- Confidentiality:- sensitive information is only disclosed to authorized parties
- Integrity:- prevent unauthorized modification of data.
- Availability:-guarantee the data can be accessed authorized parties when requested
Many of us know what CIA is, but if someone ask you about DAD. ?
- D- Disclosure
- A- Alteration
- D- Destruction
The opposite for Confidentiality is Disclosure, Integrity is Alteration and Availability is Destruction.
- Asset:- Any Important information about the organization like Computers, servers, data, documents etc.
- Risk:-Probability of something happening or occurrence.
Risk= Probability * Threat * Vulnerability or
Risk = likelihood * Impact
- Threat: -a person or thing likely to cause damage or danger.
- Payload:-the actual information or message in transmitted data.
- Exploit: a software tool designed to take advantage of a flaw in a computer system, typically for malicious purposes such as installing malware.
Difference between Hacking & Ethical Hacking:
- Hacking means to illegally access other people’s computer systems in order to destroy, disrupt or carry out something illegal.
- Ethical Hacking is an Authorized way of Hacking
Black Box, Grey Box, and White Box Testing:
Black box testing
A system without having specific knowledge to the internal workings of the system, no access to the source code, and no knowledge of architecture. In this, You have nothing just a single domain to hack into the full organization.
White box testing
A system with full knowledge and access to all source code and architecture documents. In this, you have full knowledge of network infrastructure etc. to perform security testing.
Gray box testing
A system while having at least some knowledge of the internals of a system like user’s credentials, number of network devices, number of pages in an application etc.