Depending on what color hat you wear, here are the top cyberthreats that most companies face, according to research.
5. Cross Site Scripting or XSS
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.
A great tutorial website on using XSS for the n00bs can be found here.
The OWASP (Open Web Application Security Project) has an XSS Prevention sheet found here.
4. SQL Injection
SQL injection is a code injection technique, used to attack data-driven applications, in which nefarious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).
A tutorial on performing SQL Injection can be found here.
To prevent SQL Injection on your web based applications or websites can be found here.
3. Social Engineering
Simply put, the application of sociological principles to specific social problems. Principles such as fear, confidence, authority… All behavioral characteristics that can be exploited through a multitude of attacks.
Everyone is susceptible to social engineering attacks, from the most advanced IT Administrators, to CEOs, to the janitorial staff. Attacks come in through fake websites, phishing attacks, plain old mail, phone calls, and impersonation.
Learning how social engineering attacks are performed are both the attack and the defense. Here is a website regarding both.
2. APT
An advanced persistent threat (APT) is a network attack in which an unauthorized person gains access to a network and stays there undetected for a long period of time. The intention of an APT attack is to steal data rather than to cause damage to the network or organization.
Thoroughly covering the basics of information security is the best way to combat casual APT, adding second and third layers of defense (defense in depth) help protect and give intelligence to guardians of the data, as you can read here.
1. Insider Threats
An insider threat is a malicious threat to an organization that comes from people within the organization, such as employees, former employees, contractors or business associates, who have inside information concerning the organization’s security practices, data and computer systems.
Here is a fantastic write up on personnel risk/security assessments and something that really intrigues me to further dive into.
