Academy

  • Vulnerabilities of the TLS Protocol

    Vulnerabilities of the TLS Protocol

    Secure Socket Layer (SSL) and its successor, Transport Layer Security (TLS), are widely used protocols for secure online communication. They provide encryption and authentication between two applications over a network, ensuring the confidentiality and integrity of data transmitted between them. However, SSL/TLS is not invulnerable, and over the years, several vulnerabilities have been discovered that…

    Read More

  • CWE

    CWE

    CWE (Common Weakness Enumeration) is a list of common types of hardware and software defects that have security implications. The CWE list can be used as a framework to describe and communicate such vulnerabilities in terms of CWEs. The goal is to support all those methods (including automatic ones) to control and prevent software errors.…

    Read More

  • Vulnerability Analysis

    Vulnerability Analysis

    A vulnerability is a weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source. NIST Glossary – https://csrc.nist.gov/glossary/term/vulnerability Vulnerability analysis includes the detection, assessment, classification and treatment based on the risk they pose to the company. Vulnerability Identification A security team can detect…

    Read More

  • Network Scanning

    Network Scanning

    Regardless of your motivations (attacker or defender), you need to know the ports, hosts and services available within a network. From a defender’s point of view, the task is a precondition of several keys procedure: Asset Management – whoever manages the infrastructure (and its security) must know which devices are active and present within our infrastructure.…

    Read More

  • Footprinting

    Footprinting

    The first step in a cyberattack, or a penetration test, is footprinting. The attacker/analyst tries to get information about the targeted infrastructure. Thanks to footprinting techniques, attackers can obtain information such as: personal data, skills, experience and interests of company’s employees; company headquarters; technologies in use (middleware, operating systems); suppliers and consultants who collaborate periodically…

    Read More

  • Black Hat, White Hat, Gray Hat, Script Kiddies – Who they are?

    Black Hat, White Hat, Gray Hat, Script Kiddies – Who they are?

    The term hacker often takes on a negative connotation.  In the past, we often focused on the distinction between a hacker, a person with deep security knowledge who explores technologies, systems and related vulnerabilities out of pure passion, and crackers, the “malicious” counterpart, who uses his knowledge to cause damage and steal data. a certain…

    Read More