Skip to content

Glossary of Terms

  • A
  • B
  • C
  • D
  • E
  • F
  • G
  • H
  • I
  • J
  • K
  • L
  • M
  • N
  • O
  • P
  • Q
  • R
  • S
  • T
  • U
  • V
  • W
  • X
  • Y
  • Z

AGILE

WHAT IS AGILE? Agile is a frequently used methodology applied to the management of software development projects. It is..

Learn More

APACHE STRUTS

WHAT IS APACHE STRUTS? Apache Struts is a free, open-source framework for creating elegant, enterprise-ready Java web..

Learn More

Apache Tomcat

What is Apache Tomcat? Apache Tomcat is an open-source Java servlet and Java Server Page container that lets developers..

Learn More

API Security

WHAT IS API? With organizations pushing forward various digital transformation initiatives, the number of application..

Learn More

Application Attacks

Application Attacks Application development is burgeoning with the adoption of Agile and DevOps. As a result, cyber..

Learn More

Application Security

What Is Application Security? Application security is the use of software, hardware, and procedural methods to protect..

Learn More

Application Security Testing (AST)

WEB APPLICATION SECURITY TESTING Application security testing describes the various approaches used by organizations as..

Learn More

Application Vulnerability

WHAT IS APPLICATION VULNERABILITY? Application vulnerabilities are flaws or weaknesses in an application that can lead..

Learn More

BINARY CODE ANALYSIS

WHAT IS BINARY CODE ANALYSIS? Binary code analysis, also referred to as binary analysis or code review, is a form of..

Learn More

Broken Access Control

WHAT IS BROKEN ACCESS CONTROL? Broken access control is #5 on the latest (2017) OWASP Top 10 list. Originally a..

Learn More

Broken Authentication

WHAT IS BROKEN AUTHENTICATION? Broken authentication is #2 on the latest (2017) OWASP Top 10 list. Broken..

Learn More

BRUTE FORCE ATTACK

WHAT IS BRUTE FORCE ATTACK? With a brute force attack, the attacker attempts to crack a password or username using an..

Learn More

Buffer Overflow

WHAT IS BUFFER OVERFLOW? Buffers provide a temporary area for programs to store data. A buffer overflow, also known as..

Learn More

CODE INJECTION

WHAT IS CODE INJECTION? Code injection is the term used to describe attacks that inject code into an application. That..

Learn More

Command Injection

WHAT IS COMMAND INJECTION? With a command injection attack, the goal is to hijack a vulnerable application in order to..

Learn More

Computer Worm

Computer worms have been around for more than three decades and show no sign of extinction. Throughout their existence,..

Learn More

Cross-Site Scripting

CROSS SITE SCRIPTING PREVENTION Cross-site scripting (XSS) describes a web security vulnerability that allows attackers..

Learn More

DevOps Security

WHAT IS DEVOPS SECURITY? DevOps security refers to the practice of safeguarding an organization’s entire..

Learn More

DevSecOps

As organizations rush to embrace various digital transformation initiatives, DevOps (development and operations)..

Learn More

Dynamic Application Security Testing

Dynamic Application Security Testing (DAST) Organizations across all industries are transforming digitally to keep up..

Learn More

Expression Language Injection

WHAT IS EXPRESSION LANGUAGE INJECTION? Expression Language Injection (aka EL Injection) enables an attacker to view..

Learn More

FALSE NEGATIVE

WHAT IS FALSE NEGATIVE ? Designing test cases that accurately identify defects in software can be challenging. As..

Learn More

FALSE POSITIVE

WHAT IS FALSE POSITIVE? False positives occur when a scanning tool, web application firewall (WAF), or intrusion..

Learn More

FIREWALL

WHAT IS FIREWALL? A firewall is a network security system that monitors and controls incoming and outgoing network..

Learn More

FUZZ TESTING

WHAT IS FUZZ TESTING? In the world of cybersecurity, fuzz testing (or fuzzing) is an automated software testing..

Learn More

Injection

WHAT IS INJECTION? Injection is #1 on the latest (2017) OWASP Top 10 list. Injection vulnerabilities allow attackers to..

Learn More

INSECURE DESERIALIZATION

Deserialization Is a Core Component of Web Applications At the heart of the essentially limitless realm of information..

Learn More

INSTRUMENTATION

WHAT IS INSTRUMENTATION? Security instrumentation (aka deep security instrumentation) embeds sensors within..

Learn More

INSUFFICIENT LOGGING AND MONITORING

WHAT IS INSUFFICIENT LOGGING AND MONITORING ? Insufficient logging and monitoring is #10 on 2017 OWASP Top Ten list of..

Learn More

Interactive Application Security Testing

WHAT IS INTERACTIVE APPLICATION SECURITY TESTING (IAST)? Application security testing describes the various approaches..

Learn More

Log4Shell

What is Log4Shell? Log4shell is the nickname provided to the Remote Code Execution (RCE) vulnerability that was..

Learn More

Malicious Code

WHAT IS MALICIOUS CODE? Malicious code is code inserted in a software system or web script intended to cause undesired..

Learn More

Malicious Cyber Intrusion

What Is a Malicious Cyber Intrusion? As developers strive to meet the demands of the modern software development life..

Learn More

Man-in-the-Middle Attack

What is a MAN-IN-THE-MIDDLE (MITM) ATTACK? In a man-in-the-middle (MITM) attack, the attacker eavesdrops on the..

Learn More

Method Tampering

WHAT IS METHOD TAMPERING? Method tampering (aka verb tampering and HTTP method tampering) is an attack against..

Learn More

OGNL Injection (OGNL)

WHAT IS OGNL INJECTION (OGNL)? Object-Graph Navigation Language is an open-source Expression Language (EL) for Java..

Learn More

Open Source Security

IMPLEMENTING A GOOD OPEN SOURCE SECURITY STRATEGY The term "open source" refers to software in the public domain that..

Learn More

OWASP Top 10

WHAT IS OWASP TOP 10? The Open Web Application Security Project (OWASP) is a worldwide not-for-profit organization..

Learn More

Path Traversal/Directory Traversal

WHAT IS PATH TRAVERSAL/DIRECTORY TRAVERSAL? Path traversal (also known as directory traversal) is an attack that uses..

Learn More

PCI Application

WHAT IS PCI APPLICATION? The Payment Card Industry Data Security Standard (PCI DSS) is a set of widely followed..

Learn More

PCI Compliance

WHAT IS PCI COMPLIANCE? Payment card industry (PCI) compliance, also referred to as Payment Card Industry Data Security..

Learn More

Penetration Testing

WHAT IS PENETRATION TESTING? Penetration testing, also known as pen testing, security pen testing, and security..

Learn More

RASP Security

RASP SECURITY & WHY IT IS IMPORTANT Coined by Gartner in 2012, Runtime Application Self-Protection RASP is an emerging..

Learn More

Regular Expression DoS (ReDoS)

WHAT IS REGULAR EXPRESSION DOS (REDOS)? Regular expressions can reside in every layer of the web. The Regular..

Learn More

SCRUM

WHAT IS SCRUM? As a set of values and principles that describes a group's day-to-day interactions and..

Learn More

SDLC

What is SDLC? The Software Development Life Cycle (SDLC) is a framework that defines tasks performed at each step in..

Learn More

Security Misconfigurations

WHAT IS SECURITY MISCONFIGURATIONS? Security misconfigurations is #6 on the latest (2017) OWASP Top 10 list. This..

Learn More

Sensitive Data Exposure

Any industry that collects, stores, or processes sensitive data is at risk for a data breach. In 2020, the average cost..

Learn More

Session Fixation Attack

WHAT IS SESSION FIXATION ATTACK? Session fixation and session hijacking are both attacks that attempt to gain access to..

Learn More

Session Hijacking

Session Hijacking The importance of security is on the rise as digital innovation explodes. And as organizations launch..

Learn More

Software Composition Analysis

WHAT IS SOFTWARE COMPOSITION ANALYSIS? Today’s software applications rely heavily on open-source components. Software..

Learn More

Spoofing Attack

WHAT IS SPOOFING ATTACK? In a spoofing attack, a malicious party or program impersonates another device or user on a..

Learn More

Spring Core

What is Spring Core?  Spring Core (spring-core) is the core of the framework that powers features such as Inversion of..

Learn More

Spring Framework

What is Spring Framework? The Spring Framework provides a comprehensive programming and configuration model for modern..

Learn More

Spring Web MVC

What is Spring Web MVC? A  Model-View-Controller (MVC) architecture for the Spring Framework that can be used to..

Learn More

Spring Webflux

What is Spring Webflux? Spring Webflux is the reactive-stack web framework added in Spring version 5.0. Reactive..

Learn More

Spring4Shell

What is Spring4Shell? Zero-day, remote code execution (RCE) vulnerability in the Spring Framework was Disclosed on..

Learn More

SQL Injection

WHAT IS SQL INJECTION? An SQL injection attack consists of an insertion or injection of a SQL query via the input data..

Learn More

Static Application Security Testing

WHAT IS STATIC APPLICATION SECURITY TESTING? Static application security testing (SAST) involves analyzing an..

Learn More

Untrusted or Insecure Deserialization

WHAT IS UNTRUSTED OR INSECURE DESERIALIZATION? Serialization refers to the process of converting an object into a..

Learn More

Vulnerability Scanning

Vulnerability Scanning Vulnerabilities continue to grow as organizations turn to digital transformation and roll out..

Learn More

Web Application Firewall

WHAT IS WEB APPLICATION FIREWALL? A web application firewall (WAF) is a network defense that filters, monitors, and..

Learn More

Zero-day

What is zero-day?  0-Day vulnerabilities are a vulnerability in the wild, without any vendor patch. The zero means..

Learn More

Zip File Overwrite

WHAT IS ZIP FILE OVERWRITE? Zip file overwrite (also known as Zip Slip) exploits a vulnerability that is found in..

Learn More