Unlock the full potential of your projects.
Show full map
Copy and edit map Copy

Trusler / Forsvar

Other
AP
Alex Pedersen
Get Started. It's Free
or sign up with your email address
Similar Mind Maps Mind Map Outline
Trusler / Forsvar by Mind Map: Trusler / Forsvar

1. Netværk Angreb

1.1. NNTP Angreb

1.2. Botnet

1.2.1. Denial of Service

1.2.1.1. Cloudflare (Tryk over mange servere)

1.2.1.2. Gør det svært at få fat i ens ip adresse

1.3. Man in the middle

1.3.1. DNSSEC

1.3.2. Certificate Pinning

1.3.3. Strong mutual authentication

1.3.3.1. Secret keys

1.3.3.2. Passwords

1.3.4. Latency examination

1.3.4.1. Cryptographyc Hash Functions

1.4. Session Hijacking

1.5. Packet Spoofing

1.6. Network Sniffers

1.7. Brute Force

1.7.1. Rainbow Tables

1.7.2. Password Conditionals

1.8. Evil Twins

2. Social Engineering Angreb

2.1. Dårlig IT infrastruktur

2.1.1. Uvidenhed / Menneskelige Fejl

2.1.1.1. Strong as the weakest link

2.1.1.2. Trådløs Dankort Terminaler

2.1.1.2.1. Stor radius i terminal kan nemt misbruges

2.1.1.2.2. Anti NFC tegnebog

2.1.1.3. Uddan personale

3. Web Angreb

3.1. URl Interpretation Attacks

3.2. Input Validation Attacks

3.2.1. Crosssite Scripts

3.2.1.1. Never insert untrusted data except in allowed locations

3.2.1.2. HTML Escape before inserting untrusted data into HTML content

3.2.1.3. Attribute Escape Before inserting untrusted data into HTML common attributes

3.2.1.4. Javascript Escapes before inserting untrusted data into javascript data values

3.2.1.5. HTML escape JSON values in an HTML context and read the data with JSON.parse

3.2.1.6. CSS Escape and strictly validate before inserting untrusted data into HTML style property values

3.2.1.7. URL escape before inserting untrusted data into HTML url parameter values

3.2.1.8. Sanitize HTML markup with a library designed for the job

3.2.1.9. Prevent DOM-based XSS

3.2.1.10. use HTTPOnly cookie flag

3.2.1.11. Implement content security Policy

3.2.1.12. Use an Auto-Escaping Template System

3.2.1.13. Use the X-XSS Protection response header

3.3. SQL Injection Attacks

3.3.1. SQL injections

3.3.1.1. Primary Defenses

3.3.1.1.1. Parameterized Queries

3.3.1.1.2. Escaping all user

3.3.1.1.3. Use of stored statements supplied input

3.3.1.2. Additional Defenses

3.3.1.2.1. Least privilege

3.3.1.2.2. While list input validation

3.3.2. SQL query poisoning

3.4. Impersonation Attacks

3.5. Buffer Overflow Attacks

4. Phising Angreb

4.1. Virus

4.1.1. Worms

4.1.1.1. Antivirus

4.1.1.2. Antimalware

4.1.2. Trojans

4.2. Keylogger

4.2.1. Altid hav antivirus som checker for keyloggers

4.3. Spear Phishing

4.3.1. Firewalls

4.3.2. Antimalware

4.3.3. Spam filtre

4.3.4. Personale Udannelse

4.4. Clone Phishing

4.5. Whaling

4.5.1. lol

4.6. Link Manipulation

4.6.1. Fishing Mails

4.6.1.1. Smarte Spamfiltre

4.6.1.2. Database over ondskabsfulde emails

4.7. Filter Evasion

4.7.1. Lav et godt nok filter

4.8. Website Forgery

4.8.1. Læg mærke til urls, hjemmeside opbygning og certifikater.

4.9. Coverty Redirect

4.9.1. Vent på at teknologien bliver opdateret med en løsning

4.10. Phone Phishing

4.10.1. Lad vær med at svar telefonen

4.11. Tabnabbing