at any time.
Dex2JarDEX2JAR is a free online tool that allows users to convert their favourite files into jar archives. This can be done manually or automatically using batch conversion scripts.Tool
BluestacksBluestacks is a free app that allows you to run android apps on your windows pc.Tool
nampNmap is a free open-source utility for network discovery and security auditing. Nmap uses raw IP packets in novel ways to determine what hosts are available on your network, what services (application name and version) they are offering, what operating systems and OS versions they are running, and what type of packet filters/firewalls are in use at their perimeter.Tool
CoverityCoverity is a software testing tool that helps developers identify potential vulnerabilities in their code before they are released into production. Coverity uses static analysis techniques to detect coding errors, including memory leaks, buffer overflows, race conditions, and other common programming mistakes.Tool