spirosgyros.net

Understanding Key Cybersecurity Principles for Developers (Part 5)

Written on

In this segment, we delve into 100 fundamental cybersecurity principles crucial for developing secure applications.

Note: This information is not intended to promote or encourage the misuse of these techniques against others.

Below are links to the previous sections:

  • 100 Essential Cybersecurity Concepts That Every Developer Must Know (Part 1: 1–10)

    Your go-to checklist for building secure applications

    levelup.gitconnected.com

  • 100 Essential Cybersecurity Concepts That Every Developer Must Know (Part 2: 11–20)

    Your go-to checklist for building secure applications

    levelup.gitconnected.com

  • 100 Essential Cybersecurity Concepts That Every Developer Must Know (Part 3: 21–30)

    Your go-to checklist for building secure applications

    levelup.gitconnected.com

  • 100 Essential Cybersecurity Concepts That Every Developer Must Know (Part 4: 31–40)

    Your go-to checklist for building secure applications

    levelup.gitconnected.com

41. Backdoor

A backdoor is a technique employed to circumvent the authentication system of a computer, allowing unauthorized remote access for the purpose of obtaining sensitive information or altering data. Backdoors are often linked with rootkits and trojan horses.

Learn about a notable backdoor found in Samsung Galaxy devices [here](https://www.zdnet.com/article/backdoor-in-samsung-galaxy-devices-allows-remote-access-to-data).

42. Fileless Malware

This type of malware operates directly from a computer's memory instead of relying on the file system. Fileless malware does not write to the disk and remains active until the system's memory is cleared or rebooted. Examples include Kovter and Powelike, which utilize manipulation of the Windows registry.

43. Brute Force Attack

A brute force attack involves systematically guessing a password by trying every possible combination of characters. The time required to crack a password escalates exponentially with its length.

44. Password Spraying

This method of attack attempts a single password across multiple usernames, helping to avoid lockouts that can occur when multiple incorrect passwords are entered for a single account.

45. Dictionary Attack

A dictionary attack involves testing passwords using a list of common words and their variations. It is a focused brute force method.

46. Salting

When storing passwords, they should not be kept in plaintext. Instead, they are hashed with a cryptographic one-way function, and this hash is stored. To enhance security, a random value known as salt is added to the password before hashing. This process ensures that even if two users have the same password, their salted hashes will differ.

Example: Consider two users with the same password "password". In a non-salted database, their hashed passwords would be identical. However, with salting, each user's hash will be unique due to different salts being applied.

47. Peppering

Similar to salting, peppering involves adding a secret random value, known as pepper, to passwords before they are hashed. Unlike salt, which can be stored with the hash, pepper must be kept secret and stored separately, often on secure hardware.

48. Rainbow Table Attack

This attack method utilizes precomputed tables of common passwords and their corresponding hashes. If an attacker gains access to a password database, they can use a rainbow table to quickly find matches, making the attack more efficient.

To prevent rainbow table attacks, consider using salting, peppering, multi-factor authentication, and OAuth 2.0.

49. Two-factor/ Multi-factor Authentication (2FA/MFA)

This authentication method requires users to verify their identity by providing evidence from two or more of the following categories: - User's secret (Password/PIN) - User's devices generating security tokens - User's location - User's inherent traits (face/voice/fingerprints)

50. Third-party Authenticator (TPA)

A third-party authenticator is an application that facilitates 2FA/MFA for other applications by providing a frequently changing code as proof of identity. Notable examples include: - Google Authenticator - Microsoft Authenticator - Authy

Thank you for reading! See you in the next segment!

  • 100 Essential Cybersecurity Concepts That Every Developer Must Know (Part 6: 51–60)

    Your go-to checklist for building secure applications

    bamania-ashish.medium.com

Share the page:

Twitter Facebook Reddit LinkIn

-----------------------

Recent Post:

Illuminate Your Nighttime Skincare Routine: Avoid These Errors

Discover the top 10 mistakes to avoid in your nighttime skincare routine for healthier, glowing skin.

Exploring Cherenkov Radiation: The Light Beyond the Limit

Discover the fascinating phenomenon of Cherenkov radiation, its creation, applications, and significance in various scientific fields.

A New Approach to Prime Number Detection with Python

Explore a novel method for identifying prime numbers using Python, including divisor functions and the prime counting function.

Navigating the Realities of Cryptocurrency Investment

Explore the essential traits for succeeding in the crypto market and the importance of patience and conviction.

# Government Actions Can Effectively Manage COVID-19 Spread

Government interventions can significantly reduce COVID-19 spread, as evidenced by Australia's effective measures and global comparisons.

Navigating the Quagmire of Legacy Code: A Developer's Journey

A humorous exploration of the challenges developers face with legacy code, highlighting the camaraderie that forms in the process.

Understanding the Health Impacts of Radiation Exposure

This article discusses the symptoms and health risks associated with radiation exposure, highlighting both short-term and long-term effects.

Understanding the Bond: An In-Depth Look at Wolf Brother

An exploration of the unique relationship between Torak and Wolf in the sixth chapter of Wolf Brother, highlighting their growing connection.