Security controls are the measures taken to safeguard an information system from attacks against the CIA of the information system. Security controls are selected and applied based on a risk assessment of the information system. The risk assessment process identifies systems threats and vulnerabilities, and then security controls are selected to reduce or mitigate risk.Continue reading “Security Controls”
Tag Archives: cybersecurity
CISSP
Certified Information Systems Security Professional The following certification is structured in 8 different domains: Security and Risk Management Asset Security Security Engineering Communication and Network Security Identity and Access Management Security Assessment and Testing Security Operations Software Development Security Certification Path Minimum of 5 years of work experience in any 2 domain mentioned above. IfContinue reading “CISSP”
Security and Risk Management
Information Security Management Information security is the process of protecting information and information systems from the following: Unauthorized disclosure, access and use Destruction Deletion Modification Disruption Factors that impact information security Technology Platforms and tool used Network Connectivity Level of IT complexity New or emerging security tools Operational support for security Business Plan and EnvironmentContinue reading “Security and Risk Management”
Basic Pentesting
Task 1 – Web App Testing and Privilege Escalation In these set of tasks you’ll learn the following: Brute forcing Hash cracking Service enumeration Linux Enumeration The main goal here is to learn as much as possible. Find the services exposed by the machine: Use “nmap” to find out what services are running on theContinue reading “Basic Pentesting”
OWASP TOP 10
OWASP stands for Open Web Application Security Project is a non profit organization that works on the improvement of security of software. They publishes report outlining security concerns for web application security focusing on top 10 most critical risks at free of cost. OWASP TOP 10 2017 report as follows: Injection Broken Authentication Sensitive DataContinue reading “OWASP TOP 10”
API Testing
Introduction to API API stands for Application Programming Interface that acts as middle man whose job is deliver the data with the client and server for data exchange. Basically it acts as a medium of communication between two entities. Types of API REST API SOAP API Properties of secure API An API should provide expectedContinue reading “API Testing”
Required Programming Languages
Importance of Programming in cyber security Many people enter in this domain of cyber security thinking it as an escape to programming or coding. But my friend let me tell you when you start writing your own exploits you may be required to know some programming or to find any loophole in the code ofContinue reading “Required Programming Languages”
Linux-1
Linux is an open source operating system made by Linus Torvalds by Linux distribution. Why use Linux? Linux is free on cost, it is an open source platform. Unlike windows linux is highly customizable and secure to use. Basic Commands Echo It is used to display the text or echo the text written after it.Continue reading “Linux-1”
