InfoSec 101
Mechanics
Attacks
Mystery
100

The main mechanic that identifies a user within a system.

What is Authentication?

100

A place where websites can store local data on a clients machine.

What are Cookies?

100

An online technique where a person poses as another in order to gain their confidence and eventually coerce them into giving up secrets.

What is a phishing attack?

100

A humorous image that is copied (often with slight variations) and spread rapidly by Internet users.

What is a meme?

200

The main mechanic that determines if a user can access specific data or functionality.

What is Authorization?

200

A stateful data storage that could be either client-side or server-side, typically you will see a little of me in both places.

What is Session?

200

A browser attack where data is POST'ed from outside the actual web application, typically from another site.

What is a Cross-Site Scripting Attack?

200

Professional football organization who have won the most super bowls since 1967 (Super Bowl I.)

Who are the Pittsburgh Steelers?
300

A resource to which a system regulates access for.

What is a Securable?

300

JSON-based, compact, and signed message format for sharing credential information across systems.

What are JavaScript Web Tokens?

300

An attack where an application can have arbitrary database-level code executed.

What is SQL Injection?

300

Launched in 1962 it is a popular collection of kid stories that focus on a family of bears learning and teaching life lessons.

What is the Berenstain Bears?

400

An entity that receives permission to a access a resource.

What is a Principle?

400

One-way cryptographic function that can be used to map data of arbitrary size to data of a fixed size.

What is a hashing algorithm?

400

Psychological manipulation of people into performing actions or divulging confidential information.

What is social engineering?

400

The organization responsible for the creation of the SHA-256 algorithm.

Who is the NSA?
500

The information security model which ensure data is private, correct, and accessible.

What is the CIA Model?

500

Sprinkle some on a cryptographic function to make sure no two digests are ever the same.

What is salt?

500

Technique used to alter MAC and IP addresses of a network in order to manipulate routing paths, generally used to launch man-in-the-middle attacks.

What is ARP poisoning?

500

Year when the first website was launched on the World Wide Web.

What is 1991?