Understanding malware classification
Understanding this isn’t required for the CompTIA Security+ exam, meaning that we’re going beyond the scope of this exam for a few minutes, but I…
Category: Cybersecurity Fundamentals
Resrouces that will teach you cybersecurity fundamentals
Incident response process
There’s been a security incident in your organization. What do you do? Panic? No ;)! You follow an incident response process. In this article, we’re…
Network Access Control (NAC)
In our course, we talk about Zero Trust and how it’s an approach that believes in continuously checking access and policy violations, even within internal…
Modes of operation
We talked about ciphers and block ciphers in the prior post. A block cipher on its own would only ever encrypt a single block of…
Cipher Suites
When you’re using symmetric encryption you can use what’s known as either a stream cipher or a block cipher. They both ultimately encrypt your data,…
Request forgeries (CSRF, XSRF, SSRF)
In 2020, CheckPoint Research announced multiple vulnerabilities in the popular social media application named TikTok. One of the found vulnerabilities allowed an attacker to delete…
IaC Scanning and Policy as Code with Checkov (Cheat Sheet)
We posted a video introducing the benefits of Infrastructure as Code (IaC) scanning and Policy as Code scanning, and why you absolutely should be running…
Directory / Path Traversal
Just like you have directories on your PC, laptop, and mobile phones, web servers also have directories. For example, if you were to purchase web…
Answers to Performance-Based Questions (PBQs) | Security+ 601
This post contains the answers and explanations to our free Performance-Based Questions (PBQs) that we specifically designed to prepare you to take and pass the…
Static Application Security Testing (SAST)
What if you could take multiple senior developers and security experts, distill them into a tool, and then have the ability to run that tool…