Glossary
Botnets
A botnet is network of computers infected with malware that can be used by a hacker to do their bidding.
More →Brute Force Attacks
A brute-force attack occurs when an attacker checks all possible passwords until the correct one is found.
More →Clean URLs
Clean URLs (or semantic URLs) are readable URLs for websites or web services that intuitively represent the underlying resource.
More →Code Injection
Code injection can used by an attacker to introduce malicious code into a vulnerable computer program and change the course of execution.
More →Content Management Systems
Content Management Systems (CMS) allow non-technical users to publish and edit online resources.
More →Cookies
HTTP is a stateless protocol. Cookies are the most common way to make a conversation between a browser and server stateful.
More →DDL
Data Definition Language (DDL) is the subset of the SQL language that allows table structures to be edited.
More →Defense in Depth
Defense in depth refers to employing multiple layers or security controls to reduce the likelihood and impact of an attack.
More →Denial of Service Attacks
A denial-of-service (DOS) attack is an attempt to make a web service or website unavailable by flooding it with network packets.
More →Dictionary Attacks
A dictionary attack is attempt to guess passwords by using well-known words or phrases.
More →Digital Signatures
Digital signatures are used to demonstrate the authenticity of a digital message.
More →DML
Data Manipulation Language (DML) is the subset of the SQL language that allows querying and updating of table content.
More →Hashing
You should store user passwords as strong, cryptographic hashes.
More →HTTP
Hypertext Transfer Protocol (HTTP) is the mechanism that websites and web services use to communicate with user agents such as browsers.
More →HTTPS
Sensitive web traffic should be sent over an encrypted channel -- that's what HTTPS is for.
More →LDAP
Lightweight Directory Access Protocol (LDAP) is a technology used to create directories of individuals or resources.
More →Netmasks
Netmasks (or subnet masks) are a shorthand for referring to ranges of consecutive IP addresses in the Internet Protocol. They used for defining networking rules in e.g. routers and firewalls.
More →OAuth
OAuth is an open standard for authorization.
More →OWASP
The Open Web Application Security Project (OWASP) is an online community that tracks common vulnerabilities and publishes information about web application security.
More →Password Lists
Users are creatures of habit, which means they tend to choose obvious passwords and re-use them over multiple sites.
More →Phishing
Phishing is when an attacker sends an email (or other electronic message) to a user, in an attempt to trick them into disclosing sensitive information.
More →Principle of Least Privilege
Secure organizations often share information on a "need to know" basis, and this model can be applied to technical systems too.
More →Randomness
Modern encryption techniques require the generation of random numbers on demand. This is a surprisingly hard problem.
More →Releases
Software is rarely unchanging; it is important to have a clear strategy when pushing out new versions.
More →REST
REpresentational State Transfer (REST) is a style of web service architecture designed to map create, read, update, and delete operations with their corresponding HTTP verbs.
More →Salting
Salting refers to adding a random token to a password before hashing it.
More →Sessions
A session is a stateful conversation between a website and a user agent, such as a browser.
More →Social Engineering
Social engineering is when an attacker interacts directly with your users or staff, in an effort to trick them into disclosing sensitive information or performing restricted actions.
More →SQL
Structured Query Language (SQL) is a special purpose programming language for accessing and updating data in a relational database.
More →URLs
A Uniform Resource Locator (URL) -- informally called a web address -- specifies the location of a resource on the internet.
More →Worms
A worm is a malicious program that replicates itself in order to spread to other systems.
More →Zero-Day Exploits
A zero-day vulnerability is a vulnerability that the application author has not yet become aware of.
More →