BASICS
You are trying to go to the construction site and introduce yourself to the watchman by your name, and then go inside. This is identification.
Before you go inside, you have to show your passport to the watchman. This is authentication.
You are forced to show one watchman your passport, and the second from memory to name his series, number and remember what is on the page with a number similar to Kenny. This is 2-Step Verification.
The watchman requires not only a passport, but also a driver's license. This is two-factor authentication.
Some p # daras fucked the watchman by showing him other people's documents. This is a fake credential.
The watchman is aware that he was fucked up, but he has to let it go, because the documents are genuine. This is impersonation.
The watchman will give you a badge with a personal identifier around your neck. This is a session token.
You show this badge when entering any door. This is authorization.
Some p # daras ripped off someone else's badge and shows it everywhere. This is session hijacking.
He also put a copy of the badge with his identifier on the watchman and waited until he gave it to you. This is session fixation.
You stomped on the newly poured floor, leaving no traces in it, and no one except you knows that it happened at all. This is privacy.
You stomped on the newly poured floor, left traces in it, but no one knows which p # daras did it. This is anonymity.
The watchman wrote down the date and time of your arrival and departure in the journal. This is logging.
The watchman follows you on your heels and records all your actions in general. This is flashback logging. At a construction site, a brick may fall on your head. This is a threat.
The janitor made an entry in the journal that a couple of days ago some dumb worker with the same surname as yours got a job at their construction site. This is a correlation of events.
During the correlation of events, the watchman periodically presses the button, after which the siren starts shouting, the red lights flash, and the entire staff takes off in the basements, laying bricks. This is SIEM.
The foreman for this finally stuffed the watchman with fucking. This is an update of the SIEM event correlation rules. A brick weighs a kilogram and another half of a brick, the acceleration of gravity is 9.80665 m / s ?, the sun is at its zenith, and bricks can be located on any of the rebuilt floors
. This is a threat model. Some guy in a hat tells you how to model threats correctly. This is Lukatsky.
Some p # daras can throw a brick on your head from the top floor. This is an attack.
To do this, he will go to the construction site, climb to the highest floor, pick up a brick, aim and throw it down. This is an exploit.
Your head is not designed to hit bricks with a given weight and acceleration. This is a vulnerability.
You remove all the bricks from the construction site, exclude the presence of any p # daras on it and, just in case, also the upper floors. This is security.
You put on a helmet in order to somehow reduce the consequences of hitting a brick. This is security.
In your safety rules, everyone is prescribed to wear helmets, you received a Pushkin Prize for them from the regulators, but the staff walked without helmets, and continue to walk. This is paper security. The foreman is still alive, that p # daras is throwing bricks in all directions, and the watchman is already fucking pushing the red button. This is a bug hunter with a security analyzer. You hire two foremen so that in the event of the death of one of them, the work will not stop. This is formal fault tolerance. You hire as many foremen as you have bricks at a construction site plus one more. This is the actual fault tolerance. You buy a device that throws bricks in all directions, like tennis balls. This is DAST.
Some p # daras made his way to the construction site, climbed to the upper floors, killed the foreman with a brick and now joyfully demands to pay him a reward for this. This is a baghunter.
