The reality of modern information security in enterprises around the world. Understanding the common keywords used in the info-sec industry that are used in conjunction with that complicated WAST. OWASP Top 10 Authentication You are trying to go to the construction site and introduce yourself to the watchman by your name, and then go inside. This is . Before you go inside, you have to show your identity card to the watchman. This is . identification authentication 2-step verification / 2-factor authentication You are forced to show the watchman your identity card and further, the watchman asks for a registered cell phone number that he verifies in the system and sends an OTP over the same. This is . 2-Step Verification Multi-factor authentication The watchman requires not only an identity card and valid cell phone number but also a separate government identity card. Similarly having more than +2 unique methods of identification verification is called This is . multi-factor authentication. multi-factor authentication MFA / Multi-factor authentication Authorization Token / Cookie / Session token You go to a music concert and show a valid purchased ticket at the entry point for verification. Post verification of the ticket the host ties a ribbon in your hand. This is called an Authorization Token / Cookie / Session token. Authorization Token / Cookie / Session token. Impersonation / Session Impersonation When a person forges someones else access card to enter the place, hence, by using someone else identity the watchman permits the person to go inside. This is . impersonation impersonation https://www.youtube.com/watch?v=v1Y4CubBi60&feature=youtu.be Similarly in an organization, the employer provides their employees/stakeholders/guests an access card that is used to access the respective areas/cabins. These access cards can be . This is called cloned session impersonation. Proxmark3 Session Hijacking Some hacker ripped off someone else’s badge and showed it everywhere. This is . session hijacking Session hijacking Session Fixation He also put a copy of the badge with his identifier on the watchman and waited until he gave it to you. This is session fixation. Session fixation Privacy & Anonymity You stomped on the newly poured floor, leaving no traces on it, and no one except you knows that it happened at all. This is . privacy Privacy & Anonymity You stomped on the newly poured floor and left traces on it, but no one knows which hacker did it. This is . anonymity Logging (Apache Web Server Logs) & Flashback logging The watchman wrote down the date and time of your arrival and departure in the journal. This is . logging Apache Web Server Logs The watchman follows you on your heels and records all your actions in general. This is . flashback logging Threat You’re at a construction site, and there is a chance of a brick falling on your head. This is a . threat SIEM / Correlation of events / SOC Monitoring tool The caretaker made an entry in the journal that a couple of days ago some work with the same surname as yours got a job at their construction site. This is a . correlation of events Windows event During the , the watchman periodically presses the button, after which the siren starts shouting, the red lights flash, and the entire staff takes off into the basements, laying bricks. This is . The head for this finally told the watchman to take note of such events and if observed again then alert him. This is an update of the correlation of events SIEM SIEM event correlation rules. Splunk Dashboard Splunk is a tool used for real-time monitoring of such event correlation. This is a SOC Monitoring tool. Threat model Before the construction of a site begins, a 3D model is created. Timelines to construct that site are calculated. All other important risk factors and benefits are discussed before the construction begins. The business output in terms of sales revenue in the future market is also calculated. Examples of similar projects in the same geo-located areas are taken as an example for calculation. In the end, if due to any natural calamity or any other factor, if the construction is frozen then the business dependency is also calculated. As this construction site shall not have an impact on other ongoing projects. Threat model Continue reading . Part II If you’re new to infosec or have been into infosec and planning to switch paths, then this will help you understand different keywords and job roles available in an organization. Based on the area you liked more and further wish to dig deeper then my will help you understand the different job roles names that are given by an organization to hire candidates. This will provide you with more clarity on what career path to choose. next blog

Apache

YouTube

Read My Stories

Too Long; Didn't Read

Questions about cloud security? Get answers here.

Explaining Info-Sec in Layman's Terms [Part I]

Too Long; Didn't Read

Companies Mentioned

Dhanesh Dodia

About Author

TOPICS

THIS ARTICLE WAS FEATURED IN...

Explaining Info-Sec in Layman's Terms [Part I]

Too Long; Didn't Read

Companies Mentioned

Dhanesh Dodia

About Author

TOPICS

THIS ARTICLE WAS FEATURED IN...

RELATED STORIES