Glossary
-
BotnetsA botnet is network of computers infected with malware that can be used by a hacker to do their bidding.
-
Brute Force AttacksA brute-force attack occurs when an attacker checks all possible passwords until the correct one is found.
-
Clean URLsClean URLs (or semantic URLs) are readable URLs for websites or web services that intuitively represent the underlying resource.
-
Code InjectionCode injection can used by an attacker to introduce malicious code into a vulnerable computer program and change the course of execution.
-
Content Management SystemsContent Management Systems (CMS) allow non-technical users to publish and edit online resources.
-
CookiesHTTP is a stateless protocol. Cookies are the most common way to make a conversation between a browser and server stateful.
-
DDLData Definition Language (DDL) is the subset of the SQL language that allows table structures to be edited.
-
DMLData Manipulation Language (DML) is the subset of the SQL language that allows querying and updating of table content.
-
Defense In DepthDefense in depth refers to employing multiple layers or security controls to reduce the likelihood and impact of an attack.
-
Denial Of Service AttacksA denial-of-service (DOS) attack is an attempt to make a web service or
-
Dictionary AttacksA dictionary attack is attempt to guess passwords by using well-known words or phrases.
-
Digital SignaturesDigital signatures are used to demonstrate the authenticity of a digital message.
-
HTTPHypertext Transfer Protocol (HTTP) is the mechanism that websites and web services use to communicate with user agents such as browsers.
-
HTTPSSensitive web traffic should be sent over an encrypted channel -- that's what HTTPS is for.
-
HashingYou should store user passwords as strong, cryptographic hashes.
-
LDAPLightweight Directory Access Protocol (LDAP) is a technology used to create directories of individuals or resources.
-
NetmasksNetmasks (or subnet masks) are a shorthand for referring to ranges of consecutive IP addresses in the Internet Protocol. They used for defining networking rules in e.g. routers and firewalls.
-
OWASPThe Open Web Application Security Project (OWASP) is an online community that tracks common vulnerabilities and publishes information about web application security.
-
OauthOAuth is an open standard for authorization.
-
Password ListsUsers are creatures of habit, which means they tend to choose obvious passwords and re-use them over multiple sites.
-
PhishingPhishing is when an attacker sends an email (or other electronic message) to a user, in an attempt to trick them into disclosing sensitive information.
-
Principle Of Least PrivilegeSecure organizations often share information on a "need to know" basis, and this model can be applied to technical systems too.
-
RESTREpresentational State Transfer (REST) is a style of web service architecture designed to map create, read, update, and delete operations with their corresponding HTTP verbs.
-
RandomnessModern encryption techniques require the generation of random numbers on demand. This is a surprisingly hard problem.
-
ReleasesSoftware is rarely unchanging; it is important to have a clear strategy when pushing out new versions.
-
SQLStructured Query Language (SQL) is a special purpose programming language for accessing and updating data in a relational database.
-
SaltingSalting refers to adding a random token to a password before hashing it.
-
SessionsA session is a stateful conversation between a website and a user agent, such as a browser.
-
Social EngineeringSocial engineering is when an attacker interacts directly with your users or staff, in an effort to trick them into disclosing sensitive information or performing restricted actions.
-
URLsA Uniform Resource Locator (URL) -- informally called a web address -- specifies the location of a resource on the internet.
-
WormsA worm is a malicious program that replicates itself in order to spread to other systems.
-
Zero Day ExploitsA zero-day vulnerability is a vulnerability that the application author has not yet become aware of.