Structured Query Language (SQL) is the programming language used to manage data in a database; more appropriately, a relational database management systems(RDBMS).
The types of management systems that employ StructuredQuery Language include Microsoft SQL Database, Oracle, MySQL, and PostgreSQL.
SQL Injection-is a code injection technique, used to attack data driven applications, in which malicious SQL statements are inserted into an entry field for execution
A simple example to get basic table name information would be the following: Select * from table name
Cookies: are small files which are stored on a user’s computer. They are designed to hold a modest amount of data specific ( user name, password, browsing preferences, etc.) to a particular client and website, and can be accessed either by the web server or the client computer.
Buffer Overflow : Moving data around in memory without properly checking its size or giving the program more than the developers of the program allocated for it.
Cross Site Scripting (XSS): is a security exploit in which the attacker inserts malicious coding into a link that appears to be from atrustworthy source. When someone clicks on the link, the embeddedprogramming is submitted as part of the client’s Web request and can execute on the user’s computer, typically allowing the attacker to steal information.
Password Guessing attack: Find user ID, Create list of possible password, and Try each of them until you get access
Password Cracking: Determine a password when you have the password file with cipher text; Find user ID, Find encryption/Hash algorithm, Obtain encrypted/Hashed password, Create list of possible password, Encrypt password, and Found out whether they match
A rainbow table is used to attack a hashed password in reverse. I have a table with possible hashes/ cipher text with corresponding password. I compare these hashes/ cipher text to hashes/ cipher text from the victim machine.
Dictionary attack: Using a list of word found in the dictionary
Brute force Attack: A brute force attack is Usually combine letter, symbols, special characters and numbers . In theory, brute force attack will discover the password, however, it could take very long to try all possible combinations.
Example: In this case the dictionary attack will try to use a list of common used PIN codes such as: 0123, 2000, 4444 and so on (see the list of most common pin codes).Conversely, a brute force attack will try all possible PIN codes which means it will try 10^4 = 10000 times until it finds the right PIN code with probability 100%. (4 because we have 4 digits and 10 because each digit can be any value between 0 and 9)
Policy-High level objectives by Senior Management
Program Policy-Organization
Issue Specific- Email
Specific(system)-Technical
Standard-Mandatory
Procedure-Step by Step instruction
Guideline– When no standard exists
Cryptography is most often associated withscrambling plain text(ordinary text, sometimes referred to as clear text) into cipher text(a processcalled encryption), then back again (known as decryption).
The three types of algorithms used for cryptography are:o