Become a Security Expert With Security Flashcards

Application and Machine Learning Vulnerabilities as Flashcards

Due to the dramatically increasing number of cyber security threats, security has become a top priority for many companies and even for people operating only small websites. Unfortunately, due to their countless variants and the constantly and rapidly changing threat landscape keeping track with the latest developments is almost impossible.

As a result, attackers are permanently one step ahead. Attacks are getting smarter, more sophisticated and better organized. Due to that data breaches, phishing and social engineering attacks, denial of service attacks, website defacement, malware and ransomware attacks — just to mention just a few — are reported almost on a daily basis. Very lately we can also see an ever increasing number of successful supply chain attacks.

If a company becomes the victim of a successful attack, this could have a significant impact on its business. It might happen that customers won’t trust the company anymore and that they will move to its competitors. If this happens, most likely it will become rather challenging to recover from this (it might be even impossible) as it’s very easy to loose trust but very difficult to build trust.

Hence, considering security especially during development and the operation of web services is getting more and more important. In the past security was something that was done after software was written and deployed. But this changed recently with the shift left paradigm that is part of the DevSecOps approach. Here security is integrated earlier in the software development process. Instead of doing a penetration test after the software was deployed, security activities are done during the development and some security activities (such as threat modeling) are done even before code is written.

Security activities are also done more regularly. For instance, if software is changed the threat model is updated, static application security testing is performed automatically for each commit, dynamic application security testing is automatically done when the software is deployed in a QA environment and so on. All these activities help to reduce the number of security vulnerabilities before a software is deployed in the live environment and — also important — when it’s inexpensive to fix them.

Learning With Security Flashcards

Although many security activities can also be performed automatically, the human remains the most critical part of the whole pipeline but is often also the weakest link. As the overall security of a system is just as secure as its weakest link, humans need to be trained on security.

This can be achieved with Security Flashcards.

What Are Flashcards?

Flashcards are a very popular way to learn and — in particular — to not forget the content you’ve learned through regular testing. Each flashcard has a question on one side and the answer to that question on the other side. Typically, testing with flashcards is done via spaced repetition. Here, cards that are new or that are hard to memorize will show up more often, while older cards and cards that are easy to answer will show up less often. In various studies research has shown that this form of learning, i.e. testing and spaced repetition, is one of the most effective learning strategies.

What are Security Flashcards?

Security Flashcards are flashcards that cover application and machine learning security weaknesses. The card deck is extended regularly with new weaknesses and once you got your copy of the card deck you will receive updates for free and forever.

Application Weaknesses

For instance, the card deck contains flashcards about application weaknesses such as SQL injection, open redirect, insecure direct object reference (IDOR), insecure deserialization, path traversal, HTTP verb tampering, cross-site-scripting, improper input validation, cross-site request forgery and so on. See an example below.

Application Vulnerabilities: here command injection

Machine Learning Weaknesses

Furthermore, flashcards about machine learning weaknesses are also part of the deck. The flashcards cover data poisoning (can be exploited to reduce the accuracy of a model or to inject a backdoor), model extraction attacks (steal the parameters of a model), membership inference (verify whether or not a data set was part of the training data) and model inversion attacks (recover training data from the model). See an example below.

Machine Learning Vulnerabilities: here model inversion attack

The best about Security Flashcards is: learning with them is fun. All cards have visualizations that keep you constantly smiling while your learning.

Have you become curious? Security Flashcards are available at https://security-flashcards.com.

--

--

--

Dev-Sec-ML — https://twitter.com/_etzold — Creator of Security Flashcards https://security-flashcards.com

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

KEL Token Buyback and Burn: May 2021

{UPDATE} Ball Road Jump Hack Free Resources Generator

Protect Your Privacy Online: Eight Tips

ScarCruft APT Malware Uses Image Steganography

XT Will List CRB

Spotlight On Dreams Quest Allies: Sebastien Borget of The Sandbox

Encryption toolkit for media makers: An introduction

XT Will Hold BITCI Trading Competition

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Daniel Etzold

Daniel Etzold

Dev-Sec-ML — https://twitter.com/_etzold — Creator of Security Flashcards https://security-flashcards.com

More from Medium

What’s Lurking In Your Dark Data?

HackerU Cyber Security Red Team Specialist Course Review.

Data Science meets Cyber Security

[EN] TryHackMe 25 Days of Cyber Security: Day 7 Walkthrough