Cybersecurity Basics
What does "CIA" stand for in cybersecurity?
Confidentiality, Integrity, and Availability.
What is an "SQL Injection"?
It's a code injection technique where malicious SQL statements are inserted into an input field to attack a database.
What is the main goal of a bug bounty program?
To encourage ethical hackers to find and report security vulnerabilities.
Which major retailer suffered a data breach in 2013, leaking 40 million credit card numbers?
Target (ironic name)
What is HTTPS and why is it important?
HTTPS is HyperText Transfer Protocol Secure, and it ensures encrypted communication between a browser and a server.
What is the process of identifying weaknesses in software or networks called?
Vulnerability Assessment.
What type of vulnerability involves tricking a program into executing arbitrary code?
Buffer Overflow.
Which company launched one of the first bug bounty programs in 1995?
Netscape
What social media company was hacked in 2016, leading to the leak of 32 million user passwords?
What is "Two-Factor Authentication" (2FA)? Give an example of 2 factors of Authentication. (no SMS)
It is an additional security layer that requires two forms of verification to access an account.
What does the term "phishing" mean?
Phishing is a method used by attackers to trick people into providing sensitive information by pretending to be a trustworthy source.
What does "XSS" stand for and what does it do?
Cross-Site Scripting; it allows attackers to inject malicious scripts into webpages viewed by other users.
What platform allows ethical hackers to report vulnerabilities for financial rewards?
HackerOne/Bugcrowd/Hackerrank
What was the name of the hacking group that DDoS'd Xbox servers Christmas Day in 2014?
Lizard Squad
What does a "CAPTCHA" do?
It helps prevent automated bots from accessing websites by asking users to perform simple tasks that bots cannot easily do.
What is a "firewall"?
A firewall is a security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.
What is the difference between a "vulnerability" and an "exploit"?
A vulnerability is a weakness in a system, while an exploit is a technique to take advantage of that weakness.
True or False: Only large companies can have bug bounty programs.
False. Small companies and startups can also have bug bounty programs.
Which entertainment company was hacked in 2014, leading to the leak of unreleased movies and employee information?
Sony Pictures
What is Cross-Site Request Forgery (CSRF)?
It's an attack where a malicious website tricks a user into unknowingly submitting a request to another site where they're authenticated.
What is the difference between a "white hat" hacker and a "black hat" hacker?
A white hat hacker is an ethical hacker who helps find vulnerabilities, while a black hat hacker exploits them for malicious purposes.
What is "Privilege Escalation"?
It's a technique where an attacker gains higher-level permissions, allowing them to do more damage or access restricted areas of a system.
What is "Responsible Disclosure" in bug bounty programs?
It's the process of privately informing the company of a vulnerability, giving them time to fix it before making it public.
What was the name of the hacker group responsible for the 2011 PlayStation Network breach?
LulzSec
What does Content Security Policy (CSP) do?
CSP helps prevent attacks like Cross-Site Scripting by allowing the website owner to specify which sources of content are safe to load.