• OWASP identification and authentication failures (noun)
    May 20 2025
    Please enjoy this encore of Word Notes. Ineffectual confirmation of a user's identity or authentication in session management. CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/owasp-identification-and-authentication-failure⁠ Audio reference link: “⁠Mr. Robot Hack - Password Cracking - Episode 1⁠.” YouTube Video. YouTube, September 21, 2016. Learn more about your ad choices. Visit megaphone.fm/adchoices
    Show More Show Less
    6 mins
  • Log4j vulnerability (noun)
    May 13 2025
    Please enjoy this encore of Word Notes. An open source Java-based software tool available from the Apache Software Foundation designed to log security and performance information. CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/log4j⁠ Audio reference link: “⁠CISA Director: The LOG4J Security Flaw Is the ‘Most Serious’ She’s Seen in Her Career⁠,” by Eamon Javers (CNBC) and Jen Easterly (Cybersecurity and Infrastructure Security Director) YouTube, 20 December 20 2021. Learn more about your ad choices. Visit megaphone.fm/adchoices
    Show More Show Less
    9 mins
  • OWASP broken access control (noun)
    May 6 2025
    Please enjoy this encore of Word Notes. Software users are allowed access to data or functionality contrary to the defined zero trust policy by bypassing or manipulating the installed security controls. Learn more about your ad choices. Visit megaphone.fm/adchoices
    Show More Show Less
    8 mins
  • OWASP security misconfiguration (noun)
    Apr 29 2025
    Please enjoy this encore of Word Notes. The state of a web application when it's vulnerable to attack due to an insecure configuration. CyberWire Glossary link: ⁠⁠https://thecyberwire.com/glossary/owasp-security-misconfiguration⁠⁠ Audio reference link: ⁠⁠“What Is the Elvish Word for Friend?”⁠⁠ Quora, 2021. Learn more about your ad choices. Visit megaphone.fm/adchoices
    Show More Show Less
    7 mins
  • OWASP insecure design (noun)
    Apr 22 2025
    Please enjoy this encore episode of Word Notes. A broad OWASP Top 10 software development category representing missing, ineffective, or unforeseen security measures. CyberWire Glossary link: https://thecyberwire.com/glossary/owasp-insecure-design Audio reference link: “Oceans Eleven Problem Constraints Assumptions.” by Steve Jones, YouTube, 4 November 2015. Learn more about your ad choices. Visit megaphone.fm/adchoices
    Show More Show Less
    8 mins
  • OWASP injection (noun)
    Apr 15 2025
    Please enjoy this encore of Word Notes. A broad class of attack vectors, where an attacker supplies input to an applications command interpreter that results in unanticipated functionality. CyberWire Glossary link: https://thecyberwire.com/glossary/owasp-injection Audio reference link: “APPSEC Cali 2018 - Taking on the King: Killing Injection Vulnerabilities” YouTube Video. YouTube, March 19, 2018. Learn more about your ad choices. Visit megaphone.fm/adchoices
    Show More Show Less
    7 mins
  • OWASP cryptographic failures (noun)
    Apr 8 2025
    Please enjoy this encore of Word Notes. Code that fails to protect sensitive information. CyberWire Glossary link: https://thecyberwire.com/glossary/owasp-cryptographic-failure Audio reference link: Vandana Verma. “OWASP Spotlight - Project 10 - Top10.” YouTube Video. YouTube, January 4, 2021. Learn more about your ad choices. Visit megaphone.fm/adchoices
    Show More Show Less
    7 mins
  • account takeover prevention (noun)
    Apr 1 2025
    Enjoy this encore of Word Notes. The prevention of the first part of an intrusion kill chain model exploitation technique, where the hacker steals valid logging credentials from a targeted victim. CyberWire Glossary link: https://thecyberwire.com/glossary/account-takeover-prevention Learn more about your ad choices. Visit megaphone.fm/adchoices
    Show More Show Less
    6 mins