1. Client-side security doesn't work.
2. You cannot securely exchange encription keys without a shared piece of information.
3. Malicious code cannot be 100 percent protected against.
4. Any malicious code can be completely morphed to bypass signature detection.
5. Firewalls cannot protect you 100 percent from attack.
6. Any intrusion detection system (IDS) can be evaded.
7. Secret cryptographic algrothms are not secure.
8. If a key isn't required, you do not have encryption, you have encoding.
9. Passwords cannot be securely stored on the client unless there is another password to protect them.
10. In order for a system to begin to be considered secure, it must undergo an independent security audit.
11. Security through obscurity does not work.
12. If a bad guy can persuade you to run his program on your computer, it’s not your computer anymore.
13. If a bad guy can alter the operating system on your computer, it’s not your computer anymore.
14. If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore.
15. If you allow a bad guy to upload programs to your Web site, it’s not your Web site any more.
16. Weak passwords trump strong security.
17. A machine is only as secure as the administrator is trustworthy.
18. Encrypted data is only as secure as the decryption key.
19. An out-of-date virus scanner is only marginally better than no virus scanner at all.
20. Absolute anonymity isn’t practical, in real life or on the Web.
21. Technology is not a panacea.

Please lalasticlala do the needful, security is essential in staying safe online..

Source www.ithoughtsecurity.com/2015/08/infosec-laws-of-security.html

Hey, this is something i stumble upon online, and thought one or two person may want to know this terms.

@ — Symbol chosen by Ray Tomlinson, a Raytheon BBN Technologies engineer who sent the first Internet email, to separate the names of users and their networks in addresses.

Advanced Persistent Threat(APT) — A group, such as a government or a criminal organization, with the expertise, resources and intent to target a specific entity. An APT uses multiple methods to break into a network, avoid detection and harvest valuable information over a long period of time.

Air gap — To physically separate or isolate a secure network from other unsecured systems or networks.

Back door — A hidden entry to a computer, network or software that bypasses security measures.

Blackhat — A criminal hacker who breaches security for malicious reasons or personal gain.

Blue Team — A group defending a computer system from mock attackers, usually as part of a controlled exercise. During the Raytheon National Collegiate Cyber Defense Competition the blue teams are made up of students.

Bot — A program that automates a simple action. Bots infect computers and secretly perform activities under the control of a remote administrator.

Botnet — A collection of computers infected by bots.

Bot master or herder —Someone who controls a botnet.

DoS Attack — A Denial-of-Service attack disrupts a website, server, or network resource – often by flooding it with more requests than it can handle.

DDoS Attack — A Distributed Denial of Service Attack is a DoS attack using a multitude of machines. Hackers often control one “master” machine to orchestrate the actions of “zombie” machines.

End-point Security — Security measures that protect a network from potential vulnerabilities posed by laptops and other mobile devices that access the network remotely.

Fuzzing — Automated input of invalid, unexpected or random data to a computer program. “Shocking” a computer in this way can reveal vulnerabilities.

Honeypot — A trap set to detect intruders. A honeypot usually simulates a real network but is actually isolated and monitored so it can give advance warning of an intrusion.

Insider threat – A threat posed by employees, contractors, business associates or other people who have inside access to a computer system. Raytheon is the No. 1 insider threat solution provider, protecting hundreds of thousands of endpoints.

Malware —Software designed to hijack, damage, destroy or steal information from a device or system. Variations include spyware, adware, rootkits, viruses, keyloggers, and more.

Patching —The process of updating software.

Pentest — Short for penetration testing, or trying to hack into a system to identify weaknesses.

Phishing — Tricking someone into giving away personal information by imitating legitimate companies, organizations, or people online. The “ph” derives from phreaking, or “phone freaking” — hijacking telephone lines. Spearphishing focuses on a particular target.

Pwned — Pronounced like owned with a “p” at the beginning, pwned means to defeat security measures. Derives from the word “own,” or dominate.

Red Team — A group of cybersecurity professionals authorized to simulate an attack. A “blue team” of students will face a red team at the Raytheon National Collegiate Cyber Defense Competition.

Social Engineering —Manipulating people into sharing private information.

White Team — A group responsible for refereeing an engagement between a red team of mock attackers and a blue team of cyber defenders.

Whitelist — The opposite of a blacklist, a whitelist is a list of people, groups or software OK’d for system access.

Zombie — An infected device that is used to perform malicious tasks under remote control. Botnets of zombie computers are often used to spread e-mail spam and launch denial-of-service (DoS) attacks.
Thanks for reading and remember … “You Own Your Own Security!”

Reference: http://www.ithoughtsecurity.com/2015/08/infosec-geek-speak-glossary.html

i don't believe what some are saying in regards to finding a Pentesting Job in Nigeria, i will say that it is very difficult but not impossible to get a job.. Nigeria is very young with I.T, by the way we are going, we are growing very fast. so i will suggest that the easiest way would be when you are freelancing and have a stable website that costumers can go to and look at your work. A lot of this so called costumers don't know how prone they can be hack on-line.. As an Ethical-Hacker it is our duty to keep informing them about the grave dangers that comes with been on-line and how to keep been secured..