# Essential Cybersecurity Knowledge for Developers (Part 5: 41–50)
Written on
Chapter 1: Introduction to Cybersecurity Concepts
In this series, we delve into 100 crucial cybersecurity concepts that are vital for developers aiming to create secure applications. To enhance readability, this information will be presented in several blog posts. The content here does not promote or encourage the misuse of these techniques.
For previous sections, please refer to the links below:
Chapter 2: Key Concepts
41. Backdoor
A backdoor is a technique used to circumvent the standard authentication protocols of a computer system, allowing unauthorized remote access to confidential information or the manipulation of data. This method is commonly linked to rootkits and trojan horses.
42. Fileless Malware
This malware type operates directly from a system's memory rather than residing in the file system. Fileless malware does not create files on the disk, remaining active until the memory is cleared or the system is rebooted. Examples include Kovter and Powelike, which manipulate the Windows registry.
43. Brute Force Attack
This technique involves systematically guessing a password by testing every possible character combination. As passwords grow longer, the time required to crack them increases exponentially.
44. Password Spraying
In this variant of brute force attacks, an attacker tries a common password across various usernames to avoid account lockouts that occur from repeated failed login attempts on a single account.
45. Dictionary Attack
This attack method attempts to break passwords by cycling through all words in a dictionary, including their variations. It represents a targeted form of brute force attack.
46. Salting
When storing passwords in a database, it is crucial that they are not kept in plaintext. Instead, they are hashed using a cryptographic one-way hash function. To enhance security, a random piece of data known as salt is added to the password before hashing. This process ensures that even if two users have the same password, their stored hashes will differ, providing an additional layer of security.
Example:
- User 1’s password: "password"
- User 1’s hash: 5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8
- User 2’s password: "password"
- User 2’s hash: 5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8 (in a non-salted database)
In a salted database, the hashes differ, preventing attackers from easily exploiting common passwords.
47. Peppering
Similar to salting, peppering involves adding a secret value called a pepper to a password before hashing. Unlike salt, which is stored in a database, a pepper must remain confidential and should not be stored alongside the hashed passwords.
48. Rainbow Table Attack
This method involves using precomputed tables of hashes for common passwords to crack password hashes. If an attacker gains access to a database, they may compare the hashes against their rainbow table, significantly speeding up the cracking process. Mitigations include using salting and peppering, multi-factor authentication, and OAuth 2.0.
49. Two-factor/Multi-factor Authentication (2FA/MFA)
This authentication method requires users to provide proof from two or more categories: something they know (password/PIN), something they possess (security token), their location, or inherent traits (biometrics).
50. Third-party Authenticator (TPA)
This is a third-party application that facilitates 2FA/MFA for users. It generates frequently changing random codes used for authentication. Examples include Google Authenticator, Microsoft Authenticator, and Authy.
In this video, "Ethical Hacking in 15 Hours - 2023 Edition - Learn to Hack! (Part 1)," viewers will discover foundational ethical hacking techniques and methodologies.
The video titled "Ethical Hacking in 12 Hours - Full Course - Learn to Hack!" provides a comprehensive overview of ethical hacking principles and practices.
Thank you for reading! Stay tuned for the next segment!