bg_image
header

Advanced Encryption Standard - AES

The Advanced Encryption Standard (AES) is a symmetric encryption technique used to secure data. It was developed by the National Institute of Standards and Technology (NIST) in the United States and officially recognized as a standard in 2001. AES replaces the outdated Data Encryption Standard (DES) due to its improved security and efficiency.

AES uses an algorithm that takes a message and a key as input and converts the message into an encrypted form. The recipient can then use the same key to restore the encrypted message. AES supports various key lengths, including 128, 192, and 256 bits, with 128 bits being the most commonly used key length.

Since AES is a symmetric encryption method, this means that the same key is used both to encrypt and decrypt the data. This makes AES fast and efficient for encrypting large amounts of data, making it a widely adopted standard for securing data in areas such as network security, database encryption, and data storage.

 


Created 10 Months ago

Heartbleed-Bug

The Heartbleed Bug was a severe security vulnerability in the OpenSSL library that was publicly disclosed in April 2014. OpenSSL is a widely-used open-source implementation of SSL/TLS protocols used for encrypting data transmissions over the internet.

The Heartbleed Bug allowed an attacker to retrieve sensitive information from a server's memory by sending specially crafted requests to a server using OpenSSL. This information could include private keys, user login credentials, and other sensitive data. The severity of the vulnerability lay in its ability to allow an attacker to intercept sensitive information unnoticed and without leaving a trace.

The security flaw was quickly publicized, and developers worked to patch OpenSSL to address the Heartbleed Bug. Website operators and service providers were urged to update their systems and reissue certificates to ensure the security of their data and that of their users.

Heartbleed underscores the potential risks posed by security vulnerabilities in critical open-source software projects and highlights the importance of swift responses and updates to ensure internet security.

 


Created 10 Months ago

Data Encryption Standard - DES

The Data Encryption Standard (DES) is a widely-used symmetric encryption algorithm developed in the 1970s. It was established as a standard for encrypting sensitive data by the U.S. government agency NIST (National Institute of Standards and Technology).

DES uses a symmetric key, meaning the same key is used for both encryption and decryption of data. The key is 56 bits long, which is relatively short and considered less secure by today's standards.

DES operates using a Feistel structure, where the input is divided into blocks and encrypted in a series of rounds. Each round employs a substitution-permutation network structure to manipulate the data, working with a portion of the key.

Despite its past widespread use, DES is now considered insecure due to its relatively short key length and advancements in cryptography, particularly in brute-force analysis. It has been replaced by more modern encryption algorithms such as Triple DES (3DES) and the Advanced Encryption Standard (AES).

 


Created 10 Months ago

Browser Exploit Against SSL TLS - BEAST

BEAST (Browser Exploit Against SSL/TLS) was a security vulnerability discovered in September 2011. This vulnerability primarily affected the TLS (Transport Layer Security) protocol, specifically the Cipher Block Chaining (CBC) encryption mode in conjunction with the SSLv3 and TLS 1.0 protocols.

BEAST allowed an attacker to eavesdrop on and decrypt encrypted traffic between a web browser and a server. This was achieved by exploiting a weakness in the way CBC encryption was implemented in SSL/TLS.

To protect against BEAST attacks, it was recommended to upgrade to newer versions of TLS and to use alternative encryption methods that were not vulnerable to this weakness. Many web servers and browsers also implemented patches to mitigate the impact of BEAST.

 


Created 10 Months ago

Padding Oracle On Downgraded Legacy Encryption - POODLE

POODLE (Padding Oracle On Downgraded Legacy Encryption) was a security vulnerability in the SSLv3 (Secure Sockets Layer version 3) encryption protocol, discovered in October 2014. This vulnerability allowed an attacker to eavesdrop on and manipulate encrypted traffic between a web browser and a server. The attack exploited a weakness in the way SSLv3 processed blocks of encrypted data with padding. By exploiting this vulnerability, an attacker could, under certain circumstances, steal sensitive information such as cookies.

Due to the severity of the vulnerability, security experts recommended disabling the use of SSLv3 and upgrading to newer and more secure encryption protocols such as TLS (Transport Layer Security). Many web servers and browsers removed or disabled SSLv3 support to protect against POODLE attacks.

 


Created 10 Months ago

Common Weakness Enumeration - CWE

CWE stands for "Common Weakness Enumeration." It is a standardized list of known security vulnerabilities and weaknesses commonly found in software applications and systems. Managed and maintained by the MITRE Corporation, a nonprofit organization, CWE serves as a reference for security professionals, developers, and organizations to identify, understand, and address vulnerabilities.

CWE contains several hundred entries, each with a unique number and description, categorized into various groups, including injection flaws, cross-site scripting (XSS), authentication issues, sensitive data exposure, and cryptographic weaknesses.

It serves as a valuable tool for risk assessment, security analysis, and software development, helping developers understand and mitigate security vulnerabilities before they can be exploited. CWE is often used in conjunction with other security standards and guidelines, such as the Common Vulnerability Scoring System (CVSS) and the OWASP Top Ten.

 


Created 10 Months ago

Obfuscation

Obfuscation is a process where the source code of a program is altered to make it difficult for humans to understand while maintaining its functionality. This is often done to protect the source code from reverse engineering or to make it more compact without affecting functionality. Techniques such as renaming variables and functions, adding unnecessary code, or altering the program's structure are used. Obfuscation is commonly employed in software development, especially in the creation of commercial software products or in providing software as a service (SaaS), to protect intellectual property and make unwanted manipulation more difficult


Created 10 Months ago

Firewall

A firewall is a network security device or software that monitors and controls incoming and outgoing network traffic based on predetermined security rules. It acts as a barrier between a trusted internal network and untrusted external networks, such as the internet, to prevent unauthorized access to or from the internal network.

Firewalls can be implemented in various forms:

  1. Network Firewall: This type of firewall is typically deployed at the perimeter of a network, such as between an organization's internal network and the internet. It examines packets of data as they pass through, filtering them based on predefined rules to allow or block traffic.

  2. Host-Based Firewall: Host-based firewalls are installed on individual computers or devices to control traffic at the device level. They provide an additional layer of defense by filtering traffic based on specific rules configured for that host.

Firewalls operate based on different filtering methods:

  • Packet Filtering: Packet-filtering firewalls examine packets of data as they pass through the network based on criteria such as source and destination IP addresses, port numbers, and protocols. They make decisions to allow or block packets based on predefined rules.

  • Stateful Inspection: Stateful inspection firewalls keep track of the state of active connections and use this information to make decisions about whether to allow or block traffic. They maintain a record of the state of connections, such as TCP handshakes, and only allow traffic that corresponds to legitimate, established connections.

  • Proxy Firewalls: Proxy firewalls act as intermediaries between clients and servers, intercepting and inspecting traffic before forwarding it to its destination. They can provide additional security by hiding the internal network's IP addresses and applying advanced security measures such as content filtering and application-layer inspection.

Firewalls are a fundamental component of network security and help protect against unauthorized access, data breaches, malware infections, and other cyber threats by enforcing access control policies and filtering potentially harmful traffic.

 


Created 11 Months ago

Intrusion Detection Systems - IDS

Intrusion Detection Systems (IDS) are security solutions designed to continuously monitor networks or computer systems and look for potential security breaches or attacks. The purpose of an Intrusion Detection System is to detect suspicious activities that may indicate an intrusion into a network or system, and subsequently trigger alerts or take actions to ensure security.

There are two main types of Intrusion Detection Systems:

  1. Network-based Intrusion Detection Systems (NIDS): These systems monitor the traffic within a network and look for anomalies or known attack patterns. They analyze packets being transmitted across the network to detect suspicious activities that may indicate an attack or security breach.

  2. Host-based Intrusion Detection Systems (HIDS): In contrast to NIDS, HIDS monitor activities on individual hosts or computers. They monitor system logs, file systems, and other system resources for signs of attacks or unusual behavior that may indicate a security breach.

An Intrusion Detection System can be either signature-based or behavior-based:

  • Signature-based IDS: These detect attacks based on pre-defined patterns or signatures of known attacks. They compare network traffic or system behavior to a database of known attack signatures and trigger an alert when matches are found.

  • Behavior-based IDS: These analyze the normal behavior of the network or system and look for deviations or anomalies that may indicate potential attacks. They operate on the principle that attacks often cause unusual activities that deviate from normal operational behavior.

Intrusion Detection Systems play a crucial role in monitoring and securing networks and computer systems by responding early to potential threats and detecting security breaches to take appropriate countermeasures.

 


Created 11 Months ago

HTTP-Amplification

HTTP Amplification is a term often used in the context of cyber attacks and internet security. It refers to a type of Distributed Denial of Service (DDoS) attack where the attacker uses HTTP requests to redirect excessive traffic to a server or website.

Essentially, the attacker exploits a variety of HTTP requests to overwhelm the server, making it inaccessible to legitimate users. This is often done by exploiting vulnerabilities in web server configurations or utilizing botnets to send a large number of requests.

The term "Amplification" refers to how the attacker "amplifies" the traffic by sending small requests, which are then responded to by the server in much larger replies. This can cause the server to expend a significant amount of resources processing these requests, rendering it unreachable for legitimate users.

To protect against HTTP Amplification attacks, web servers can be configured to limit requests or implement filters to identify and block suspicious requests. Additionally, Content Delivery Networks (CDNs) and DDoS protection services can be employed to monitor traffic and mitigate attacks before they reach the server.

 


Created 11 Months ago
Categories
Object-oriented programming 25 Applications 54 Design Patterns 20 Strategies 113 Continuous Integration - CI 2 Testing 9 Characteristic 44 Protocols 19 Communication 9 Data Structure 5 Version Control 6
PHP 50 Python 4 Ruby 1 TypeScript 3 JavaScript 22 Erlang 2 Java 3 General 3 Python 0 Go 3 Perl 2 Swift 1
NoSQL 9 Relational Databases 16 Concepts 4 General 5 Data Warehouse 2 Time Series Databases 1 Data Types 1
Terraform 1 Cloud Computing 12 Server 4 Network 26 Virtualization 3 Ansible 1 Architecture 7 Characteristics 2
Cascading Style Sheets - CSS 3 Leaner Style Sheets - LESS 1 Syntactically Awesome Stylesheets - Sass 1
Attack Methods 18 Security Mechanisms 12 Organisations 1 Famous Security Loopholes 3
HTML 3 XML 4 Extensible Hypertext Markup Language - XHTML 1 Markdown 1
CSS 1
Kuenstliche Intelligenz 5
SCRUM 5 General 1 Kanban 1 Extreme Programming - XP 1 Crystal 5 Dynamic Systems Development Method - DSDM 1 Feature Driven Development - FDD 1
Applications 2
Characteristics 3 Strategies 2 Applications 2
Tags
Semantic Versioning - SemVer 2 Number of entries with this tag Closed-Source 1 Number of entries with this tag Refactoring 4 Number of entries with this tag Asynchronous JavaScript and XML - AJAX 8 Number of entries with this tag Simple Storage Service - S3 2 Number of entries with this tag SQL-Injection - SQLI 3 Number of entries with this tag Cloud Computing 14 Number of entries with this tag Elastic Compute Cloud - EC2 1 Number of entries with this tag Hypertext Transfer Protocol Secure - HTTPS 18 Number of entries with this tag PSR-7 1 Number of entries with this tag DDL 5 Number of entries with this tag Release Please 2 Number of entries with this tag AB-Testing 1 Number of entries with this tag Fifth Normal Form - 5NF 1 Number of entries with this tag Community 15 Number of entries with this tag
Latest Article

Swift

in Category

DevelopmentProgramming LanguagesSwift

Created 2 Days 18 Hours ago
Random Article

Software Load Balancer

in Category

DevelopmentInfrastructureNetwork

Created 1 Year ago
Random Tech

Apache HTTP Server

apache_server.jpg