Welcome!

An intro to the blog, and an overview of what’s to come.

Welcome to the Zero Day Report, where we will break down complex concepts in the field of cyber security in a way that anyone can understand. In a world where new cyber-attacks evolve faster than ever before, understanding the basics of securing both your personal data and your systems is not just for software engineers, large companies, and IT professionals anymore, it is for you and me now! Whether you are securing your personal devices, protecting your business, or just curious how hackers think and act, this blog is designed to be your one-stop shop to empower you with cybersecurity knowledge. Let’s dive into a preview of the essentials that we are going to cover, one blog post at a time:

Password Security

A good cybersecurity posture always starts with strong passwords! No matter how sophisticated the safeguards on a website, application, or even your personal devices may be, none of this will matter if you do not choose strong, unique passwords. Once an attacker takes control of your account using a compromised password, they can steal all your data, including any sensitive personal and financial information you may have. Even worse, if you use that same password across multiple websites and accounts, once an attacker compromises the first account, the rest are easily fair game! Prioritizing strong and unique passwords is essential to protecting your digital presence.

Photo by Volodymyr Kondriianenko on Unsplash

Two-Factor Authentication

When passwords fail, wouldn’t it be nice if there was a backup mechanism that would kick in and prevent attackers from taking control of your account? Luckily, there is: two-factor authentication. It is what it sounds like: require a second step for authentication in addition to the traditional username and password pair. This can be done through one-time codes sent through SMS messages, email links to log into a website, authentication apps on your mobile devices, and even bio-metric means of verification (i.e. fingerprint recognition, facial scanning)

Wi-Fi Safety and Security

Everyone loves the convenience of being connected to the internet wherever they go, including public places such as airports and coffee shops, but what about the attackers that could potentially be snooping? If you are using public WiFi networks without any built-in protection, you might find yourself on the receiving end of an attack. The attacker can sniff your internet connections and even steal vital personal information such as login credentials, credit card info, social security numbers, and more. And you likely would not know it until much later when they steal thousands of dollars from you or worse, your identity!

Virtual Private Networks (VPNs)

Now that we know the risks that come with using public WiFi networks, wouldn’t it be great if we had a way of making sure that ALL our internet traffic was encrypted? (Encrypted means scrambled in such a way so that no one except us can read it, no matter what websites we visit.) Enter VPNs, or Virtual Private Networks, which creates a secure, private connection just for you whenever you connect to the internet. Not only is all your traffic encrypted, but even your computer’s unique internet (or IP) address is totally protected from attackers, not to mention websites that may want to track you!

Understanding Browser Cookies

Have you ever been to a website and the very first thing it asks you is if you want to enable cookies or not? Well, what are these “cookies” anyway, and how do they track your activity as well as preferences for a website (and do they taste good)? And what are some security vulnerabilities that could arise from compromised or improperly managed browser cookies? We’ll take a deeper dive into this and make sure you have all the tools you need to make sure browser cookies serve your tastes, and not the cyber criminals!

Photo by Julissa Capdevilla on Unsplash

HTTP Security Headers

Digging deeper into the theme of website security from a more developer’s perspective, what are some of the common headers passed into internet requests to websites, and how exactly do those headers protect both users and websites? We’ll dive into the specific headers used by HTTP requests which are used to communicate with websites. We’ll also discuss how they protect both users and sites from different types of attacks, along with how to configure them properly in your own web applications as web developers.

Validating User Input

Continuing once more from the developer’s point of view, what is the number one cause of many application and website vulnerabilities today? Blindly trusting user input! As software designers and professionals, we cannot trust any input that does not come directly from our application, and you never know what kind of input attackers might decide to send our way. We’ll dive into some of the most common attacks caused by lack of input validation as well as how to properly sanitize any user input to prevent these types of attacks.

And much more…

This is not an exhaustive list of all the topics I plan to cover. I’ll be covering all these subjects and much more. Stay curious and keep an eye out for what’s next!

*Note: Some of these topics are approached from a more technical, software development perspective since this blog is designed for both software developers and ordinary users. Any blogs that are geared more towards developers will be clearly labeled.

***Disclaimer: The information provided in this blog is for educational purposes only. I am not responsible for any actions you take based on the content of any of these blog posts. Hacking websites, systems, or users without explicit permission is illegal and can result in severe criminal penalties. Always act responsibly and within the boundaries of the law.