Key Concepts

Review core concepts you need to learn to master this subject

Security Principle: CIA Triad

One of the most important security principles is the CIA triad, which stands for Confidentiality, Availability, and Integrity.

OWASP Top 10
Lesson 1 of 1
  1. 1
    The OWASP Top Ten is a project maintained by the Open Web Application Security Project (OWASP). OWASP is a respected authority in the field of web security…
  2. 2
    A hacker stares at a textbox on their screen, finger hovering over the enter key. In the input box is a malicious query. They hit the enter key, and the website freezes for a moment before disp…
  3. 3
    The owners of the website made an effort to secure it, but security is only as strong as its weakest link. In this case, the weakest link was a “temporary” admin account that was created for use on…
  4. 4
    When data breaches happen, that’s not the end of the story. The stolen information gets sold and resold on the dark web, often ending up in sets of personal information known as fullz. Fullz cont…
  5. 5
    Computers take things very literally; give them an instruction and they’ll follow it exactly, even when it’s not actually what you wanted. Servers are computers that have been instructed to respond…
  6. 6
    We know not to trust user input, but the website doesn’t necessarily know not to trust user input. The webpages themselves were made securely, but none of the engineers ever bothered to ask “Isn’t …
  7. 7
    All the security software in the world won’t protect you if it isn’t properly configured. When the attacker started trying injection attacks, the alarms remained silent. When the attacker opened a …
  8. 8
    When a malicious hacker found a cross-site scripting vulnerability in a popular social media platform, they couldn’t pass up the opportunity: They crafted a self-sharing post that would rapidly spr…
  9. 9
    If there’s only one thing you take away from this lesson, let it be “Don’t trust user input”. Especially if that user input will interact directly with your server. Serialization is the process of…
  10. 10
    When it comes to vulnerabilities, the unknown is scary, but sometimes it’s the known you have to worry about. If an attacker wants to attack you with a new vulnerability, the attacker first has to …
  11. 11
    In security, knowledge is power. Knowing what’s going on within a system is important for detecting, preventing, and responding to attacks. Early detection can mean the difference between an incide…
  12. 12
    In summary, the OWASP Top Ten consists of: * Injection: An attacker “injects” malicious code into an interpreter, usually through an input field, in order to gain access to information or damage a …