Scanning Tools
I help find supply chain vulnerabilities
What is Blackduck
I am a low port that provides secure login access but if I am open to the Internet, it is a violation of CPI-810
What is port 22 (SSH)?
I rank at the top of OWASP Top 10
What is broken authentication?
I go only way. Going in the reverse is computationally very difficult.
What is Hashing?
The test that simulates how hackers attack a system to find vulnerabilities.
What is Penetration Testing?
I am a whiz in the cloud resources scanning
What is Prisma?
I am one more than my secure predecessor, but I do not provide secure access.
What is port 23?
A server is duped to make unintended requests and return information that is not authorized otherwise for a given user.
What is SSRF?
I thought I was very secure until Peter Shor and Quantum Computers came along.
What is public key crypto?
In a role-based access control system, a normal user is able to become an admin and executes privileged actions.
What is vertical privilege escalation?
I dig deep both during compile-time as well as at runtime
What is Sysdig?
I am a popular port and I am always associated with a certificate.
What is 443?
This is sent to people in a social engineering attack, a major threat vector causing data breaches.
What is Email links?
The famous symmetric key algorithm for encryption
What is AES?
An id present in URL parameter is changeable to retrieve information in an unauthorized manner.
What is IDOR (Indirect Object Reference)?
I can be used at base-level or at advanced-level for Mobile code.
What is NowSecure?
My insecure twin is port 25 but I am a secure one.
What is 587? (SMTP)
If you do not use it for communications in mobile applications, everyone can see stuff in the clear
What is TLS?
A hash function and a symmetric key are used to calculate me. I avoid replays in protocols such as TLS.
What is HMAC?
The attack used in this test:
Enter Account Number: 101 OR 1 = 1
What is SQL Injection?
I am a new kid in the block to scan GenAI, particularly LLMs.
What is Garak, LLMBuzzer, Rebuff, etc?
People fondly call me MySQL port, but leave me open to the Internet unprotected.
What is 3306?
In API Security, leaving the insecure defaults causes the whole server compromised, and sensitive data exposure
What is security misconfiguration?
A famous key exchange algorithm invented by Stanford scientists.
What is Diffie Hellman?
An attack which forces an end user to execute unwanted actions on a web application to which they are currently authenticated.
What is CSRF?