Current Events
The combination of sensitive information about a user such as email, address, phone number, SSN
What is Personally Identifiable Information (PII)?
The team responsible for architecture reviews, code reviews, and internal pen testing
What is Application Security?
A way to manipulate the database queries to return unintended data or actions to an unauthorized user.
ex: ' OR 1=1; --
What is SQL injection?
TV show about a socially anxious, clinically depressed, drug addict cyber security engineer by day and a hacker by night
What is Mr. Robot?
Major company with 8 known zero-day exploits this year so far
What is Google?
The team that releases bi weekly cyber security news letters to all Reveal employees
What is the TVM (Threat Vulnerability Management) team?
An organization that releases a list of the top 10 most critical security risks to web applications
What is OWASP?
A fruity physical device that uses a rogue access point to perform man in the middle attacks on public wifi networks
What is a Wifi Pineapple?
The day Microsoft, Oracle, Adobe, and other major brands release security updates for their software
What is Patch Tuesday?
The name of the Jira project where general security inquiries go
What is Infosec Revealed (IR)?
An exercise in which security-minded engineers diagram potential attacks on a system's architecture in order to preemptively add safeguards and countermeasures
What is Threat Modeling?
A usb-style device that presents itself as a trusted keyboard to a computer, but executes malicious keystrokes and scripts on a victim's device
What is a Rubber Ducky?
Major product brand that has recently suffered attacks because sending an email with a forged address is easier than previously thought through forward-based spoofing
What is Microsoft Outlook?
The target timeframe for mitigating a Medium security vulnerability
What is 90 days?
A method of attack where a bad actor sends malicious code to a user that is executed in the browser. Most commonly client-side javascript.
ex: <script>src="http://badwebsite.com/badscript.exe</script>
What is cross-site scripting (XSS)?
A three-letter acronym denoting a competitive event where participants flex their security muscles by finding strings that are hidden in purposefully vulnerable websites.
ex string: "^FLAG^b7a587c18411d13b7b9c07463f750cbad148a7795e476963fcb0373e81fd168b$FLAG$"
What is CTF (Capture the Flag)?
Zero day exploit found in April of this year that allows remote code execution to bypass sandbox authentication to access files outside their designated limits
What is CrushFTP?
The three toolsets that Github Advanced Security uses for code scanning
What are Dependabot, Secret Scanner, and CodeQL
A header that is used to protect against iframe attacks
Erin's favorite show, a groundbreaking cybersecurity drama series that follows the ethical hacking adventures of Mark Shepherd and friends as they take on cyber threats in far-flung parts of the globe. 8.2/10 on IMDB
What is The Inside Man?