Whitehat training notes

• Whitehat training notes
  • Accronyms
    • Architectural Risk Analysis
      • Known Attack Analysis
  • Documents and articles

Accronyms

• ARA - Architectural Risk Analysis
• SAML - https://en.wikipedia.org/wiki/Security_Assertion_Markup_Language

Architectural Risk Analysis

Known Attack Analysis

• STRIDE from MS to assist threat modellers
  • (S)poofing identity
  • (T)ampering
  • (R)epudiation of actions
  • (I)nformation disclosure
  • (D)enial of service
  • (E)levation of privilege

Documents and articles

• Attack checklist taxonomy - 7 kingdoms - https://cwe.mitre.org/documents/sources/SevenPerniciousKingdoms.pdf
• SSL vs TLS -
  • Transport Layer Security (TLS) is the successor protocol to SSL. TLS is an improved version of SSL. It works in much the same way as the SSL, using encryption to protect the transfer of data and information. The two terms are often used interchangeably in the industry although SSL is still widely used.
• Dev.to Securing APIs nice read
• OWASP Site (and Top10) - https://owasp.org/www-project-top-ten/
• Gab hack - https://arstechnica.com/information-technology/2021/03/gab-the-far-right-website-has-been-hacked-and-70gb-of-data-leaked/