1.5M ratings
277k ratings

See, that’s what the app is perfect for.

Sounds perfect Wahhhh, I don’t wanna

Formal Methods and Protocol Verification

In computer science, specifically software engineering and hardware engineering, formal methods are a particular kind of mathematically rigorous techniques for the specification, development and verification of software and hardware systems. The use of formal methods for software and hardware design is motivated by the expectation that, as in other engineering disciplines, performing the appropriate mathematical analysis can contribute to the reliability and robustness of a design.

Formal methods are best described as the application of a fairly broad variety of theoretical computer science fundamentals, in particular logic calculi, formal languages, automata theory, discrete event dynamic system and program semantics, but also type systems and algebraic data types to problems in software and hardware specification and verification.

I recently learnt that The Dolev-Yao model is a formal model used to prove properties of interactive cryptographic protocols.

I watched a video on using AVISPA with hlpsl tool to verify the working of cryptographic protocols.

Happy Learning Security!

image

Directory Traversal Attack

A directory traversal (or path traversal) consists in exploiting insufficient security validation / sanitization of user-supplied input file names, such that characters representing “traverse to parent directory” are passed through to the file APIs.

The goal of this attack is to use an affected application to gain unauthorized access to the file system. This attack exploits a lack of security (the software is acting exactly as it is supposed to) as opposed to exploiting a bug in the code.

Directory traversal is also known as the ../ (dot dot slash) attack, directory climbing, and backtracking. Some forms of this attack are also canonicalization attacks.

Happy learning security!

image

Social Engineering

image
image

Today, I watched a video about social engineering. A pair of ethical hackers called customer representative hotline and bypass the security checks even with errors in their answers. They scratched information about their target person on the Internet. They also left a backdoor for themselves to come about later and get authenticated. 

They are testing because a woman got $30000 worth of cryptocurrency stolen by social engineering. In fact, the first call was not successful. But they got success at the following try.

I think all companies have to pick up the responsibility and take immediate actions in training their staff properly. All companies need to quickly and thoroughly update their security practices!

However, frankly speaking, it is so hard to authenticate a person over the phone! I think verbal password, 2FA and some customer service number are good to be implemented!

Kali Linux

image

Today, I installed Kali Linux for security testing myself by following the instructions online! Kali Linux gathers a number of useful applications for different phrases in penetration testing. For now, I explored the use of maltego, dmitrydnsenumnikto.

I am very excited as I embark upon the new journey!

Happy Security Testing!

Differences Between Security Vocabularies

I came across this explanation in helping us distinguish between “spam”, “spoofing”, “phishing”, spear phishing”, “pharming” and “viruses”. The meaning of “viruses” is clear to me from the very start. I also think the difference between “phishing” and spear phishing” is easy to tell before watching the video. After watching the video, I can now distinguish between “spam”, “spoofing” and “phishing”. In that “spoofing” relates to a bogus website and “phishing” also has its wide range of targets. I now understand the meaning of the word “pharming” and the related technique called “DNS cache poisoning”.

Happy Security!

image
image
image
image
image
image