Explanation:Authentication is the process of verifying the identity of a user, device, or entity before granting access to a system or resource. It ensures that only legitimate users can access sensitive data or services. Authentication methods include passwords, biometrics, and multi-factor authentication (MFA). The strength of the authentication process directly impacts the security of digital…
Explanation:Two-Factor Authentication (2FA) is a security measure that requires users to provide two forms of verification to access a system or service. Typically, 2FA combines something the user knows (like a password) with something they have (like a smartphone or OTP) or something they are (like a fingerprint). 2FA provides an additional layer of security,…
Explanation:A cryptographic hash function is a mathematical algorithm that takes an input and produces a fixed-size string, typically a hash value or message digest. These functions are deterministic, meaning the same input will always produce the same output. They are used in data integrity checks, digital signatures, and password storage. Properties such as collision resistance,…
Explanation:Cross-Site Scripting (XSS) is a security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users. The injected script runs in the context of the user’s browser and can steal cookies, session tokens, or sensitive information or redirect users to malicious sites. XSS attacks are classified into three types: stored,…
Explanation:SQL Injection (SQLi) is a web security vulnerability that allows attackers to interfere with the queries a web application makes to its database. By injecting malicious SQL code into input fields, attackers can gain unauthorized access to database information, such as user credentials, financial data, and sensitive company records. SQL injection attacks often occur when…
A Man-in-the-Middle (MITM) attack is a form of cyberattack where an attacker secretly intercepts and manipulates communication between two parties without their knowledge. In a typical MITM scenario, the attacker positions themselves between a user and a legitimate service. They can eavesdrop on sensitive data exchanges or inject malicious content into the communication. MITM attacks…
Explanation:A Distributed Denial of Service (DDoS) attack is a malicious attempt to disrupt the normal functioning of a targeted server, service, or network by overwhelming it with a flood of internet traffic. DDoS attacks are executed using multiple compromised devices, forming a botnet. These devices, often without the owners’ knowledge, generate large volumes of traffic…
Explanation:Ransomware is a type of malware that encrypts a victimโs data or locks them out of their systems until a ransom is paid to the attacker. Once a system is infected, files are rendered inaccessible, and victims are typically presented with a ransom demand, often in cryptocurrency. Notorious ransomware strains include WannaCry, LockBit, and REvil.…
Explanation:Spoofing is a cyberattack where a malicious actor disguises their identity by falsifying data, such as email addresses, IP addresses, or websites, to deceive targets. Email spoofing involves sending fraudulent emails from forged addresses, while IP spoofing conceals the attackerโs location by falsifying the source IP. Website spoofing mimics legitimate sites to steal user credentials.…