Glossary

  • Botnets

    A botnet is network of computers infected with malware that can be used by a hacker to do their bidding.

    More →
  • Brute Force Attacks

    A brute-force attack occurs when an attacker checks all possible passwords until the correct one is found.

    More →
  • Clean URLs

    Clean URLs (or semantic URLs) are readable URLs for websites or web services that intuitively represent the underlying resource.

    More →
  • Code Injection

    Code injection can used by an attacker to introduce malicious code into a vulnerable computer program and change the course of execution.

    More →
  • Content Management Systems

    Content Management Systems (CMS) allow non-technical users to publish and edit online resources.

    More →
  • Cookies

    HTTP is a stateless protocol. Cookies are the most common way to make a conversation between a browser and server stateful.

    More →
  • DDL

    Data Definition Language (DDL) is the subset of the SQL language that allows table structures to be edited.

    More →
  • Defense in Depth

    Defense in depth refers to employing multiple layers or security controls to reduce the likelihood and impact of an attack.

    More →
  • Denial of Service Attacks

    A denial-of-service (DOS) attack is an attempt to make a web service or website unavailable by flooding it with network packets.

    More →
  • Dictionary Attacks

    A dictionary attack is attempt to guess passwords by using well-known words or phrases.

    More →
  • Digital Signatures

    Digital signatures are used to demonstrate the authenticity of a digital message.

    More →
  • DML

    Data Manipulation Language (DML) is the subset of the SQL language that allows querying and updating of table content.

    More →
  • Hashing

    You should store user passwords as strong, cryptographic hashes.

    More →
  • HTTP

    Hypertext Transfer Protocol (HTTP) is the mechanism that websites and web services use to communicate with user agents such as browsers.

    More →
  • HTTPS

    Sensitive web traffic should be sent over an encrypted channel -- that's what HTTPS is for.

    More →
  • LDAP

    Lightweight Directory Access Protocol (LDAP) is a technology used to create directories of individuals or resources.

    More →
  • Netmasks

    Netmasks (or subnet masks) are a shorthand for referring to ranges of consecutive IP addresses in the Internet Protocol. They used for defining networking rules in e.g. routers and firewalls.

    More →
  • OAuth

    OAuth is an open standard for authorization.

    More →
  • OWASP

    The Open Web Application Security Project (OWASP) is an online community that tracks common vulnerabilities and publishes information about web application security.

    More →
  • Password Lists

    Users are creatures of habit, which means they tend to choose obvious passwords and re-use them over multiple sites.

    More →
  • Phishing

    Phishing is when an attacker sends an email (or other electronic message) to a user, in an attempt to trick them into disclosing sensitive information.

    More →
  • Principle of Least Privilege

    Secure organizations often share information on a "need to know" basis, and this model can be applied to technical systems too.

    More →
  • Randomness

    Modern encryption techniques require the generation of random numbers on demand. This is a surprisingly hard problem.

    More →
  • Releases

    Software is rarely unchanging; it is important to have a clear strategy when pushing out new versions.

    More →
  • REST

    REpresentational State Transfer (REST) is a style of web service architecture designed to map create, read, update, and delete operations with their corresponding HTTP verbs.

    More →
  • Salting

    Salting refers to adding a random token to a password before hashing it.

    More →
  • Sessions

    A session is a stateful conversation between a website and a user agent, such as a browser.

    More →
  • Social Engineering

    Social engineering is when an attacker interacts directly with your users or staff, in an effort to trick them into disclosing sensitive information or performing restricted actions.

    More →
  • SQL

    Structured Query Language (SQL) is a special purpose programming language for accessing and updating data in a relational database.

    More →
  • URLs

    A Uniform Resource Locator (URL) -- informally called a web address -- specifies the location of a resource on the internet.

    More →
  • Worms

    A worm is a malicious program that replicates itself in order to spread to other systems.

    More →
  • Zero-Day Exploits

    A zero-day vulnerability is a vulnerability that the application author has not yet become aware of.

    More →