A
AiTechWorlds
AiTechWorlds
Essential cybersecurity concepts β threats, defense, encryption, and safe online practices.
| Principle | Meaning | Example |
|---|---|---|
| Confidentiality | Only authorized users access data | Encryption, access control |
| Integrity | Data isn't modified without authorization | Hashing, digital signatures |
| Availability | Systems are accessible when needed | Redundancy, DDoS protection |
| Type | Description |
|---|---|
| Virus | Attaches to files, spreads on execution |
| Worm | Self-replicating, spreads via network |
| Trojan | Disguised as legitimate software |
| Ransomware | Encrypts files, demands payment |
| Spyware | Secretly monitors user activity |
| Adware | Displays unwanted ads |
| Rootkit | Hides malware in OS |
| Botnet | Network of infected "zombie" computers |
Minimum 12 characters
Mix of: uppercase, lowercase, numbers, symbols
No dictionary words or personal info
Unique for each account
Good: Tr!p1e@Sec#ure2024!
Better: Use a password manager
Best: Passkey (biometric authentication)| Factor Type | Examples |
|---|---|
| Something you know | Password, PIN |
| Something you have | Phone app, hardware key (YubiKey) |
| Something you are | Fingerprint, face ID |
Always enable MFA on: email, banking, cloud accounts, social media
Symmetric Encryption (same key for encrypt/decrypt):
- AES-256 β current gold standard for data at rest
- Used for: file encryption, disk encryption, databases
Asymmetric Encryption (public/private key pair):
- RSA-2048, RSA-4096, Ed25519
- Used for: HTTPS, email signing, SSH, key exchange
Hashing (one-way, fixed length):
- SHA-256, SHA-3 β for data integrity checks
- bcrypt, Argon2 β for password storage (slow by design)
AVOID (outdated/broken):
- MD5, SHA-1, DES, RC4HTTP β plaintext, visible to anyone on network
HTTPS β encrypted with TLS (Transport Layer Security)
How to check:
- Look for lock icon in browser
- URL starts with https://
- Certificate shows correct domain| Rank | Vulnerability | Example |
|---|---|---|
| 1 | Broken Access Control | Accessing admin pages without auth |
| 2 | Cryptographic Failures | Storing passwords as plain text |
| 3 | Injection | SQL injection, command injection |
| 4 | Insecure Design | Missing rate limiting on login |
| 5 | Security Misconfiguration | Default credentials not changed |
| 6 | Vulnerable Components | Outdated libraries with CVEs |
| 7 | Auth Failures | Weak session tokens |
| 8 | Data Integrity Failures | Unsigned software updates |
| 9 | Security Logging Failures | No audit trail |
| 10 | SSRF | Fetching internal resources via URL |
-- VULNERABLE (never do this)
query = "SELECT * FROM users WHERE name = '" + input + "'"
-- SAFE: Use parameterized queries
SELECT * FROM users WHERE name = ?
-- Pass input as separate parameter, not concatenated// VULNERABLE β injects HTML/JS
element.innerHTML = userInput;
// SAFE β treats as plain text
element.textContent = userInput;
// Or sanitize: DOMPurify.sanitize(userInput)A VPN encrypts your internet traffic and hides your IP address.
# Nmap β discover hosts and open ports
nmap -sV 192.168.1.0/24 # scan local network
nmap -A target.com # aggressive scan (authorized only!)
# IMPORTANT: Always get written permission before scanning networks1. IDENTIFY β Detect and confirm the security incident
2. CONTAIN β Isolate affected systems to prevent spread
3. ERADICATE β Remove malware, close attack vectors
4. RECOVER β Restore systems from clean backups
5. LESSONS β Document what happened and how to prevent recurrence| Role | Focus | Key Certification |
|---|---|---|
| SOC Analyst | Monitor alerts and respond to incidents | CompTIA Security+ |
| Penetration Tester | Ethical hacking, find vulnerabilities | OSCP, CEH |
| Cloud Security Engineer | Secure cloud infrastructure | AWS Security Specialty |
| AppSec Engineer | Secure software development | CSSLP |
| Incident Responder | Handle active security breaches | GCIH |
| CISO | Security leadership and strategy | CISSP, CISM |
Advertisement
Get more notes like this daily on Telegram!
Free study notes, cheat sheets & AI tips
Last reviewed on June 13, 2026 by the AiTechWorlds Notes Team. Free cheat sheet β no signup required.
Advertisement
Join AiTechWorlds on Telegram and get daily AI tips, prompt engineering templates, coding resources, and exclusive content β 100% free!
No spam. Leave anytime.