owasp top ten

OWASP Top Ten

Development shops need to practice safe and secure coding. The best way to get your developers all on the same page is to train them in the Top 10 most common security mistakes made in coding. Visit CyberHoot.com’s blog article here on OWASP Top 10 coding errors that lead to insecure applications.

May 26th, 2020

MAZE Ransomware

Ransomware has been the scourge of businesses for many years. MSP’s and SMB’s have sought to protect themselves with strong backups rather than educating users in many cases. With the MAZE ransomware, hackers have upped the ante for SMB’s by exporting the data and threatening to release it to the public Internet exposing that data and breaching its confidentiality. Train employees to spot and avoid these attacks rather than rely on your backups or you will be paying these bitcoin ransom extortion requests.

May 14th, 2020

wireshark cybrary term

Wireshark

Wireshark is a powerful network analysis and packet assembly tool. It is used by Network Administrators and hackers alike to view data on the Local Area Network regardless of wired or wireless.

May 14th, 2020

rainbow table definition cybrary

Rainbow Tables

Rainbow tables are mostly dead today, but not all dead. Salting and iterative hashing functions have made rainbow tables obsolete when used. However, there are hundreds of thousands of websites and password databases that do not use password salting and iterative hashing making a rainbow table useful for hackers in these situations.

May 14th, 2020

Man-In-The-Middle Attack

Man-In-The-Middle (MITM) attacks are a hacker staple. They are commonly used on rogue WiFi networks where unsuspecting free WiFi users unencrypted traffic can be intercepted by these MITM attacks.

May 13th, 2020

session hijacking cybrary

Session Hijacking Attack

Web applications are rapidly eclipsing desktop application installs. However, each web application has an exposure to Session Hijacking not present on a desktop installed software product. Learn all about this attack vector with online applications at CyberHoot.com.

May 13th, 2020

Buffer Overflow Attack

Online applications that allow for password logins, database searches, and forms completion will need to validate the input they allow to prevent excessive input data that could overflow the system buffers receiving such inputs. Otherwise, code can be injected to run on these systems through these missing input validation coding errors as buffers overflow.

May 13th, 2020

hmac cybrary term

HMAC Authentication

HMAC Authentication is short for Hash-Based Message Authentication Code, a strategy used to verify the integrity and authenticity of a message. This strategy is different from other authenticaton methods in …

May 13th, 2020

Internet of Things (IoT)

The Internet of Things (IoT) is any device or machine that has the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction. IoT is essentially any …

May 12th, 2020

credential stuffing cybrary term

Credential Stuffing

When hackers are in possession of a large set of usernames and passwords, they perform credential stuffing attacks on popular websites, slowly enough to evade failed password login monitoring solutions. Over time they will amass a treasure trove of compromised credentials which they can sell on the dark web for a tidy profit or they can use those credentials to cause significant damage to the original account holder.

May 7th, 2020

password salting cybrary term

Password Salting

Passwords are toxic data. They require very careful handling to avoid a major security incident from taking your company down. Salting and hashing those passwords recursively is critical to your application authentication success. Learn more about this at CyberHoot.com.

May 6th, 2020

cots cybrary

Commercial Off-The-Shelf (COTS)

Commercial Off-The-Shelf (COTS) in cybersecurity is a computer hardware or software product made for nearly any user because it is available to the general public for purchase. COTS products are …

May 5th, 2020

anti malware cybrary term

Anti-Malware

Anti-Malware is a solution that maintains computer security and protects sensitive data that is transmitted by a network or stored on local devices. Anti-malware tools employ signature based scanning strategies …

May 5th, 2020

MAZE Ransomware: 3x Threat to Data Security

MAZE Ransomware represents a change for the worse in the capabilities of online hackers today. Traditional backup strategies are no longer enough to provide a get-out-of-jail-free card when hit with ransomware. Data confidentiality is also at risk now and that changes who will pay ransoms dramatically. Prepare now to avoid this scourge of online hacking.

April 28th, 2020

Safe Links | URL Protection | Link Protection

Links in email can lead to malicious websites that push malware to your computer or attempt to steal your credentials when you visit a look-alike website that prompts for a familiar looking login. To address this risk, Anti=SPAM email security gateways and providers have implemented a URL rewrite technique to proxy connections to these websites after inspection by the Vendor reveals them to be safe. This technology is called by many different names including: Safe Links (Microsoft), URL Protection (Mimecast), and Link Protection (Great Horn).

April 22nd, 2020

End-Of-Life (EOL) – End-Of-Support (EOS)

End-of-Life (EOL)/End-of-Support(EOS) describe the final stage of a product’s lifecycle. Once a product reaches EOL/EOS, developers stop updating and patching the product and it is no longer maintained. Software development …

April 21st, 2020

Remote Monitoring and Management (RMM)

Remote Monitoring and Management (RMM) is a set of Information Technology (IT) tools that are installed into client workstations and servers. RMM tools gather information on installed applications, hardware performance, …

April 16th, 2020

mrr cybrary term

Monthly Recurring Revenue (MRR)

Monthly Recurring Revenue (MRR) is the most important topic for Managed Service Providers (MSPs). MRR is the lifeblood of MSPs and services they can bring into their portfolio of service …

April 14th, 2020

Data Classification

Data Classification is about categorizing data into buckets to make it easier to retrieve, restrict access to, and protect. Data classification is important for businesses protect data according to its …

April 10th, 2020

Contact Tracing

Contact Tracing is medical term which describes a process used to identify, trace, and contact people potentially exposed to highly infection contagion such as the Coronavirus in highly communicable situation …

April 7th, 2020

zoom bombing coronavirus hackers

Zoom Bombing

Zoom Bombing is where an unauthorized person enters your Zoom video conference to cause disruptions or to gain sensitive information. Many companies and schools have begun using video conferencing extensively …

April 1st, 2020

Gateway

A Gateway is a hardware device that sits between two networks, acting as a “gate”. An example of a gateway is a router, firewall, server, or anything that allows traffic …

March 31st, 2020

Elliptic Curve Cryptography

Elliptic Curve Cryptography (ECC) is a public key encryption method that is based on elliptic curve theory that is used to create faster, smaller, and more efficient cryptographic keys. Historically, …

March 31st, 2020

White Box Testing

White Box Testing is a form of penetration testing  which tests internal structures of an application, as opposed to the applications functionality (also known as Black Box Testing). Programming skills …

March 31st, 2020

Fragment Overlap Attack

A Fragment Overlap Attack, also known as an IP Fragmentation Attack, is an attack that is based on how the Internet Protocol (IP) requires data to be transmitted and processed. …

March 31st, 2020

Infrastructure as a Service (IaaS)

An Infrastructure as a Service (IaaS) is a cloud based service that helps companies build and manage their data as they grow, paying for the storage and server space that …

March 31st, 2020

Platform as a Service (PaaS)

A Platform as a Service (PaaS) is a type of cloud computing, similar to Software as a Service (SaaS), where a service provider delivers a platform to clients, enabling them …

March 31st, 2020

Steganography

Steganography (pronounced: steh·guh·naa·gruh·fee) is the technique of hiding data secretly within an ordinary, non-secret, file or message in order to avoid detection. The use of steganography can be combined with …

March 30th, 2020

Software as a Service (SaaS)

Software as a Service (SaaS) is a cloud-based service where instead of downloading software to your desktop PC or business network to run and update, you instead access an application …

March 26th, 2020

Human-Machine Interface (HMI)

Human-Machine Interface (HMI) is the hardware or software through which an operator interacts with a controller. An HMI can range from a physical control panel with buttons and indicator lights …

March 25th, 2020

Test Oracle

A Test Oracle is a mechanism for determining whether the program has passed or failed a test. The use of test oracles involves comparing the output of the system under …

March 25th, 2020

Black Box Testing

Black Box Testing is a method of software testing that examines the functionality of an application without peering into its internal software structures (which is known as White Box Testing). …

March 25th, 2020

Near Field Communications (NFC)

Near Field Communications (NFC) is a short-range wireless technology that enables simple and secure communication between electronic devices. It may be used on its own or in combination with other …

March 24th, 2020

Radio Frequency Identification (RFID)

Radio Frequency IDentification (RFID) is a system used to track objects, people, or animals using tags that respond to radio waves. RFID tags are integrated circuits that include a small …

March 24th, 2020

Dynamic Code Analysis

Dynamic Code Analysis is a method used to analyze an application during its execution. This Dynamic Code Analysis process is often broken up into these steps: Preparing input data; Running …

March 24th, 2020

Voice over Internet Protocol (VoIP)

Voice over Internet Protocol (VoIP) is essentially a telephone connection over the Internet. The data is sent digitally, using the Internet Protocol (IP) instead of analog telephone lines. This allows people …

March 24th, 2020

Content Delivery Network (CDN)

A Content Delivery Network (CDN) is a geographically distributed group of servers that work together to provide fast delivery of Internet content. A CDN allows for the fast transfer of …

March 20th, 2020

Application Fuzzing

Application Fuzzing, originally developed by Barton Miller at the University of Wisconsin in 1989, is a testing method used to discover coding errors and security loopholes in software, operating systems …

March 19th, 2020

Application Proxy

An Application Proxy is one of the most secure firewall types that can be deployed. The application proxy sits between the protected network and the rest of the world. Every packet …

March 19th, 2020

Application Security Assessment

An Application Security Assessment is performed either manually or automatically, generally continuing throughout the software development life cycle. It will typically include focusing on using secure protocols, performing defined security …

March 19th, 2020

Dwell Time

Dwell Time is the amount of time threat actors go undetected in an environment. In other words, when a hacker intrudes into your network or systems, the dwell time is …

March 19th, 2020

Internet Protocol Security (IPSec)

Internet Protocol Security (IPSec) is a set of protocols that provides security for Internet Protocol using advanced cryptography. IPSec is similar to a Secure Socket Layer (SSL), except that SSLs …

March 6th, 2020

ssl cybrary term

Secure Socket Layer (SSL)

A Secure Socket Layer (SSL) is a security protocol developed by Netscape in the 1990’s for sending information securely (encrypted) over the Internet. Once upon a time, websites could only …

March 6th, 2020

Reverse Proxy

A Reverse Proxy is a server that sits in front of one or more web servers, intercepting requests from clients. This is different from a forward proxy, where the proxy …

March 5th, 2020

Web Application Firewall (WAF)

A Web Application Firewall (WAF) is used to protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web applications from attacks …

March 5th, 2020

Static Code Analysis

Static Code Analysis is the analysis of software code when the program is not running. The analysis of the running or compiled, executing code is called Dynamic Code Analysis. The …

March 4th, 2020

Coronavirus Advisory

Last Updated: Sun. March 8th, 2020 The Coronavirus (COVID-19), has infected nearly 90,000 people worldwide as of March 2, 2020, killing more than 3,000 of those infected. The virus started …

March 3rd, 2020

Hacking with Google Dorks

A Google Dork query, sometimes just referred to as a dork, is a search string that uses advanced search operators to find information that is not readily available on a website. Google dorking, …

March 2nd, 2020

Point-to-Point Tunneling Protocol (PPTP)

A Point-to-Point Tunneling Protocol (PTTP) is a networking standard that is used when connecting to a Virtual Private Network (VPN). VPNs are a way to create online privacy and anonymity …

March 2nd, 2020

Drive-By Download

A Drive-By Download is the unintentional download of malicious code to your computer or mobile device that may compromise your computer leaving you open to further attack by hackers. Many …

March 2nd, 2020