Security Jeopardy

Scanning Tools

Ports

Vulnerabilities

Cryptography

Security Testing

100

I help find supply chain vulnerabilities

What is Blackduck

100

I am a low port that provides secure login access but if I am open to the Internet, it is a violation of CPI-810

What is port 22 (SSH)?

100

I rank at the top of OWASP Top 10

What is broken authentication?

100

I go only way. Going in the reverse is computationally very difficult.

What is Hashing?

100

The test that simulates how hackers attack a system to find vulnerabilities.

What is Penetration Testing?

200

I am a whiz in the cloud resources scanning

What is Prisma?

200

I am one more than my secure predecessor, but I do not provide secure access.

What is port 23?

200

A server is duped to make unintended requests and return information that is not authorized otherwise for a given user.

What is SSRF?

200

I thought I was very secure until Peter Shor and Quantum Computers came along.

What is public key crypto?

200

In a role-based access control system, a normal user is able to become an admin and executes privileged actions.

What is vertical privilege escalation?

300

I dig deep both during compile-time as well as at runtime

What is Sysdig?

300

I am a popular port and I am always associated with a certificate.

What is 443?

300

This is sent to people in a social engineering attack, a major threat vector causing data breaches.

What is Email links?

300

The famous symmetric key algorithm for encryption

What is AES?

300

An id present in URL parameter is changeable to retrieve information in an unauthorized manner.

What is IDOR (Indirect Object Reference)?

400

I can be used at base-level or at advanced-level for Mobile code.

What is NowSecure?

400

My insecure twin is port 25 but I am a secure one.

What is 587? (SMTP)

400

If you do not use it for communications in mobile applications, everyone can see stuff in the clear

What is TLS?

400

A hash function and a symmetric key are used to calculate me. I avoid replays in protocols such as TLS.

What is HMAC?

400

The attack used in this test:

Enter Account Number: 101 OR 1 = 1

What is SQL Injection?

500

I am a new kid in the block to scan GenAI, particularly LLMs.

What is Garak, LLMBuzzer, Rebuff, etc?

500

People fondly call me MySQL port, but leave me open to the Internet unprotected.

What is 3306?

500

In API Security, leaving the insecure defaults causes the whole server compromised, and sensitive data exposure

What is security misconfiguration?

500

A famous key exchange algorithm invented by Stanford scientists.

What is Diffie Hellman?

500

An attack which forces an end user to execute unwanted actions on a web application to which they are currently authenticated.

What is CSRF?