https://padlet.com/92019797/f082k4py3338 en-us 2019-01-29 23:29:07 UTC 2019-03-01 10:13:58 UTC hello@padlet.com https://padlet-assets.s3.amazonaws.com/icons/File.png 92019797 https://padlet.com/92019797/f082k4py3338/wish/325655044 Term to describe a user and how exposed they are to the attacks. It identifies the sum of all the different points where an attacker can enter/extract data in a system that contains vulnerabilities. The goal in application security is to reduce the attack surface as much as possible. An example is that open ports on a server without a firewall will result in all the ports being the attack surface. Using a firewall will reduce the attack surface.]]> 2019-01-29 23:35:22 UTC https://padlet.com/92019797/f082k4py3338/wish/325655044 92019797 https://padlet.com/92019797/f082k4py3338/wish/325655073 Availability is the security model that strives to make information accessible to authorized users whenever it is needed, or at agreed times. An attacker hinder availability by using a Distribute Denial of Service (DDoS) attack on a web server, resulting in legitimate users being unable to access the website.

]]> 2019-01-29 23:35:35 UTC https://padlet.com/92019797/f082k4py3338/wish/325655073 92019797 https://padlet.com/92019797/f082k4py3338/wish/325655092 Confidentiality is the security model that strives to protect sensitive information from being accessed by unauthorized users. It applies a set of rules that limits the access of information. An example of a method that establishes confidentiality is two-factor authentication, where it limits access with an additional security layer.

]]> 2019-01-29 23:35:42 UTC https://padlet.com/92019797/f082k4py3338/wish/325655092 92019797 https://padlet.com/92019797/f082k4py3338/wish/325655134 Authentication
Authorisation
Validation
Error Handling]]> 2019-01-29 23:35:54 UTC https://padlet.com/92019797/f082k4py3338/wish/325655134 92019797 https://padlet.com/92019797/f082k4py3338/wish/325655198 Logging is the process of keeping a record of events of an application. It is used to track security related information and events of a system and to hold users accountable for their actions. An example is the internet connection firewall security log that tracks users firewall activity.]]> 2019-01-29 23:36:21 UTC https://padlet.com/92019797/f082k4py3338/wish/325655198 92019797 https://padlet.com/92019797/f082k4py3338/wish/325655229 exploit
compliance 
cyber-security 
data breach
incident response
likelihood
risk
security threat
threat actor
vulnerability
weakness

]]> 2019-01-29 23:36:32 UTC https://padlet.com/92019797/f082k4py3338/wish/325655229 92019797 https://padlet.com/92019797/f082k4py3338/wish/328487422 Term used to describe the route that the attack used to give access to an unauthorized user. This is done by exploiting identified vulnerabilities. For example, an attacker uses email attachments as an attack vector to sends malicious files to naive users. ]]> 2019-02-06 20:31:43 UTC https://padlet.com/92019797/f082k4py3338/wish/328487422 92019562 https://padlet.com/92019797/f082k4py3338/wish/329641995 A negative or bad thing that has the possibility of happening to one or multiple things.  Who or what can cause this negative thing to occur. (there are multiple threats on the internet, having a firewall is one way of reducing the number of threats.)

]]> 2019-02-10 19:45:21 UTC https://padlet.com/92019797/f082k4py3338/wish/329641995 92019562 https://padlet.com/92019797/f082k4py3338/wish/329642103 Negative effect on something of value.  risk = chance negative effect x value, the greater the chance to the negative effect the greater the risk, or value and chance. (it is a risk to not have systems with strong passwords, for systems of no real value, you could say this is a low risk to you, however if the systems include very sensitive data, the risk to you could be high)

]]> 2019-02-10 19:46:06 UTC https://padlet.com/92019797/f082k4py3338/wish/329642103 92019562 https://padlet.com/92019797/f082k4py3338/wish/329642168 Ability of system to ensure access to its resources or what it contains.  It’s not just about being able to access the data now, it can include plans to get systems back up and running in the event of failures and also encompass ways of keeping systems running.  These all together are included by availability.

]]> 2019-02-10 19:46:33 UTC https://padlet.com/92019797/f082k4py3338/wish/329642168 92019562 https://padlet.com/92019797/f082k4py3338/wish/329642234 Being true and correct, a system has to ensure that it is providing the correct data.  Not just any data.  The data should be protected from unauthorised access, as this could mean another party is able to modify the data.  The data has to be protected from other forms of corruption also.  So checks need to be put in place, like error checking when data is transferred.

]]> 2019-02-10 19:46:56 UTC https://padlet.com/92019797/f082k4py3338/wish/329642234 92019562 https://padlet.com/92019797/f082k4py3338/wish/329642530 Open Web Application Security Project - an online community that creates and produces resources that relate to web application security. Started in 2001, they produce such things as the top 10 security risks that developers, IT professionals and organisations have to be aware of ]]> 2019-02-10 19:49:07 UTC https://padlet.com/92019797/f082k4py3338/wish/329642530