Template injection is a security vulnerability that happens when user input is not properly filtered and is passed directly into a template engine. This allows attackers to inject and execute malicious code within the template, potentially exposing sensitive data or gaining unauthorised access. It often occurs in web applications that use server-side templates to generate…
Red Teaming is a process where a group is assigned to challenge an organisation’s plans, systems or defences by thinking and acting like an adversary. The aim is to find weaknesses, vulnerabilities or blind spots that might be missed by the original team. This method helps organisations prepare for real threats by testing their assumptions…
Injection mitigation refers to the techniques and strategies used to prevent attackers from inserting malicious code or data into computer systems, especially through user inputs. These attacks, often called injection attacks, can cause systems to behave in unintended ways, leak data, or become compromised. Common types of injection include SQL injection, command injection, and cross-site…
Application hardening techniques are methods used to strengthen software against attacks or unauthorised changes. These techniques make it more difficult for hackers to exploit weaknesses by adding extra layers of security or removing unnecessary features. Common techniques include code obfuscation, limiting user permissions, and regularly updating software to fix vulnerabilities.
Adversarial example defence refers to techniques and methods used to protect machine learning models from being tricked by deliberately altered inputs. These altered inputs, called adversarial examples, are designed to look normal to humans but cause the model to make mistakes. Defences help ensure the model remains accurate and reliable even when faced with such…
An adversarial defence strategy is a set of methods used to protect machine learning models from attacks that try to trick them with misleading or purposely altered data. These attacks, known as adversarial attacks, can cause models to make incorrect decisions, which can be risky in important applications like security or healthcare. The goal of…
Deceptive security traps are security measures designed to mislead attackers and detect unauthorised activity. These traps often mimic real systems, files, or data to attract attackers and study their behaviour. By interacting with these traps, attackers reveal their methods and intentions, allowing defenders to respond more effectively.
Economic attack vectors are strategies or methods used to exploit weaknesses in financial systems, markets, or digital economies for personal gain or to disrupt operations. These weaknesses may involve manipulating prices, taking advantage of incentives, or exploiting system rules to extract unearned benefits. Attackers can impact anything from cryptocurrency networks to online marketplaces, causing financial…
BGP hijacking mitigation refers to the set of methods and practices used to prevent or reduce the risk of unauthorised redirection of internet traffic through the Border Gateway Protocol (BGP). BGP hijacking can allow attackers to reroute, intercept, or block data by falsely announcing ownership of IP address ranges. Mitigation techniques include route filtering, route…
Cross-Site Request Forgery (CSRF) tokens are security features used to protect websites from unauthorised actions performed by malicious sites or scripts. They work by embedding a secret, unique token within each form or request sent by the user. When the server receives a request, it checks for a valid token, ensuring the action was genuinely…