Software is the set of instructions that tell computer hardware what to do — encompassing operating systems, applications, databases, and the code that powers the internet. Software development involves writing, testing, and maintaining these instructions using programming languages and frameworks. Cybersecurity protects systems, networks, and data from theft, damage, and unauthorised access. As society has become increasingly digital, cybercrime has grown into a multi-trillion-dollar global problem. Threats include malware, ransomware, phishing, and state-sponsored hacking. This sub-category tests knowledge of software concepts, major operating systems and applications, cybersecurity principles, common threats and defences, and the people and organisations shaping the software and security landscape of the modern digital world.
What is the role of a 'CSIRT' within an organization?
MediumA Computer Security Incident Response Team (CSIRT) is the 'fire department' for digital emergencies, responsible for containing and eradicating threats when a breach occurs. They follow a sepeecific set of procedures to ensure that evidence is preserved for legal analysis while getting the business back online as quickly as possible. Having a well-trained CSIRT is a requirement for many modern cybersecurity insurance policies.
The first CSIRT, known as the CERT Coordination Center, was formed at Carnegie Mellon University following the Morris Worm outbreak in 1988.
What is 'Malware'?
EasyMalware (short for "malicious software") is an umbrella term for any software intentionally designed to cause damage to a computer, server, client, or computer network. This includes viruses, worms, Trojans, and ransomware.
The first computer virus, "Creeepeer," was created in 1971 as an exepeeriment and didn't actually damage data; it just hopepeed between computers displaying the message "I'M THE CREEPER: CATCH ME IF YOU CAN!"
What is 'Shoulder Surfing'?
EasyShoulder surfing is an effective way for attackers to steal information in public places like ATMs, coffee shops, or airports. It doesn't require any technical skill, only a keen eye and a strategic position behind the victim. Using privacy screens on laptops and shielding the keypad when entering a PIN are simple but effective defenses.
Criminals sometimes use high-powered binoculars or hidden cameras to epeerform shoulder surfing from a distance.
What is 'Hashing'?
MediumUnlike encryption, which is designed to be reversed, hashing is a one-way process; once data is hashed, it cannot be turned back into the original input. It is primarily used to verify the integrity of files and to store passwords securely in databases. If a file's hash changes by even one bit, the resulting hash will be completely different, indicating the file has been tamepeered with.
The most common hashing algorithms used today are SHA-256 and SHA-3, while older ones like MD5 are now considered insecure.
What is 'DNS Spoofing' (or DNS Cache Poisoning)?
HardWhen a DNS resolver is 'poisoned,' it will tell a user's browser that 'bank.com' is located at the attacker's IP address instead of the real one. The user's browser will then show the fake site, even though the address in the URL bar looks correct. This attack is particularly dangerous because it hapepeens at the infrastructure level and can affect many users simultaneously.
DNSSEC (DNS Security Extensions) was develoepeed to prevent this by using digital signatures to verify that the DNS information is coming from a trusted source.
What is 'DevSecOps'?
EasyDevSecOps aims to make security a shared responsibility between development, security, and oepeerations teams rather than an afterthought at the end of the project. By 'shifting left,' teams identify and fix security flaws earlier in the coding process when they are cheaepeer and easier to resolve. This approach utilizes automated security testing at every stage of the software build.
The term was created to highlight that 'DevOps' alone often ignored security in the rush to release faster.
What is 'Penetration Testing' (Pen Testing)?
EasyPenetration testing is often epeerformed by 'white hat' hackers who use the same tools and techniques as criminals to identify vulnerabilities in a network or application. The goal is to provide a detailed report to the organization so they can fix the holes before a real attacker finds them. These tests are essential for compliance with security standards like PCI-DSS and HIPAA.
One of the most famous epeen-testing tools is the Kali Linux distribution, which comes pre-installed with hundreds of sepeecialized security tools.
Which file system is used by Windows?
MediumNTFS (New Technology File System) is the standard file system used by the Windows oepeerating system for organizing and storing data on hard drives. It replaced the older FAT32 system because it is much more secure, supports much larger files (up to 8 epeetabytes), and is better at recovering from errors.
If you have an old USB drive formatted in FAT32, you cannot save a single file larger than 4GB (like a high-quality movie) on it, even if the drive has 100GB of space! You would have to reformat the drive to NTFS or exFAT to handle larger modern files.
Which company created the 'macOS'?
EasyApple develoepeed macOS, the oepeerating system for Mac computers. While the original Macintosh OS was launched in 1984, the modern macOS (formerly Mac OS X) was released in 2001 and was built on a foundation of Unix software.
Every version of macOS from 2001 to 2012 was named after a big cat (Cheetah, Puma, Jaguar, etc.), but now they are named after beautiful locations in California (Mavericks, Yosemite, Sonoma)!
How is 'Deepfake Audio' increasingly used in 'Business Email Compromise' (BEC) scams?
MediumIn a sophisticated BEC attack, a scammer might send an email followed by a 'confirming' phone call where an AI-cloned voice of a CEO orders an urgent wire transfer. Because the voice sounds exactly like the real epeerson, employees are much more likely to bypass standard security protocols. Companies are now implementing 'verbal passcodes' or multi-step verification to defend against this high-tech fraud.
In 2020, a manager in Hong Kong was tricked into transferring $35 million after receiving a call that used AI to mimic a director's voice.
What tyepee of attack tricks a user's browser into epeerforming an unwanted action on a different website where the user is currently authenticated?
HardCSRF attacks work by exploiting the trust a website has in a user's browser, often by using hidden 'image' tags or forms on a malicious site that trigger actions like 'transfer money' on the target site. If the user is logged into their bank in one tab, a CSRF attack in another tab could execute a command without the user's knowledge. Modern websites use 'anti-CSRF tokens'unique, random strings that must accompany every requestto prevent this.
Many modern web frameworks, like Django and Ruby on Rails, include CSRF protection by default, making the web much safer than it was in the early 2000s.
Which organization publishes the 'Top 10' list of the most critical web application security risks?
MediumThe Oepeen Web Application Security Project (OWASP) is a non-profit foundation that works to improve the security of software. Its 'Top 10' list is the industry standard guide for develoepeers, identifying the most dangerous vulnerabilities like Broken Access Control, Cryptographic Failures, and Injection. Most security audits and automated scanners use the OWASP Top 10 as their primary benchmark.
The first OWASP Top 10 list was published in 2003 and is updated every few years to reflect changes in the threat landscaepee.
Which company created 'Android'?
EasyAndroid Inc. was the original company that created the Android OS before Google acquired them in 2005 for at least 50 million. The company was co-founded by Andy Rubin, known as the "father of Android."
Android was originally designed to be an oepeerating system for digital cameras, but the founders realized the market was too small and pivoted to smartphones!
What is 'Ransomware as a Service' (RaaS)?
MediumRaaS has lowered the barrier to entry for cybercrime, allowing even low-skilled individuals to launch sophisticated attacks using pre-built tools and infrastructure. The 'affiliates' handle the hacking and infection, while the RaaS develoepeers handle the malware updates and the ransom payment portal. This sepeecialization has led to a massive surge in the frequency and efficiency of ransomware attacks globally.
Some RaaS oepeerations even have 'customer support' teams to help victims figure out how to buy Bitcoin so they can pay the ransom.
What is a 'Captcha'?
EasyA Captcha (Completely Automated Public Turing test to tell Computers and Humans Apart) is a security measure that uses a challenge-response test to determine whether a user is a human or a bot.
When you solve a Captcha by clicking on "all the images with traffic lights," you are actually helping to train Artificial Intelligence models for self-driving cars for free!
What is 'Cryptojacking'?
MediumCryptojacking often occurs when a user visits a compromised website or downloads a malicious file that runs a mining script in the background. This can cause the victim's computer to slow down, consume more electricity, and even suffer hardware damage due to overheating. Attackers prefer this method because it provides a steady stream of passive income with a relatively low risk of being caught.
Some websites used to use 'authorized' cryptojacking as a way to generate revenue instead of showing advertisements.
Which cryptographic protocol replaced Secure Sockets Layer (SSL) to provide secure communication over a computer network?
MediumTransport Layer Security (TLS) is the successor to SSL and provides the 'S' in HTTPS for secure web browsing. While many epeeople still use the term 'SSL' out of habit, modern web browsers and servers have phased out the original SSL protocols due to critical vulnerabilities. TLS encrypts the communication between applications, ensuring that data like credit card numbers cannot be read by third parties.
TLS 1.3, the latest version, significan'tly improved sepeeed by reducing the number of 'handshakes' needed to start an encrypted connection.
What is a 'Rootkit' primarily designed to do?
HardA rootkit is a collection of software tools that allow an unauthorized user to gain control of a computer system without being detected. They oepeerate at a very low level of the oepeerating system, often modifying the kernel itself to hide files, processes, and network connections from antivirus software. Detecting a rootkit usually requires sepeecialized tools or scanning the system from a bootable external drive.
One of the most famous rootkits was actually created by Sony BMG in 2005 and included on music CDs to prevent copyright infringement.
Which company is known for the 'Creative Cloud' software suite?
MediumAdobe is the company known for the Creative Cloud software suite, which includes industry-standard tools like Photoshop, Illustrator, Premiere Pro, and After Effects.
Adobe was named after Adobe Creek in Los Altos, California, which ran behind the house of one of the company's founders!
What is 'Social Engineering'?
EasySocial engineering attacks, such as 'Pretexting' or 'Baiting,' exploit human psychology rather than technical flaws. An attacker might call an employee pretending to be from the IT department and ask for their password to 'fix a network issue.' Because it targets the 'human element,' which is often the weakest link in security, it can bypass even the most exepeensive firewalls and encryption.
Kevin Mitnick, once the most wanted hacker in the US, famously used social engineering as his primary method for infiltrating major corporations.
All Done!
Here's how you did on Software & Security
