Career in Cybersecurity

  • Security analyst → explore and analyst the company environment for identifying the threat and give some recommendation to engineer for securitising the IT and the data of the company.
  • Security engineer → develop and implement security solution for protecting data against the threats
  • Incident responder → Incident responders respond productively and efficiently to security breaches
  • Digital Forensics Examiner → collect digital evidence while observing legal procedures and analyse digital evidence to find answers related to the case
  • Malware analyst → discover malware to a system corrupted and report about their findings. It’s a reverse-engineering and they need to break the program
  • Penetration tester → It’s a ethical hacking and they might to try to break the environment for testing the security and they need to identify the risk and the vulnerability of the systems
  • Red teamer → they are like the penetration tester, but they are like a hacker, so, they try to test the company how they react when they identify an attack against their environment. So, the red teamers identify the response and the capabilities of the company.

Web Application security

  • Identification refers to the ability to identify a user uniquely.
  • Authentication refers to the ability to prove that the user is whom they claim to be

Security

  • Confidentiality: You want to ensure that secret and private files and information are only available to intended persons.
  • Integrity: It is crucial that no one can tamper with the files stored on your system or while being transferred on the network.
  • Availability: You want your laptop or smartphone to be available to use anytime you decide to use it.

Common attacks

  • DDoS attack
  • Malware/Ransomware/Trojan
  • SocialEngineering
  • XSS (Cross Site Scripting)
  • SQL Injection
  • Phishing
  • DNS Tunneling/Spoofing
  • Session hijacking
  • Insider threats
  • Drive-by attacks
  • Birthday attack
  • MITM attacks
  • Cryptojacking
  • Exploits
  • Brute-force attacks
  • Juice jacking

Vulnerability attacks

  • Reflection attacks
  • Buffer overflow
  • Memory leak

Juice jacking

Compromise the victim devices like smartphones or tables when it's connected to an USB port for charging the device, for instance at the airport. When the victim connect the device to the public USB, a malware can be installed to the device and extract data. For avoiding that, we may to use a external battery for charging the device and to not use public USB port or to use a USB Data Blocker.

References

  • https://www.fortinet.com/resources/cyberglossary/types-of-cyber-attacks
  • https://www.csis.org/programs/strategic-technologies-program/significant-cyber-incidents