Top 10 List of Week 02

1. Tiger Team
   A team of social engineers in one episode of Tiger Team show how they use a bag of trash to find valuable details about their target. In the trash they found the name of the tech support team. Then, they where able to send in a team member to act as a support employee and was given full access to their servers.

2. Cryptography
   Cryptography provides for secure communication in the presence of malicious third-parties—known as adversaries. Encryption uses an algorithm and a key to transform an input (i.e., plaintext) into an encrypted output (i.e., ciphertext). A given algorithm will always transform the same plaintext into the same ciphertext if the same key is used.

3. GnuPG Manual
   GnuPG is a tool for secure communication. This chapter is a quick-start guide that covers the core functionality of GnuPG. This includes keypair creation, exchanging and verifying keys, encrypting and decrypting documents, and authenticating documents with digital signatures.

4. Introduction to Web Security
   A short introduction on why people hack into systems and how they do it.

5. Injection
   Injection can result in data loss, corruption, or disclosure to unauthorized parties, loss of accountability, or denial of access. Injection can sometimes lead to complete host takeover.

6. Cross-Site Scripting (XSS)
   XSS flaws occur whenever an application includes untrusted data in a new web page without proper validation or escaping, or updates an existing web page with user-supplied data using a browser API that can create HTML or JavaScript. XSS allows attackers to execute scripts in the victim’s browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites.

7. Eavesdropping
   Eavesdropping attacks are made possible when a connection between two endpoints (think a client and server) is weak or not secure. Insecure network connections exist when encryption isn’t used, when applications or devices aren’t up to date, or when malware is present.

8. Masquerade Attack
   Masquerade attack consists of a person imitating someone else’s identity and using legitimate sources to carry out cyber crimes in the victim’s name. This type of attack is primarily used for gaining unauthorized access to the victim’s systems or organization’s networks.

9. Phishing
   Phishing is one of the easiest forms of cyberattack for criminals to carry out, and one of the easiest to fall for. It’s also one that can provide everything hackers need to ransack their targets’ personal and work accounts.

10. Top 10 Web Application Security Risks
    The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications.