In this tutorial we will learn some popular types of attacks which are introduced in the SCOR syllabus.

The first one is Code Injection Attacks. There are two popular types of Code Injection Attacks: SQL Injection and Cross Site Scripting.

SQL injection usually occurs when you ask a user for input, like their username/userid, but the user gives (“injects”) you an SQL statement that you will unknowingly run on your database.

Look at the following example, the administrators (or programmers) of the website directly created a SELECT statement by adding a variable from the user input (txtUserId) to a select string without any safety checks. The variable “UserId’ was fetched from user input (getRequestString):

If user enter something like this: “100 OR 1=1” then the SQL statement will look like this:

The SQL above is valid and will return ALL rows from the “Users” table, since OR 1=1 is always TRUE. A hacker might get access to all the user names and passwords in this database.

READ MORE…

Nowadays, organizations store vast amounts of sensitive data and critical operations within both on-premises and cloud environments, rendering them attractive targets for a diverse range of cyber threats. Recognizing and addressing these threats is vital for ensuring data security, operational stability, and overall protection. So let’s find out more about them in this tutorial!

One of the most popular cyber threats is malware. Malware means “malicious software”, is any software intentionally designed to cause damage to a computer, server, client, or computer network. There are many different variations of malware, but the most popular types of malware includes viruses, ransomware and spyware.

READ MORE…

This site is dedicated for the Security track. We hope you will find useful information here!