Professional Documents
Culture Documents
04 05 06
01 02 03
01 02 03 04 05 06 07
Use Advance Web
02 03 04 Sort the applications Fix critical and high Deploy some
Virus
Trojan Virus Spyware Adware Ransomware Fileless Malware 01 Create a web application Sort the applications in application security
Worms
in priority buckets vulnerabilities protection
A virus is malicious Worms are a
A virus is malicious
software Trojan viruses
Spyware is malicious Adware is malicious Ransomware is malicious Fileless malware is a type
threat model priority buckets measures
software attached to malicious software are disguised as helpful
software that runs software used to collect software that gains of memory-resident Play
secretly on a computer access to sensitive malware. As the term Exit
a document or file that rapidly replicates software programs. But
data on your computer Hook
that supports macros and reports back to a usage and provide information within a suggests, it is malware Investigation Obtaining the information over a
and spreads to any once the user downloads that operates from a
to execute its code remote user. appropriate system, encrypts that period of time: Closing the interaction, ideally without
device within the it, the Trojan virus can information so that the victim’s computer’s Deceiving the victim to gain a foothold:
and spread from host advertisements to you. Preparing the ground for the attacks: Expanding foothold arousing suspicion:
network. gain access to sensitive memory, not from files on Engaging the target
user cannot access it, and Identifying the victims Executing the attack Removing all traces of malware.
to host. data and then modify, then demands a financial the hard drive. Spinning a story
block, or delete the data Gathering background information Disrupting business and Covering tracks
payout for the data to be Taking control of the interaction
Selecting attack methods siphoning data Bringing the charade to a natural end
released.
02
02
API Security
01
Scareware Application Programming Interfaces
(API) are growing in importance. They
01 02 03 04 Baiting
Scareware is an attack
01
are the basis of modern microservices
applications, and an entire API 03
tactic that scares people economy has emerged, which allows
Attack Lifecycle A type of social into visiting spoofed or organizations to share data and
engineering attack where infected websites or access software functionality created by
Don’t open links, Use multifactor Report Scam Cloud Native Application Security
Keep your
downloading malicious Web Application Security others.
a scammer uses a false
emails, and authentication antivirus/antimal Text Now!
software. 03 Due to the growing problem of web Cloud-native applications are
promise to lure a victim
Malware
attachments ware software
application security, many security applications built in a microservices
from suspicious updated into a trap which may architecture using technologies like
Best practices for
vendors have introduced solutions
sources
virtual machines, containers, and
steal personal and Pretexting specially designed to secure web
serverless platforms.
financial information. applications.
Pretexting is a made-up
scenario developed by
Application Security
threat actors for the
purpose of stealing a
victim's personal data.
Module 3
violations (buffer
Availability
Module 2
encryption, or overflows, over- lack of authentication,
firmware reads, dangling default authentication,
or other poor network
vulnerability. pointers) etc.
Lack of data backups that 02
Physical Threats
security.
can recover services on
Identifying Security Managing Data,
Vulnerabilities time.
& Vulnerabilities Threats and Application, and Processes
04
05 Rouge Access Point is a wireless
access point that has been
Mobile Security
Device Security
Organizational
Improper
Rouge installed on a secured network
without explicit authorization from
Physical Site internal controls, Access the local administrator, whether
03
lack of audit,
Point added by an employee or a
Network-Based Threats
Personnel rea subject to
A continuity plan,
natural disaster, security, or malicious attacker.
Poor recruiting unreliable power incident 01 02 03 04 05
policy, lack of
security awareness
source, or no
keycard access.
response plan.
Technologies
and training, poor Many technical solutions
adherence to Natural threats. Malicious or Disrupt business Natural events Theft and are available for securing
security training,
poor password
accidental human
threats and operations that like earthquake, burglary,
02 Main Types of Device Security environments against
management, or
downloading
environmental
threats.
rely on computer
systems.
floods, and
tornados.
vandalism,
sabotage, and
Mobile Security Threats Steps to secure mobile devices threats. Web application
malware via email terrorism. firewalls (WAFs), analytics,
attachments. bot identification and
Evil Twin is a Wi-Fi Access Point
Securing Wireless Devices Bluejacking is the least harmful Bluetooth Use strong
attack, which involves "pushing" or
Applications with password/biometrics
Bluejacking & sending unsolicited messages, photos, or Data Security
URLs over Bluetooth. Weak Security
Bluesnarfing 02
Bluesnarfing "pulls" or takes content by 05
01 02 03 04 manipulating Bluetooth connections to
steal passwords, images, contacts, or
other data from the end user's wireless
03 Application Security
devices.
02 Install an antivirus
Sniffing Eavesdropping Spoofing DOS 01
03 application 05
01 02 A sniffing attack Eavesdropping Spoofing refers Denial-of-Service 01 02 03 04
involves an attacks are like to a malicious (DoS) attacks block
attacker getting sniffing attacks, actor pretending or disrupt an Data Leakage
into the network except that they to be a organization or Wireless Devices 02 Ensure public or free
data-stream and are usually legitimate entity business’s ability to Bluetooth
Passive Active reading, passive, easier to or someone s/he use its own Management Filtering Intrusion Encryption Keep software and
Wi-Fi is protected Endpoint Security
monitoring, or carry out and is not. resources such as
Firewalls Packet Detection Network
applications updated Do not accept non-
Could be a network capturing full may not involve network bandwidth, Manage patch with the latest patches.
Can monitor, filtering encryption, or Public Wifi initiated pairing
exploit during which packets of data full packets of system resources, application Intrusion Use anti-virus or anti- attempts. Disable the
observe or build
the attackers will flowing between data. and application Reduce attacks TCP-level
Detection
any kind of
malware software. Use Bluetooth feature 03
use of the
modify or alter the a client and a resources. surface filtering
Systems scan
encryption for
multi-factor
Do not connect to Wi-Fi
hotspots Disable Wi-Fi when not in use. 06
Segment the Application that matter,
system’s data for server. the network for authentication when not in use Use an allowlist or
content and impact network Level Filtering involves
sure functions. signs of Reboot regularly, Ensure the device is denylist of
the system resource. Switch from encoding data to
default to secure
compromise or
hide it from
especially for mobile connecting to the applications that may 04
an ongoing phones after using an correct network. Avoid use the device's 05 06 03 Cloud Security
configuration attack and raise
anyone who is
not authorized to
untrusted Wi-Fi. accessing personal Bluetooth. Update to the latest
an alarm if any For laptop devices, data, online shopping,
malicious activity
see it.
enable firewalls to or financial software
is detected. restrict inbound and transactions. Mobile Ransomware 06
outbound connections Ensure to disconnect Phishing Man-in-the-Middle
by applications. the public Wi-Fi and Utilize VPN
"forget" the access (MITM) Attacks
point.
Use HTTPS browsing
protocols. Mobile Device Management
07 08
09