What are SQL Injections? // Explained in 180 seconds
Whenever you visit a website or use some kind of application, that website or app needs to pull data from a database. For example, let’s…
Important pentesting concepts for the Security+
You’ve been running vulnerability scans on a regular basis, you’ve expanded that into a broader vulnerability assessment approach, and you’ve been fixing everything that’s been…
Authentication Protocols (802.1X, EAP/PEAP, EAP-FAST/TLS/TTLS, and RADIUS)
Let’s talk about network authentication protocols that we can use and that we need to know for the CompTIA Security+ exam. We’re going to discuss:…
What is HashiCorp Vault and why should you know about it?
Vault is an open-source secrets management tool used to automate access to secrets, data, and systems. This blog post comes from our Explained in 180…
Network segmentation
Network segmentation is a really important topic to understand for IT in general, but also for security. As we deploy resources in our networks, creating…
Jump servers (aka bastion hosts)
One of the challenges with having network segmentation is that it not only prevents attackers from accessing private networks and private resources, but it also…
Bluesnarfing and Bluejacking
Studying for the Security+ exam? Here’s a quick and easy read for a topic covered in the exam objectives. What is bluesnarfing? If you were…
Biometrics techniques and concepts for authentication
We talked about how biometrics can be used for multifactor authentication in order to verify someone’s identity. Biometric authentication refers to something you are (as…
Key stretching concepts and algorithms
One of the best ways to make a password strong is to make it long. The longer the password is, the harder it is to…
Hashing use cases
In practice, what is hashing used for? How is it being used in the real world? Let’s take a look at a few common hashing…