URL Encoding, SQL Injection, and Directory Traversal for Cybersecurity Certification – Part 1

Numbering Systems

By Bob Weiss

Many of the cybersecurity certifications that I teach have content that involves the uses of encoding, code injection, directory transversal, and scripting.  These concepts can be difficult to grasp, and the exam questions can be challenging to answer correctly.  This series of articles is designed to help you understand the basic concepts, and ...

Continue Reading →
0

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


CISA and FBI Release ESXiArgs Ransomware Recovery Guidance

Original release date: February 8, 2023

Today, CISA and the Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory, ESXiArgs Ransomware Virtual Machine Recovery Guidance. This advisory describes ...

Continue Reading →
0

SQL Injection

This post is for my cybersecurity students, and anyone else taking a cybersecurity class or studying for a certification exam.

From Jason Dion: “The most common type of code injection is SQL injection. An SQL injection attempts to modify one or more of an SQL query’s four basic functions: select, insert, delete, or update. Two common methods of performing an SQL injection are either using a single apostrophe (‘) or submitting an always true statement like 1=1.  As a penetration tester, you ...

Continue Reading →
0

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


Guidance on Sharing Cyber Incident Information

Original release date: April 7, 2022

CISA’s Sharing Cyber Event Information Fact Sheet provides our stakeholders with clear guidance and information about what to share, who should share, and how to share information about unusual cyber incidents or activity.

CISA uses this information from partners to build a common understanding ...

Continue Reading →
0

Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.


You can’t keep quiet when you’re hacked anymore

If you try to hide that your business has been hacked or you’ve paid ransomware, the Cybersecurity and Infrastructure Security Agency would like a word with you.

One of the dirty little secrets of many businesses, perhaps even most, is that far more of them than ever admit to it ...

Continue Reading →
0

Weekend Update

Happy New Year!!

A quick Saturday digest of cybersecurity news articles from other sources.


Serious Security: OpenSSL fixes “error conflation” bugs – how mixing up mistakes can lead to trouble

Have you ever seen the message “An error occurred”? Even worse, the message “This error cannot occur”? Facts matter!


Security and Your Phone:  What the Risks Are and How to Stay Safe

A great article and infographic ...

Continue Reading →
0
Page 1 of 3 123