Josh Fruhlinger
Contributing writer
Josh Fruhlinger is a writer and editor who lives in Los Angeles.
How SAML works and enables single sign-on
Security assertion markup language (SAML) is an open standard that defines how providers can offer both authentication and authorization services. Here's what you need to know.
Keyloggers explained: How attackers record computer inputs
A keylogger (short for keystroke logger) is a tool that can record and report on a computer user's activity as they interact with a computer.
PCI DSS explained: Requirements, fines, and steps to compliance
PCI DSS (Payment Card Industry Data Security Standard) is a cybersecurity standard backed by all the major credit card and payment processing companies that aims to keep credit and debit card numbers safe.
Computer viruses explained: Definition, types, and examples
A computer virus is a form of malicious software that piggybacks onto legitimate application code in order to spread and reproduce itself.
What is phishing? Examples, types, and techniques
Phishing is a type of cyberattack that uses disguised email to trick the recipient into giving up information, downloading malware, or taking some other desired action.
What is spear phishing? Examples, tactics, and techniques
Spear phishing is a targeted email attack purporting to be from a trusted sender. Learn how to recognize—and defeat—this type of phishing attack.
What is a botnet? When infected devices attack
A botnet is a collection of internet-connected devices that an attacker has compromised to launch DDoS attacks, spread phishing spam, mine bitcoin, and more.
What is SSL? How SSL certificates enable encrypted communication
SSL and its descendent, TLS, are protocols that encrypt internet traffic, making secure internet communication and ecommerce possible.
8 IT security disasters: Lessons from cautionary examples
An attack needs to really stand out to earn the name "disaster."
What is SIEM? Security information and event management explained
SIEM software collects and aggregates log and event data to help identify and track breaches. It is a powerful tool for security insights.
What is XSS? Cross-site scripting attacks explained
Cross-site scripting (XSS) is a cyberattack in which a hacker enters malicious code into a web form or web application url.
What is RBAC? Role-based access control explained
Role-based access control (RBAC) is an approach for restricting access to digital resources based on a user’s role in an organization
Malware explained: Definition, examples, detection and recovery
Malware, short for malicious software, is a blanket term for viruses, worms, trojans and other harmful computer programs attackers use to wreak destruction and gain access to sensitive information. Here’s what you need to know.
Social engineering: Definition, examples, and techniques
Social engineering is the art of exploiting human psychology, rather than technical hacking techniques, to gain access to buildings, systems, or data. Train yourself to spot the signs.
DDoS attacks: Definition, examples, and techniques
A distributed denial of service (DDoS) attack is when an attacker disrupts the delivery of a service, typically by flooding a system with requests for data. They have been part of the criminal toolbox for twenty years, and they’re...
What is PII? Examples, laws, and standards
Personally identifiable information (PII), is any piece of data that could be used—either alone or when combined with other data—to identify an individual. Some types of PII are obvious, such as a name or Social Security number, but...
How IPsec works, it’s components and purpose
IPsec (Internet Protocol Security) is a suite of protocols that are used to secure internet communications. It is a common element of VPNs.
8 top ethical hacking certifications employers value
If you're looking for a job as a penetration tester, these certs will help you demonstrate your hacking skills and your commitment to the field.
11 penetration testing tools the pros use
Automated and open source tools can help you conduct web application, network, and database penetration tests.