Oct 4, 2021
Become a Security Expert With Security Flashcards
Due to the dramatically increasing number of cyber security threats, security has become a top priority for many companies and even for people operating only small websites. Unfortunately, due to their countless variants and the constantly and rapidly changing threat landscape keeping track with the latest developments is almost impossible.
As a result, attackers are permanently one step ahead. Attacks are getting smarter, more sophisticated and better organized. Due to that data breaches, phishing and social engineering attacks, denial of service attacks, website defacement, malware and ransomware attacks — just to mention just a few — are reported almost on a daily basis. Very lately we can also see an ever increasing number of successful supply chain attacks.
If a company becomes the victim of a successful attack, this could have a significant impact on its business. It might happen that customers won’t trust the company anymore and that they will move to its competitors. If this happens, most likely it will become rather challenging to recover from this (it might be even impossible) as it’s very easy to loose trust but very difficult to build trust.
Hence, considering security especially during development and the operation of web services is getting more and more important. In the past security was something that was done after software was written and deployed. But this changed recently with the shift left paradigm that is part of the DevSecOps approach. Here security is integrated earlier in the software development process. Instead of doing a penetration test after the software was deployed, security activities are done during the development and some security activities (such as threat modeling) are done even before code is written.
Security activities are also done more regularly. For instance, if software is changed the threat model is updated, static application security testing is performed automatically for each commit, dynamic application security testing is automatically done when the software is deployed in a QA environment and so on. All these activities help to reduce the number of security vulnerabilities before a software is deployed in the live environment and — also important — when it’s inexpensive to fix them.
Learning With Security Flashcards
Although many security activities can also be performed automatically, the human remains the most critical part of the whole pipeline but is often also the weakest link. As the overall security of a system is just as secure as its weakest link, humans need to be trained on security.
This can be achieved with Security Flashcards.
What Are Flashcards?
Flashcards are a very popular way to learn and — in particular — to not forget the content you’ve learned through regular testing. Each flashcard has a question on one side and the answer to that question on the other side. Typically, testing with flashcards is done via spaced repetition. Here, cards that are new or that are hard to memorize will show up more often, while older cards and cards that are easy to answer will show up less often. In various studies research has shown that this form of learning, i.e. testing and spaced repetition, is one of the most effective learning strategies.
What are Security Flashcards?
Security Flashcards are flashcards that cover application and machine learning security weaknesses. The card deck is extended regularly with new weaknesses and once you got your copy of the card deck you will receive updates for free and forever.
Application Weaknesses
For instance, the card deck contains flashcards about application weaknesses such as SQL injection, open redirect, insecure direct object reference (IDOR), insecure deserialization, path traversal, HTTP verb tampering, cross-site-scripting, improper input validation, cross-site request forgery and so on. See an example below.
Machine Learning Weaknesses
Furthermore, flashcards about machine learning weaknesses are also part of the deck. The flashcards cover data poisoning (can be exploited to reduce the accuracy of a model or to inject a backdoor), model extraction attacks (steal the parameters of a model), membership inference (verify whether or not a data set was part of the training data) and model inversion attacks (recover training data from the model). See an example below.
The best about Security Flashcards is: learning with them is fun. All cards have visualizations that keep you constantly smiling while your learning.
Have you become curious? Security Flashcards are available at https://security-flashcards.com.
