TERMINOLOGIES OF ETHICAL HACKING

What is the terminologies in ethical hacking?

Here are a few key terms that you will hear in discussion about hackers and what they do:


1-Backdoor-A secret pathway a hacker uses to gain entry to a computer system.


2-Adware-It is the softw-are designed to force pre-chosen ads to display on your system.


3-Attack-That action performs by a attacker on a system to gain unauthorized access.


4-Buffer Overflow-It is the process of attack where the hacker delivers malicious commands to a system by overrunning an application buffer.


5-Denial-of-Service attack (DOS)-A attack designed to cripple the victim's system by preventing it from handling its normal traffic,usally by flooding it with false traffic.


6-Email Warm-A virus-laden script or mini-program sent to an unsuspecting victim through a normal-looking email message.


7-Bruteforce Attack-It is an automated and simplest kind of method to gain access to a system or website. It tries different combination of usernames and passwords,again & again until it gets in from bruteforce dictionary.


8-Root Access-The highest level of access to a computer system,which can give them complete control over the system.


9-Root Kit-A set of tools used by an intruder to expand and disguise his control of the system.It is the stealthy type of software used for gain access to a computer system.


10-Session Hijacking- When a hacker is able to insert malicious data packets right into an actual data transmission over the internet connection.


11-Phreaker-Phreakers are considered the original computer hackers who break into the telephone network illegally, typically to make free longdistance phone calls or to tap lines.


12-Trojan Horse-It is a malicious program that tricks the computer user into opening it.There designed with an intention to destroy files,alter information,steal password or other information.


13-Virus-It is piece of code or malicious program which is capable of copying itself has a detrimental effect such as corrupting the system od destroying data. Antivirus is used to protect the system from viruses.


14-Worms-It is a self reflicating virus that does not alter  files but resides in the active memory and duplicate itself.


15-Vulnerability-It is a weakness which allows a hacker to compromise the security of a computer or network system to gain unauthorized access.


16-Threat-A threat is a possible danger that can exploit an existing bug or vulnerability to comprise the security of a computer or network system. Threat is of two types-physical & non physical.


17-Cross-site Scripting-(XSS) It is a type of computer security vulnerability found in web application.It enables attacker to inject client side script into web pages viwed by other users.


18-Botnet-It is also known as Zombie Army is a group of computers controlled without their owner's knowledge.It is used to send spam or make denial of service attacks.


19-Bot- A bot is a program that automates an action so that it can be done repeatedly at a much higher rate for a period than a human operator could do it.Example-Sending HTTP, FTP oe Telnet at a higer rate or calling script to creat objects at a higher rate.


20-Firewall-It is a designed to keep unwanted intruder outside a computer system or network for safe communication b/w system and users on the inside of the firewall.


21-Spam-A spam is unsolicited email or junk email sent to a large numbers of receipients without their consent.


22-Zombie Drone-It is defined as a hi-jacked computer that is being used anonymously as a soldier or drone for malicious activity.ExDistributing Unwanted Spam Emails.


23-Logic Bomb-It is a type of virus upload in to a system that triggers a malicious action when certain conditions are met.The most common version is Time Bomb.


24-Shrink Wrap code-The process of attack for exploiting the holes in unpatched or poorly configured software.


25-Malware-It is an umbrella term used to refer a variety of intrusive software, including computer viruses,worms,Trojan Horses,Ransomeware,spyware,adware, scareware and other malicious program.


Follow me on instagram-anoymous_adi

Read more

August Connector

OWASP
Connector
  August 2019

COMMUNICATIONS


Letter from the Vice-Chairman:

Dear OWASP Community,  

I hope you are enjoying your summer, mines been pretty busy, getting married, traveling to Vegas and the board elections. August has been quite a busy month for the foundation. Attending BlackHat and DefCon as part of our outreach program, the upcoming elections ( I have to add, there were some really good questions from the community) and planning for the next two Global AppSec Conferences in September, it's been crazy. We the board would like to thank the staff and without naming any names (Jon McCoy) for their efforts during BlackHat and DefCon. I was there, on the stand, he did a good job of representing our community.

Two days prior to BlackHat and Defcon the board met as part of our second face to face meeting of the year. This was two days well spent, collaborating on some of the burning topics, but also how to move forward. At the beginning of the year, we set out our strategic goals. Even though these goals are part of our everyday OWASP life we decided to put a name against them to champion them, below are our goals and who will be championing them going forward:

Marketing - Chenxi
Membership - Ofer
Developer Outreach - Martin
Project Focus - Sherif
Improve Finances - Gary
Perception - Martin 
Process Improvement - Owen
Consistent ED - Done! 
Community Empowerment - Richard

If you are interested in getting involved in or would like to hear more about any of these strategic goals, please reach out to the relevant name above. 

Some of the Global board members will be attending both our Global AppSec Conference in Amsterdam but also in DC. We will hold our next public board meeting during the Global AppSec Conference in Amsterdam if you haven't already done so I would encourage you to both attend and spread the word of the conference. There are some great keynotes/ speakers and trainers lined up. 

Regards
Owen Pendlebury 
Vice-Chairman of the OWASP Global Board of Directors
DC Registration Now Open                                   Amsterdam Registration Now Open
Congratulations to the Global AppSec Tel Aviv 2019
Capture the Flag Winners

 
For two full days, 24 competitors from around the world attacked various challenges that were present within the CTF activity held at Global AppSec Tel Aviv 2019. The competition began with a handful of competitors running neck and neck with two competitors, 4lemon and vasya, at the top, slowly gathering more points in their race hoping to win it all. At the last moment, they were overtaken by Aleph who swooped in and took away the victory for himself with a total score of 29 points! 

We would like to thank all of the individuals who participated and once again, congratulations to the top 3.
1st Place Winner: Aleph (29 points)
2nd Place: 4lemon (24 points)
3rd Place: vasya (24 points)

EVENTS 

You may also be interested in one of our other affiliated events:


REGIONAL EVENTS
Event DateLocation
OWASP Portland Training Day September 25, 2019 Portland, OR
OWASP Italy Day Udine 2019 September 27, 2019 Udine, Italy
OWASP Poland Day October 16,2019 Wroclaw, Poland
BASC 2019 (Boston Application Security Conference) October 19,2019 Burlington, MA
LASCON X October 24 - 25,2019 Austin, TX
OWASP AppSec Day 2019 Oct 30 - Nov 1, 2019 Melbourne, Australia
German OWASP Day 2019 December 9 - 10, 2019 Karlsruhe, Germany
AppSec California 2020 January 21 - 24. 2020 Santa Monica, CA
OWASP New Zealand Day 2020 February 20 - 21, 2020 Auckland, New Zealand

PARTNER AND PROMOTIONAL EVENTS
Event Date Location
it-sa-IT Security Expo and Congress October 8 - 10, 2019 Germany

PROJECTS


Project Review Results from Global AppSec - Tel Aviv 2019
The results of the project reviews from Global AppSec Tel Aviv 2019 are in!  The following projects have graduated to the indicated status:

Project Leaders Level
Mobile Security Testing Guide Jeroen Willemsen, Sven Schleier Flagship
Cheat Sheet Series Jim Manico, Dominique Righetto Flagship
Amass Jeff Foley Lab


Please congratulate the leaders and their teams for their achievements!
If your project was up for review at Global AppSec Tel Aviv 2019 and it is not on this list, it just means that the project did not yet receive enough reviews.  And, if you are interested in helping review projects, send me an email (harold.blankenship@owasp.com).

Project Showcases at the Upcoming Global AppSecs
The Project Showcases for Global Appsec DC 2019 and Global AppSec Amsterdam 2019 are finalized.  For a complete schedule, see the following links:

Global AppSec - DC 2019 Project Showcase
Global AppSec - Amsterdam 2019 Project Showcase


Google Summer of Code Update
Google Summer of Code is now in the final stages.  Final Evaluations are due by September 2nd.  


The Mentor Summit will be in Munich this year; congratulate the OWASP mentors who were picked by raffle to attend and represent OWASP: Azzeddine Ramrami & Ali Razmjoo.

Google Summer of Code Update

THE OWASP FOUNDATION HAS SELECTED THE TECHNICAL WRITER FOR GOOGLE SEASON OF DOCS by Fabio Cerullo

The OWASP Foundation has been accepted as the organization for the Google Seasons of Docs, a project whose goals are to give technical writers an opportunity to gain experience in contributing to open source projects and to give open-source projects an opportunity to engage the technical writing community.

During the program, technical writers spend a few months working closely with an open-source community. They bring their technical writing expertise to the project's documentation, and at the same time learn about open source and new technologies.

The open-source projects work with the technical writers to improve the project's documentation and processes. Together they may choose to build a new documentation set, or redesign the existing docs, or improve and document the open-source community's contribution procedures and onboarding experience. Together, we raise public awareness of open source docs, of technical writing, and of how we can work together to the benefit of the global open source community.

After a careful review and selection process, the OWASP Foundation has picked the primary technical writer who will work along the OWASP ZAP Team for the next 3 months to create the API documentation of this flagship project.

Congratulations to Nirojan Selvanathan!

Please refer to the linked document where you could look at the deliverables and work execution plan.
https://drive.google.com/open?id=1kwxAzaqSuvWhis9Xn1VKNJTJZPM2UV20

COMMUNITY

 
Welcome New OWASP Chapters

Tegucigalpa, Honduras
Johannesburg, South Africa
 

CORPORATE SPONSORS


 
Join us
Donate
Our mailing address is:
OWASP Foundation 
1200-C Agora Drive, #232
Bel Air, MD 21014  
Contact Us
Unsubscribe






This email was sent to *|EMAIL|*
why did I get this?    unsubscribe from this list    update subscription preferences
*|LIST:ADDRESSLINE|*