terminology – Page 5 – WindowsTechs.com

Textbook uses terminology like Double/Single Bastion Inline/T to describe firewall architectures. Are these terms used in professional environments?

Posted on November 7, 2020 by desertpancake

I apologize for the weird wording of the question title, I was hitting the character count.
I am taking a network security course in college and the textbook we use, Network Security Essentials: Applications and Standards 6th Edition by Wi… Continue reading Textbook uses terminology like Double/Single Bastion Inline/T to describe firewall architectures. Are these terms used in professional environments?→

Is there a term for vulnerabilities the need ‘help’ from target vs vulnerabilities that can be exploited with no actions from the target?

Posted on October 17, 2020 by Alex V

I’m making a guideline for a bug bounty program and want to distinguish between bugs that require some kind of action on the target’s behalf (eg clicking a suspicious link), vs vulnerabilities that can be exploited without any actions from… Continue reading Is there a term for vulnerabilities the need ‘help’ from target vs vulnerabilities that can be exploited with no actions from the target?→

What is cybersecurity landscape? [closed]

Posted on October 15, 2020 by Azumi-san

What does "cybersecurity landscape" mean?
Is it a cyber threat trend?

Continue reading What is cybersecurity landscape? [closed]→

Is using URL parameters together with body parameters in a POST request a defined security anti-pattern?

Posted on October 10, 2020 by Demento

It is technically allowed by many programming languages to supply parameters in POST requests as part of the URL, similar to a GET request. You can do this in addition to supplying parameters in the body of the POST request at the same tim… Continue reading Is using URL parameters together with body parameters in a POST request a defined security anti-pattern?→

Difference between Attack Pattern and Attack Vector

Posted on October 6, 2020 by Jorge Guerra

I am learning about InfoSec and I always found these two terms
Attack Pattern

an attack pattern is an abstraction mechanism for describing how a
type of observed attack is executed

Attack Vector

a method or pathway used by a hacker to a… Continue reading Difference between Attack Pattern and Attack Vector→

Threat / Adversary / Trust / Security model, what is the difference?

Posted on October 2, 2020 by Lavender

In order to design and develop a secure system it is important to formulate a threat/adversary/trust/security model for the corresponding system to be able to evaluate the proposed system and help others to know if it is suitable in th… Continue reading Threat / Adversary / Trust / Security model, what is the difference?→

How do DAST and penetration testing compare?

Posted on September 15, 2020 by Martin Thoma

DAST is short for dynamic application security testing whereas SAST is static application security testing.

SAST is white-box testing while DAST is black-box testing, meaning SAST can (does?) use more information.
DAST tools are not langu… Continue reading How do DAST and penetration testing compare?→

What’s the term for a hash sent early and plain text revealed later?

Posted on July 25, 2020 by Thomas Weller

I think there is a known pattern where you post the hash of a document, e.g. on Twitter, in order to have its time registered. You could then later publish the document and have it accredited for the time of the hash.
I’m sure someone gave… Continue reading What’s the term for a hash sent early and plain text revealed later?→

MSTG-ARCH-7: All security controls have a centralized implementation

Posted on July 23, 2020 by A security researcher

In the OWASP Mobile Application Security Checklist there is a requirement MSTG-ARCH-7 which reads: "All security controls have a centralized implementation".
Now I’m struggling a bit by what is meant with "centralized implem… Continue reading MSTG-ARCH-7: All security controls have a centralized implementation→

Hackaday Links: July 19, 2020

Posted on July 19, 2020 by Dan Maloney

Care to flex your ethical hacker muscles? The Defense Advanced Research Projects Agency, better known as DARPA, is running its first-ever bug-bounty program. The event is called “Finding Exploits to Thwart Tampering”, or FETT — get it? Bounty hunter? Fett? — and is designed to stress-test security hardware developed through …read more

Continue reading Hackaday Links: July 19, 2020→