Web Wonders
This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users.
What is cross-site scripting or XSS?
This type of scam involves fake emails to trick users into revealing personal information.
What is phishing?
Companies often offer these programs to reward people who find and report vulnerabilities.
What is a bug bounty?
This policy encourages users to create complex passwords using letters, numbers, and symbols.
What is password complexity?
This is the full form of PII, a term for data that can identify a person.
What is Personally Identifiable Information?
This type of attack targets web applications to manipulate the database through user inputs
What is SQL injection?
A social engineering technique where attackers plan to pose as someone trusted to gain access
What is pretexting?
This ranks vulnerabilities by severity, providing a risk-based scoring.
What is CVSS or Common Vulnerability Scoring System?
An attacker uses a list of common passwords to try and gain unauthorized access.
What is a dictionary attack?
This type of data includes items like fingerprints or facial recognition patterns.
What is biometric data?
This common security flaw arises from not properly validating user inputs, often leading to exploits.
What is input validation failure?
Attackers pretend to be part of an organization’s internal team to gain trust and access
What is impersonation?
A vulnerability allowing attackers to execute arbitrary code on a system is known as this.
What is remote code execution?
This type of storage method is used to store password hashes securely in databases.
What is hashing?
A common identifier found on a driver’s license that’s considered sensitive PII.
What is TRN (Tax Registration Number)?
This security measure protects user sessions from hijacking by verifying session integrity
What is session management?
This psychological tactic is used to make victims feel rushed and reveal sensitive information.
What is urgency?
The security practice of isolating an application from the rest of the system to contain threats.
What is sandboxing?
This security feature sends a code to a secondary device for authentication.
What is multi-factor authentication?
This regulation, effective in the EU, gives people control over how their personal data is used.
What is GDPR?
This attack involves redirecting users to a malicious website through a compromised URL.
What is URL spoofing?
This advanced social engineering tactic targets high-ranking executives in an organization
What is whaling?
This vulnerability involves inserting malicious code into a website, affecting users’ browsers.
What is cross-site scripting or XSS?
This type of passwordless authentication relies on unique physical characteristics.
What is biometric authentication?
This term describes the process of removing or masking PII to protect individuals’ privacy.
What is data anonymization or data masking?