Patch comes later—attackers move now A zero-day exploit is a cyberattack on a system by a hacker that occurs on the same day that a weakness is discovered. It’s called a zero-day because the day on which hackers discover a new vulnerability is generally considered “day zero.” Organizations usually develop and releases a patch to fix the problem, but until that patch is installed, the hackers are free to exploit the weakness in whatever applications they can find. The race between software developers and hackers has created an industry of “zero-day sales” in which anticipated vulnerabilities are bought and sold
Tag: Web Development
Block rogue queries before they bite A SQL (Structured Query Language) injection attack occurs when an attacker injects a piece of SQL script in order to manipulate the SQL script running on a database-driven web-application in an attempt to access/modify/delete something within the database. It can even execute certain administrative scripts. The SQL injection attack is one of the most common attacks out there. Companies are getting hit by these attacks constantly. You’ve probably seen stories about user information getting posted on sites like PasteBin. Business Impact of a SQL Injection Attack The business impact can range widely depending on
Cut out the silent middle-man The man-in-the-middle attack is an appropriate term for this type of attack. The network traffic is routed through the attackers machine and the hacker can see unencrypted data as it passes through. How does man-in-the-middle attack work? The Man-in-the-Middle attack works by having the attacker inject their machine between two devices that are communicating with each other. Those two devices will send all of their packets to the attacker’s machine and the attacker will usually route the communication to the destination machine after sniffing out the contents of those packets. ARP (Address Resolution Protocol) Poisoning
Stop script injections cold Cross Site Scripting is a common vulnerability in web applications. It’s estimated that 60% of all websites are susceptible to this attack. What is cross site scripting (XSS)? Cross Site Scripting, or XSS, is a technique for injecting malicious code into another website. Persistent Cross Site Scripting Let’s say that an attacker is able to send a piece of JavaScript code through a form on a legitimate website that stores the malicious code within the database of the website. That JavaScript code can then wreak havoc on other users since that JavaScript code is then returned to the
Know the enemy within Malware is a type of malicious software that can infect your computer and infiltrate all of your data. It’s often used to steal personal information or spread other types of malware. The best way to protect yourself from malware is to keep up-to-date with security patches and always use antivirus software on your device. It’s estimated that the total cost of malware related cybercrime is at $6 trillion. Yes, trillion with a T. Read More. What is Malware? Malware is a type of software that can be used to damage or disable computers and computer systems. Malware
Don’t take the bait—spot phishing fast If you use email, you most likely heard about Phishing attacks. Although it sounds just like Fishing, it’s not as relaxing. If you’ve been phished, you’re going to have a bad day. If you caught a fish, you’re going to be smiling. Why call it phishing? The idea is that the hacker sends a baited email to the target user and hopes that the target takes the bait. Just like the bait in fishing is supposed to resemble something that the fish wants, the bait in phishing is masked as something that the user
When traffic turns into a weapon A Denial of Service (DoS) attack is when an attacker attempts to make a site unavailable to users by sending so much traffic to it that the site cannot respond. The idea is to disrupt the normal operations of a server or network with a cyber attack on that server or network. This cyber attack is coming from one source, such as the attackers computer. There are different types of DoS attacks, including a Distributed Denial of Service (DDoS) attack, which uses multiple sources to attack a network or server. Recently, nearly all DoS
Data security’s three unbreakable pillars The CIA triad is an important security principle. It’s known as the “three-legged stool” because it ensures data confidentiality, integrity, and availability. Data must be protected from unauthorized access at all times. If any one leg of your stool is breached, then you have to replace it with another one that meets the same security standards as the first one did before you can continue operating effectively in this new environment where there are now multiple potential threats that could compromise your business operations and/or personal information security. The CIA triad is an important security
Write, run, repeat Now, I know that we’ve already covered a Python script in the previous article, but that was used simply for testing in order to set our environment up. We’re here to learn Python, so lets take a step back and do this the right way. I like themes with my series, and here are a few that I was thinking about following: Cars (always my favorite) Doom and destruction (seems appropriate with all the AI warning signs going off) Just pure fun (sometimes I go overboard) I think we’ll stick to cars. My hope is to not
Debug inside the container—directly from PyCharm In the previous article, we looked at setting up Python with Docker. We skipped all of the environment headaches. If you’re using PyCharm, you might have noticed that everything is underlined red, like your code is broken. Let’s fix that with Docker again. https://www.dinocajic.com/python-p1-getting-started-with-python-and-docker-compose/ Open up PyCharm and go to your interpreter. It should be at the bottom right of your screen. Select Add New Interpreter and then Docker. We already have a Dockerfile inside of our project so we can simply leave the settings as is. If you don’t see Docker on