Page 215 - Hands-On Bug Hunting for Penetration Testers
P. 215
Going Further Chapter 13
Udemy Penetration Testing Classes
Udemy (IUUQT XXX VEFNZ DPN UPQJD QFOFUSBUJPO UFTUJOH ) is by far the most
affordable option we've covered for the individual, independent researcher. With specific
courses flavored by the focus on your programming language (Create Your Own Hacking
Tools in Python) or tool (Learning Hacking Using Android From Scratch), there are different
options for whatever direction you're looking at to deepen your skills.
Terminology
There's no shortage of jargon in security. Independent researchers, black hats, corporate red
teams, and military agencies all have their own cultures, slang, and preferred technical
nomenclature. We'll try and define as many essential terms as possible, so that this can be a
clear reference whenever you come across a term or usage you don't recognize. Keep in
mind that this dictionary is only for security-related terminology, and not general web or
software development jargon, except where it has direct bearing on a security issue.
Attack Scenario
An attack scenario is a detailed, technically-valid hypothetical scenario concerning the
damage a vulnerability could do if left unpatched and exploited in the service of a
malicious agent. Writing compelling attack scenarios is a critical part of ensuring you get
rewarded for a vulnerability.
Attack Surface
An application's attack surface is the sum of all of the points in which data is either inserted
into or taken out of the application. Each part of the attack surface is an opportunity for a
hacker to compromise a part of your application. The larger your app's attack surface, the
more work you have to do to secure your app, and the more difficult it will be. Keeping
your attack surface no larger than it absolutely needs to be is a great way to strengthen
your security posture.
[ 200 ]
