It has been said, that when most IT professionals talk about cybersecurity, they are really talking only about network security, and even then they are only talking about network encryption. The human element of cybersecurity aside, the weakest link in the cybersecurity chain is not network encryption, but rather is software security. Roughly speaking, software security means finding and remediating bugs and flaws in the software applications that run on the machines that make up Internet and other systems. Web servers, spreadsheets, browsers, messaging apps, and so forth, are typically what malicious hackers use to break into your computer and steal (or take hostage) your information. Bugs relate to software implementation, and flaws relate to software design. We must pay careful attention to both (alongside human and organizational factors, as well as hardware and cryptographic security), because the frequency and damage caused by cyberattacks continues to escalate.
'Hardware is fast, but hard to change. It is very efficient, but it is also very rigidly defined. This is a disadvantage to evolution, but is an advantage to security. Hardware cannot be easily exploited or changed by an attack. In contrast, software is malleable and easily changed. This quality is advantageous to core functionality, but is harmful to security as well as performance...' "Last minute changes to design -- and future improvements -- are easily accommodated. But this malleability creates a broader surface for attack."
- Michael Hicks, University of Maryland, College Park
Legacy Programming Languages
Vulnerable C Functions
The New Generation of Programming Languages
Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety. Featuring: zero-cost abstractions, move semantics, guaranteed memory safety, threads without data races, trait-based generics, pattern matching, type inference, minimal runtime, and efficient C bindings.
It is faster to say World Wide Web than it is to say WWW
"This document specifies Version 1.2 of the Transport Layer Security (TLS) protocol. The TLS protocol provides communications security over the Internet. The protocol allows client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery."
"This guide provides information and instructions to get you started with Metasploit Community. The following sections describe the audience, organization, and conventions used within this guide.... This guide is for IT and security professionals who use Metasploit Community as a penetration testing solution."
"Malwarebytes protects you against malware, ransomware, and other advanced online threats that have made antivirus obsolete and ineffective."
"Ransomware is malware that locks your computer and mobile devices or encrypts your electronic files. When this happens, you can’t get to the data unless you pay a ransom. However this is not guaranteed and you should never pay!.. Nevertheless, it is sometimes possible to help infected users to regain access to their encrypted files or locked systems, without having to pay. We have created a repository of keys and applications that can decrypt data locked by different types of ransomware."
"An increasing number of complex attacks demand improved early warning detection capabilities for CERTs. By having threat intelligence collected without any impact on production infrastructure, CERTs can better defend their constituencies assets. Honeypots are powerful tools that can be used to achieve this goal. This document is the final report of the ‘Proactive Detection of Security Incidents: Honeypots’ study."