itws04

avatar
Created by
niki

Cards (66)

  • Cookies
    Small pieces of data sent from a website and stored on the user's device (usually within their web browser) while the user is browsing
  • Session cookies

    • One of the biggest security and privacy issues with HTTP
  • HttpOnly flag

    A security attribute that can be set on a cookie by a web server, preventing the cookie from being accessed through client-side scripting languages such as JavaScript
  • Secure flag

    A security attribute that can be set on a cookie by a web server, ensuring the cookie will only be sent over secure HTTPS connections
  • Encryption
    A way of scrambling data so that only authorized parties can understand the information
  • Ciphertext
    Incomprehensible text resulting from the encryption process
  • For encryption to be truly secure, it needs to use keys that are complex enough so that it's highly improbable for a third party to decrypt or crack the ciphertext through brute force
  • Cryptographic key
    A string of characters used within an encryption algorithm for altering data so that it appears random
  • Reasons why data encryption is necessary

    • Privacy
    • Security
    • Data integrity
    • Authentication
  • Symmetric encryption

    The same key is used for both encryption and decryption
  • Asymmetric encryption
    Uses a pair of keys: a public key and a private key
  • RSA algorithm
    An asymmetric encryption algorithm that uses a key pair to encrypt and decrypt data
  • CAPTCHA
    Completely Automated Public Turing Test To Tell Computers and Humans Apart, a test to determine whether the user is a real human or a spam robot
  • CAPTCHA
    • Computers struggle with human languages due to their complex rules and slang
  • reCAPTCHA
    A more advanced CAPTCHA service developed by researchers at Carnegie Mellon University and acquired by Google in 2009
  • CAPTCHA
    A test employed by websites to distinguish humans from bots during registration and prevent spamming
  • reCAPTCHA
    A free service by Google that replaces traditional CAPTCHAs, using real-world images like street addresses, book text, and newspapers to make it harder for bots to decipher
  • Types of reCAPTCHA
    • Checkbox reCAPTCHA or No CAPTCHA
    • Image reCAPTCHA
    • Invisible reCAPTCHA
    • reCAPTCHA v3
  • Site Key

    A unique identifier provided by Google reCAPTCHA, embedded in the HTML of web pages, used to invoke the reCAPTCHA service on the client-side
  • Secret Key

    A unique identifier provided by Google reCAPTCHA, kept confidential and securely stored on the server-side, used for communication between your server and Google's reCAPTCHA service and for server-side verification of reCAPTCHA responses
  • Authentication
    A process that verifies a user's identity when accessing a system, network, or device
  • User Authentication Methods

    • Password-based authentication
    • Multi-Factor Authentication (MFA)
    • Certificate-based authentication
    • Biometric authentication
    • Token-based authentication
  • Authorization
    A process by which the server determines whether the client has permission to use a resource or to access a file, controlling access levels and privileges for users or clients
  • Logging
    A process that records the date and time of user activity and interactions within a system, aiding in identifying actors for each event
  • Session Hijacking

    attackers intercept cookies to take over user sessions, accessing sensitive data or performing unauthorized actions
  • Lack of Encryption 

    cookies are transmitted in plain text vulnerable to interception by malicious actors, facilitating unauthorized access
  • Full Access to Account

    compromised session cookies grant attackers complete account access, risking exposure of sensitive information and malicious activities
  • Cross-Site Scripting Vulnerabilities

    attackers inject malicious scripts into web pages, stealing session cookies to hijack user sessions and perpetrate further attacks
  • Privacy
    Encryption ensures that only authorized individuals can access communications or stored data. This prevents unauthorized access by attackers, advertisers, Internet Service Providers (ISPs), and potentially governments
  • Security
    By encrypting data during transmission or while at rest, encryption helps prevent data breaches. Even if a device is lost or stolen, properly encrypted data remains secure. Encrypted communications also enable the safe exchange of sensitive information between parties without risking data leakage
  • Data Integrity

    Encryption helps safeguard against malicious tampering during data transmission. When data is sent over the Internet, encryption ensures that it remains unchanged and has not been tampered with en route, protecting against on-path attacks
  • Symmetric Encryption

    the same key is used for both encryption and decryption.
  • Caesar cipher

    One of the simplest and most basic forms of symmetric encryption that can be done manually
  • Asymmetric Encryption

    uses a pair of keys: a public key and a private key
  • RSA Algorithm

    is an asymmetric encryption algorithm that uses a key pair to encrypt and decrypt data
  • Checkbox ReCAPTCHA

    In some reCAPTCHA tests, users are prompted to check a box next to the statement "I'm not a robot." However, the actual test isn't just Symmetric Encryption Algorithms Asymmetric Encryption Algorithms DES (Data Encryption Standard), Triple DES, IDEA (International Data Encryption Algorithm), RC5 (Rivet Cipher 5), AES (Advanced Encryption Standard), Blowfish, Twofish, SNOW, Caesar cipher RSA (Rivest-ShamirAdleman) ECC (Elliptic Curve Cryptography) clicking the checkbox; it's the actions and behavior leading up to that click.
  • Image ReCAPTCHA

    Presents users with 9 or 16 square images, requiring them to identify images containing specific objects like animals or street signs. Introduced in 2012, it uses real images from the Google Street View Project. If the user's response matches the consensus of other users, they pass the test.
  • Invisible reCAPTCHA

    Verification occurs in the background and no challenges are displayed at all if the user is deemed to be of low risk.
  • ReCAPTCHA v3

    The score represents the likelihood that the request came from a bot. A score close to 0 indicates a high likelihood of bot activity. Conversely, a score close to 1 suggests a higher likelihood of human interaction
  • Site Key
    It is embedded in the HTML of web pages. It is a public key used to invoke the reCAPTCHA service on the client side. It allows Google to identify and provide verification challenges to users interacting with the website.