About Us Contact Us
Home About Services Solutions Industries Knowledge Blog Contact
Hit enter to search

Things you must know before diving into information security

22/04/2019

Ever thought of starting your career in the security field??

Or let's say you want to attend a workshop or a conference or information security event, so I suggest that you go through the following list of basic words that will help you understand better so that during a meeting or workshop you don't get lost or blank.

You can also go through our first post “Guide to Cybersecurity” before proceeding with this article where we given a small introduction or insight into Cybersecurity.

WWW:

It's a simple World Wide Web abbreviation, The Web. All users who use HTTP are linked to each other globally. The WWW is one of the network's many features.

It is based on technology as follows:

  • Web server
  • HTML
  • HTTP
  • and a Web Browser

HTTP & HTTPS:

HTTP is the Hyper Text Transfer Protocol and HTTPS stands for HyperText TransferProtocol Secure which are merely application protocols that guide the network to determine how to show the documents to you. HTTPS sends data in an encrypted form, ensuring the data will not be sent in plain text. To view the files, such protocols require a web browser. HyperText is a text with a connection with a web address to another text or document. There are many other protocols, so if you are more interested, I'm sharing a small list of protocols here.

SSL:

SSL is Secure Socket Layer, a cryptographic protocol that guarantees that data is transmitted to the destination server from a client without any data manipulation and remains integral. Check this link to know about SSL's work.

Kernel:

A kernel is a hardware-managed computer program that transmits the operation to be performed for the OS. Here you can find the directory for the Linux kernel as Linux is Open Source, you can find the code. Modifying a kernel correctly will add some new features to your operating system.

Linux:

Linux is a Linus Torvalds-created operating system. He developed Linux from a kernel because you don't get anywhere with a kernel by itself. You need a shell, compilers, a library, etc. to get a working system.

Linux is an open source distribution under the licenses of GNUv2 and GPL.

Shell:

A shell is a user interface used to communicate with your operating system. This needs to deal with different commands. There are many shell forms like Cshell, the shell of Bourne, and the shell of Korn. It is a part of the user's command center that operates on the user's input. It checks whether or not the command is true. If valid, the commands will be sent to another part of the process.

Linux Distributions:

Also known as Linux Distro, Linux distributions are different Linux Os based on different DE(Desktop Environment) loaded with the Linux kernel developed by the program. Kali, SamuraiSTF, and Blackbuntu are among the Linux distros that measure penetration.

Vulnerability:

A vulnerability is a weakness in a web application, a network protocol, a cartography algorithm, a lock, or a safe.

Exploit:

It is called manipulation to take advantage of this weakness. Using that vulnerability is called Exploitation when breaking into the system or anything. It's not always important to exploit a vulnerability. Exploitation can be in any form, like any programming language or can be a video or step by step procedure. This is Exploit or generally called a POC(Procedure Of Conduct).

Payload:

Activities performed after a device has been abused are called payload. A payload is again an application with exploit code so as soon as an exploit succeeds the payload takes the lead and begins its function like linking the system back to the attacker or running a virus or just hiring the credentials. The payload depends entirely on what the attacker wants to do.

Penetration Testing:

It is a way of testing the security of a web application or network or device that validates and verifies the security mechanism that is applied on it.

This does not only include the above, but it is also necessary to make a detailed report.

CVE:
CVE stands for "Common Vulnerabilities and Exposure," maintaining the list of documented vulnerability and maintaining it with a common ID that would help to identify the vulnerability.

The main objective is to standardize the names of the vulnerabilities that are publicly known.

You can get more information about lots and lots of security-related terms that I share:
OUSPG
NIST[PDF]
Sans Glossary

This post was cited from http://securedose.blogspot.com whose original author is Bhashit Pandya

So that’s for now. See you next time.