Get started
Bring yourself up to speed with our introductory content.
Get started
Bring yourself up to speed with our introductory content.
What is DomainKeys Identified Mail (DKIM)?
DomainKeys Identified Mail (DKIM) is a protocol for authenticating email messages using public key cryptography to protect against forged emails. Continue Reading
What is Domain-based Message Authentication, Reporting and Conformance (DMARC)?
The Domain-based Message Authentication, Reporting and Conformance (DMARC) protocol is one leg of the tripod of internet protocols that support email authentication methods. Continue Reading
Is ethical hacking legal? And more ethical hacking advice
Is ethical hacking legal? Learn about the legality of ethical hacking, why it's important, its benefits and what organizations should look for when hiring an ethical hacker. Continue Reading
-
Ethical hacking: How to conduct a Sticky Keys hack
Physical security is often overlooked by cybersecurity teams. Learn about physical cybersecurity attacks in step-by-step instruction on how to conduct a Windows Sticky Keys hack. Continue Reading
Data masking vs. data encryption: How do they differ?
Discover how the data security techniques of data masking and data encryption compare, while also learning about different types of both and their use cases. Continue Reading
How to develop a data breach response plan: 5 steps
A data breach response plan outlines how a business will react to a breach. Follow these five steps, and use our free template to develop your organization's plan.Continue Reading
data breach
A data breach is a cyber attack in which sensitive, confidential or otherwise protected data has been accessed or disclosed in an unauthorized fashion.Continue Reading
SSH2 vs. SSH1 and why SSH versions still matter
The Secure Shell protocol, SSH, was redesigned and released as SSH2 in 2006. While SSH1 lingers for legacy uses, find out how the protocols differ and why it's important.Continue Reading
Symmetric vs. asymmetric encryption: What's the difference?
Explore the differences between symmetric vs. asymmetric encryption, including how they work and common algorithms, as well as their pros and cons.Continue Reading
insider threat
An insider threat is a category of risk posed by those who have access to an organization's physical or digital assets.Continue Reading
-
How to create a data security policy, with template
Are you looking to create or update your organization's data security policy? Learn about the key elements of a data security policy, and use our free template to get started.Continue Reading
data compliance
Data compliance is a process that identifies the applicable governance for data protection, security, storage and other activities and establishes policies, procedures and protocols ensuring data is fully protected from unauthorized access and use, ...Continue Reading
VMDR: Inside vulnerability management, detection and response
VMDR offers automated asset identification, threat prioritization and patch management. But do companies need another vulnerability management tool?Continue Reading
Pen testing vs. vulnerability scanning: What’s the difference?
Confused by the differences between pen tests and vulnerability scans? You're not alone. Learn the key differences between the two and when each should be used.Continue Reading
3 steps for getting started with security service edge
Before getting started with security service edge (SSE), formulate a migration strategy. Check out these three expert tips for tackling SSE with maximum efficiency and ease.Continue Reading
SecOps vs. CloudSecOps: What does a CloudSecOps team do?
Now, more than ever, organizations need to build controls, monitor and enact security response activities for the cloud. This is where the CloudSecOps team comes into play.Continue Reading
How to use SSH tunnels to cross network boundaries
The Secure Shell protocol authenticates and encrypts network connections. Find out how it's used to build tunnels while crossing private networks and even firewalls.Continue Reading
Top 7 types of data security technology
These seven types of data security technologies -- from encryption to masking -- will better protect customer and enterprise data from inappropriate and unauthorized access and use.Continue Reading
How to create a critical infrastructure incident response plan
Does your organization have an incident response plan for disruptions to critical infrastructure? Learn how to write a successful plan for your company.Continue Reading
blended threat
A blended threat is an exploit that combines elements of multiple types of malware and usually employs various attack vectors to increase the severity of damage and the speed of contagion.Continue Reading
Negotiating a golden parachute clause in a CISO contract
If a CISO becomes the company scapegoat after a security incident, a strong golden parachute clause can mean the difference between a soft landing and a hard crash.Continue Reading
How to determine out-of-scope bug bounty assets
What happens when a security researcher discovers a bug in an out-of-scope asset? Learn how to handle bug bounty scope in this excerpt from 'Corporate Cybersecurity.'Continue Reading
Use ssh-keygen to create SSH key pairs and more
Learn how to use ssh-keygen to create new key pairs, copy host keys, use a single login key pair for multiple hosts, retrieve key fingerprints and more in this tutorial.Continue Reading
X.509 certificate
An X.509 certificate is a digital certificate that uses the widely accepted international X.509 public key infrastructure (PKI) standard to verify that a public key belongs to the user, computer or service identity contained within the certificate.Continue Reading
directory traversal
Directory traversal is a type of HTTP exploit in which a hacker uses the software on a web server to access data in a directory other than the server's root directory.Continue Reading
3 types of PKI certificates and their use cases
Public key infrastructure helps authenticate senders via cryptography and digital certificates. Learn about three types of PKI certificates and their use cases.Continue Reading
How to get started with multi-cloud threat hunting
More clouds mean a bigger attack surface. It also complicates how companies can accurately hunt for potential threats. But there are steps to take that can reduce the risk.Continue Reading
How to conduct a cyber-war gaming exercise
A successful cyber-war game can help organizations find weaknesses in their system but only if the right participants are involved and an after-action review is completed.Continue Reading
man in the browser (MitB)
Man in the browser (MitB) is a security attack where the perpetrator installs a Trojan horse on the victim's computer that is capable of modifying that user's web transactions.Continue Reading
Zero trust vs. zero-knowledge proof: What's the difference?
Zero-knowledge proofs can help companies implement a zero-trust framework. Learn about the two concepts and how they come together to better secure networks.Continue Reading
parameter tampering
Parameter tampering is a type of web-based cyber attack in which certain parameters in a URL are changed without a user's authorization.Continue Reading
SYN flood attack
A SYN flood attack is a type of denial-of-service (DoS) attack on a computer server.Continue Reading
Cyber-war gaming: A cybersecurity tabletop exercise
Based off military war games, cyber-war gaming examines a company's security posture. Learn how it works, the readiness needed, who should be involved and more.Continue Reading
Sender Policy Framework (SPF)
Sender Policy Framework (SPF) is a protocol designed to restrict who can use an organization's domain as the source of an email message.Continue Reading
How to conduct Linux privilege escalations
Learn how to conduct Linux kernel exploitation with Metasploit and manually, as well as how to identify vulnerabilities on Linux using enumeration scripts.Continue Reading
An introduction to binary diffing for ethical hackers
Binary diffing is a useful tool in the ethical hacker's arsenal. This excerpt teaches aspiring penetration testers and red teamers how to get started.Continue Reading
security information management (SIM)
Security information management (SIM) is the practice of collecting, monitoring and analyzing security-related data from computer logs and various other data sources.Continue Reading
WLAN Authentication and Privacy Infrastructure (WAPI)
WLAN Authentication and Privacy Infrastructure (WAPI) is a wireless local area network security standard officially supported by the Chinese government.Continue Reading
mail bomb
A mail bomb is a form of a denial-of-service (DoS) attack designed to overwhelm an inbox or inhibit a server by sending a massive number of emails to a specific person or system.Continue Reading
Pen testing guide: Types, steps, methodologies and frameworks
Penetration testing helps organizations find security vulnerabilities before hackers do. Uncover details about pen testing steps, methodologies, frameworks and standards.Continue Reading
Open System Authentication (OSA)
Open System Authentication (OSA) is a process by which a computer could gain access to a wireless network that uses the Wired Equivalent Privacy (WEP) protocol.Continue Reading
AAA server (authentication, authorization and accounting)
An AAA server is a server program that handles user requests for access to computer resources and, for an enterprise, provides authentication, authorization and accounting (AAA) services.Continue Reading
SOC 1 (System and Organization Controls 1)
System and Organization Controls 1, or SOC 1 (pronounced "sock one"), aims to control objectives within a SOC 1 process area and documents internal controls relevant to an audit of a user entity's financial statements.Continue Reading
content filtering
Content filtering is a process involving the use of software or hardware to screen and/or restrict access to objectionable email, webpages, executables and other suspicious items.Continue Reading
How to implement OpenID Connect for single-page applications
The OpenID Connect authentication protocol can be used to secure a variety of applications. This excerpt teaches developers how it works with single-page applications.Continue Reading
How to use OpenID Connect for authentication
OpenID Connect has become a trusted protocol to connect with identity providers. Explore how to use it for IAM, common threats to be aware of and how to connect to multiple IdPs.Continue Reading
Luhn algorithm (modulus 10)
The Luhn algorithm, also called modulus 10 or modulus 10 algorithm, is a simple mathematical formula used to validate a user's identification numbers.Continue Reading
authentication server
An authentication server is an application that facilitates the authentication of an entity that attempts to access a network.Continue Reading
PA-DSS (Payment Application Data Security Standard)
Payment Application Data Security Standard (PA-DSS) is a set of requirements intended to help software vendors develop secure payment applications for credit card transactions.Continue Reading
mutual authentication
Mutual authentication, also called two-way authentication, is a process or technology in which both entities in a communications link authenticate each other.Continue Reading
How to write an information security policy, plus templates
Infosec policies are key to any enterprise security program. Read up on types of security policies and how to write one, and download free templates to start the drafting process.Continue Reading
screened subnet
A screened subnet, or triple-homed firewall, refers to a network architecture where a single firewall is used with three network interfaces.Continue Reading
How to build a security champions program
Security champions are key to promoting and creating a security-first company. Learn how to build a security champions program using these four steps.Continue Reading
metamorphic and polymorphic malware
Metamorphic and polymorphic malware are two types of malicious software (malware) that can change their code as they propagate through a system.Continue Reading
security identifier (SID)
In the context of Windows computing and Microsoft Active Directory (AD), a security identifier (SID) is a unique value that is used to identify any security entity that the operating system (OS) can authenticate.Continue Reading
North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP)
The North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) plan is a set of standards aimed at regulating, enforcing, monitoring and managing the security of the Bulk Electric System (BES) in North America.Continue Reading
Tips for creating a cybersecurity resume
Resumes help candidates leave an impression on potential employers. But did you know one resume often isn't enough? Learn this and other tips for creating a cybersecurity resume.Continue Reading
How to manage imposter syndrome in cybersecurity
The imposter syndrome phenomenon is readily apparent in cybersecurity. Learn how to manage it, along with mishaps to avoid during the job hunt and other career advice.Continue Reading
Privacy-enhancing technology types and use cases
Data is key to companies' success, but maintaining its privacy and ensuring regulatory compliance is difficult. Learn about privacy-enhancing technologies that keep data protected.Continue Reading
Shared Key Authentication (SKA)
Shared Key Authentication (SKA) is a process by which a computer can gain access to a wireless network that uses the Wired Equivalent Privacy (WEP) protocol.Continue Reading
Internet Key Exchange (IKE)
Internet Key Exchange (IKE) is a standard protocol used to set up a secure and authenticated communication channel between two parties via a virtual private network (VPN).Continue Reading
passphrase
A passphrase is a sentencelike string of words used for authentication that is longer than a traditional password, easy to remember and difficult to crack.Continue Reading
How to use PKI to secure remote network access
Public key infrastructure is a more secure option than password-based or multifactor authentication. Learn how those benefits can extend to remote employees and access.Continue Reading
security clearance
A security clearance is an authorization that allows access to information that would otherwise be forbidden.Continue Reading
Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)
Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) is an encryption protocol based on the U.S. federal government's Advanced Encryption Standard (AES) algorithm and uses the Counter Mode with CBC-MAC (CCM) mode of ...Continue Reading
A day in the life of a cybersecurity manager
The role of a cybersecurity leader is often misunderstood. Experience a day in the life of a cybersecurity manager with this breakdown of a security leader's typical schedule.Continue Reading
How to prepare for malicious insider threats
Stopping malicious insider threats is just as important as preventing external ones. Uncover what to look for and strategies to prevent insider threats before they cause damage.Continue Reading
Include defensive security in your cybersecurity strategy
Is your company's cybersecurity strategy comprehensive enough to protect against an expanding threat landscape? Learn how developing defensive security strategies can help.Continue Reading
Nmap use cases, tools and product comparisons
Nmap is historically known for port scanning, but thanks to several subprojects, its use cases have expanded. Learn how Nmap is used, along with other comparable tools.Continue Reading
quantum cryptography
Quantum cryptography is a method of encryption that uses the naturally occurring properties of quantum mechanics to secure and transmit data.Continue Reading
How to use Nmap to scan specific ports
One of Nmap's primary functions is conducting port scans. In this walkthrough, learn how to launch a default scan, along with other options that affect Nmap port scan behavior.Continue Reading
one-time pad
In cryptography, a one-time pad is a system in which a randomly generated private key is used only once to encrypt a message that is then decrypted by the receiver using a matching one-time pad and key.Continue Reading
What is shellcode and how is it used?
Shellcode is a set of instructions that executes a command in software to take control of or exploit a compromised machine. Read up on the malware term and how to mitigate the risk.Continue Reading
How to start implementing passwordless authentication today
Everyone is tired of passwords, but a truly passwordless world isn't quite there yet. Learn what options companies currently have to implement passwordless authentication.Continue Reading
Top cloud security standards and frameworks to consider
Cloud security standards and frameworks are key to securing systems and maintaining privacy. Read up on available options and advice for selecting the best for your organization.Continue Reading
Introduction to automated penetration testing
Automated penetration testing, which speeds up the process for companies and vendors, is maturing. Is it ready to close the time gap between vulnerability discovery and mitigation?Continue Reading
Pretty Good Privacy (PGP)
Pretty Good Privacy or PGP was a popular program used to encrypt and decrypt email over the internet, as well as authenticate messages with digital signatures and encrypted stored files.Continue Reading
Blowfish
Blowfish is a variable-length, symmetric, 64-bit block cipher.Continue Reading
Cloud-native security architecture principles and controls
Building a sound cloud security framework is challenging, and it's even more so when implementing a cloud-native architecture. Here are steps you can take to make the job easier.Continue Reading
click fraud (pay-per-click fraud)
Click fraud -- sometimes called 'pay-per-click fraud' -- is a type of fraud that artificially inflates traffic statistics for online advertisements.Continue Reading
Rijndael
Rijndael (pronounced rain-dahl) is an Advanced Encryption Standard (AES) algorithm.Continue Reading
Public-Key Cryptography Standards (PKCS)
Public-Key Cryptography Standards (PKCS) are a set of standard protocols, numbered from 1 to 15.Continue Reading
honeynet
A honeynet is a network set up with intentional vulnerabilities hosted on a decoy server to attract hackers.Continue Reading
trusted computing base (TCB)
A trusted computing base (TCB) is everything in a computing system that provides a secure environment for operations.Continue Reading
elliptical curve cryptography (ECC)
Elliptical curve cryptography (ECC) is a public key encryption technique based on elliptic curve theory that can be used to create faster, smaller and more efficient cryptographic keys.Continue Reading
access log
An access log is a list of all requests for individual files -- such as Hypertext Markup Language files, their embedded graphic images and other associated files that get transmitted -- that people or bots have made from a website.Continue Reading
ciphertext feedback (CFB)
In cryptography, ciphertext feedback (CFB), also known as cipher feedback, is a mode of operation for a block cipher.Continue Reading
Editor's picks: Top cybersecurity articles of 2021
As we call it a wrap on 2021, SearchSecurity looks at the top articles from the last 12 months and their sweeping trends, including ransomware, career planning and more.Continue Reading
International Data Encryption Algorithm (IDEA)
The International Data Encryption Algorithm (IDEA) is a symmetric key block cipher encryption algorithm designed to encrypt text to an unreadable format for transmission via the internet.Continue Reading
cryptographic checksum
Generated by a cryptographic algorithm, a cryptographic checksum is a mathematical value assigned to a file sent through a network for verifying that the data contained in that file is unchanged.Continue Reading
smart card
A smart card is a physical card that has an embedded integrated chip that acts as a security token.Continue Reading
white hat hacker
A white hat hacker -- or ethical hacker -- is an individual who uses hacking skills to identify security vulnerabilities in hardware, software or networks.Continue Reading
Encrypting File System (EFS)
Encrypting File System (EFS) provides an added layer of protection by encrypting files or folders on various versions of the Microsoft Windows OS.Continue Reading
Top infosec best practices, challenges and pain points
Weak infosec practices can have irrevocable consequences. Read up on infosec best practices and challenges, as well as the importance of cybersecurity controls and risk management.Continue Reading
copyright
Copyright is a legal term describing ownership of control of the rights to the use and distribution of certain works of creative expression, including books, video, motion pictures, musical compositions and computer programs.Continue Reading
stealth virus
A stealth virus is a computer virus that uses various mechanisms to avoid detection by antivirus software.Continue Reading
spam filter
A spam filter is a program used to detect unsolicited, unwanted and virus-infected emails and prevent those messages from getting to a user's inbox.Continue Reading
What is a micro VM (micro virtual machine)?
A micro VM (micro virtual machine) is a virtual machine program that serves to isolate an untrusted computing operation from a computer's host operating system.Continue Reading
Chernobyl virus
The Chernobyl virus is a computer virus with a potentially devastating payload that destroys all computer data when an infected file is executed.Continue Reading
password salting
Password salting is a technique to protect passwords stored in databases by adding a string of 32 or more characters and then hashing them.Continue Reading