Security - list of most popular online security attacks and protection against cyber attacks (apps, websites, phone)

NOTE: this is blog post, do not edit me this post. Thank you.

So, this is post about online security attacks. 

This post is part in English and Polish.

• Web application security
• Application security

Shortcuts:

• MFA - Multi-factor authentication
• 2FA - Two-factor authentication
• FIDO - Fast IDentity Online
• OTP - One-time password
• TOTP - Time-based One-time Password
• HOTP - HMAC-based One-Time Password
• HMAC - hash-based message authentication codes

Articles:

• MFA - Multi-factor authentication
• What Is Two-Factor Authentication (2FA)?
• Time-based One-time Password (TOTP)
• One-time password (OTP)
• HMAC-based One-Time Password
• FIDO2 Project
• FIDO Alliance

Posts:

• Logowanie do konta Google: można używać iPhone jako sprzętowego klucza 2FA

Apps:

• Google Authenticator
• 2FAS
• Microsoft Authenticator

• YubiKey
• Google Titan Security Key
• Yubikey vs Google Titan Security Key
• Inside Yubikey 5 Neo
• Inside Google Titan/Feitian Key

YubiKey

• You Should Be Using Yubikeys!
• How to secure your GMAIL account like a pro | YubiKey Tutorial
• Lockdown Your Accounts! Best 2FA or MFA FIDO U2F Security Keys
• Jak używać YubiKey? Co to jest 2FA/U2F/FIDO2?
• Yubikey 5C NFC Review! // The BEST Hardware Security Key?!
• [Explained] Yubikey 5.0 - How to use a Yubikey & LastPass to Secure all your online Accounts!

Google Titan Security Key

• Google's Titan Security Key Explained

• Password manager
• List of password managers

Apps:

• 1Password
• Bitwarden - free and open-source
• KeePass - free
• LastPass

KeePass

• unofficial mirror of the official KeePass2.x source code
• keepass website
• KeePassX - KeePassX started as a Linux port of KeePass

Hacking passwords

• How Easy It Is To Crack Your Password, With Kevin Mitnick

• Kevin Mitnick
• Kevin Poulsen
• List of computer criminals

Articles

• Security hacker
• White hat
• Grey hat
• Black hat
• List of data breaches
• Data breach

Security conference

• DEF CON - wikipedia
• DEF CON - youtube
• Black Hat Briefings - wikipedia
• Black Hat Briefings - youtube

• Antivirus software
• Avast
• Kaspersky Anti-Virus

• Phishing
• Social engineering
• What is social engineering

• SIM swap scam (SIM swapping)
• In 2019, Twitter CEO Jack Dorsey's Twitter account was hacked via this method - source
• Jak działa kradzież karty SIM? Co to jest SIM swap?
• SIM Card Swapping Scams | NBC 6
• Digital Defense: How to Protect Against SIM Card Hijacking (08/23/18)
• Sim fraud: how scammers can steal your Sim card and hack your bank accounts - Which?

SIM Card Swapping Scams | NBC 6

Time in video: 00:36

Cell phone suddenly shows no service I freaked out. One minute robbed Ross's investment accounts added up to a million dollars, the next zero I was devastated, I mean I don't have it, was about 90% of my net worth Ross worked at Apple in the early days. He started saving 30 years ago, but in a matter of minutes hackers recently stole his retirement.

According to the security vendor Cenzic, the top vulnerabilities in March 2012 include:

• 37%    Cross-site scripting
• 16%    SQL injection
• 5%    Path disclosure
• 5%    Denial-of-service attack
• 4%    Arbitrary code execution
• 4%    Memory corruption
• 4%    Cross-site request forgery
• 3%    Data breach (information disclosure)
• 3%    Arbitrary file inclusion
• 2%    Local file inclusion
• 1%    Remote file inclusion
• 1%    Buffer overflow
• 15%    Other, including code injection (PHP/JavaScript), etc.

Source: Web application security

According to the OWASP Top 10 - 2017, the ten most critical web application security risks include:

1. Injection
2. Broken authentication
3. Sensitive data exposure
4. XML external entities (XXE)
5. Broken access control
6. Security misconfiguration
7. Cross-site scripting (XSS)
8. Insecure deserialization
9. Using components with known vulnerabilities
10. Insufficient logging and monitoring

Source: Web application security