Skip to content

Glossary of Terms

  • A
  • B
  • C
  • D
  • E
  • F
  • G
  • H
  • I
  • J
  • K
  • L
  • M
  • N
  • O
  • P
  • Q
  • R
  • S
  • T
  • U
  • V
  • W
  • X
  • Y
  • Z

Brute Force Attack

What is a brute force attack? With a brute force attack, the attacker attempts to crack a password or username using an..

Learn More

Software Composition Analysis (SCA) Tool in the Code Repository (Repo)

What is SCA in the repo? What is repository level SCA? When a Software Composition Analysis (SCA) tool scans a..

Learn More

.NET Core Framework

What is .NET core framework? .NET Core is the latest version of .NET Framework, a free, open-source, general-purpose..

Learn More

.NET Framework

What is .NET framework? Microsoft .NET was first released in 2016 as an open-source, cross-platform iteration of the..

Learn More

Active vs Passive IAST Scanning

Active IAST testing and passive IAST testing Compared with traditional application testing tools and methodologies,..

Learn More

AGILE

What is Agile? Agile is a frequently used methodology applied to the management of software development projects. It is..

Learn More

Apache Struts

What is Apache Struts? Apache Struts is a free, open-source framework for creating elegant, enterprise-ready Java web..

Learn More

Apache Tomcat

What is Apache Tomcat? Apache Tomcat is an open-source Java servlet and Java Server Page container that lets developers..

Learn More

API Security

What is API security? With organizations pushing forward various digital transformation initiatives, the number of..

Learn More

Application

What is an application? app stack and tech stack explained Applications encompass a wide range of functionalities to..

Learn More

Application Attacks

Application attacks Application development is burgeoning with the adoption of Agile and DevOps. As a result, cyber..

Learn More

Application Detection and Response (ADR)

What is application detection and response (ADR)? ADR provides security teams with a powerful tool to defend custom and..

Learn More

Application Security

What is application security? Application security is the use of software, hardware, and procedural methods to protect..

Learn More

Application Security Testing (AST)

Web application security testing Application security testing describes the various approaches used by organizations as..

Learn More

Application Vulnerability

What is application vulnerability? Application vulnerabilities are flaws or weaknesses in an application that can lead..

Learn More

ARP Poisoning Attacks

ARP stands for Address Resolution Protocol which is used in network communications. ARPs translate Internet Protocol..

Learn More

Binary Code Analysis

What is binary code analysis? Binary code analysis, also referred to as binary analysis or code review, is a form of..

Learn More

Broken Access Control

What is broken access control? Broken access control has moved up from #5 in 2017 to #1 in 2021 in the OWASP Top 10..

Learn More

Broken Authentication

What is broken authentication? Broken authentication was #2 on the 2017 OWASP Top 10 list. In 2021 the Broken..

Learn More

Buffer Overflow

What is buffer overflow? Buffers provide a temporary area for programs to store data. A buffer overflow, also known as..

Learn More

Code Injection

What is code injection? Code injection is the term used to describe attacks that inject code into an application. That..

Learn More

Code Repository

What is a code repository A code repository is a central location where software developers can store, manage, and..

Learn More

Command Injection

What is command injection? With a command injection attack, the goal is to hijack a vulnerable application in order to..

Learn More

Computer Worm

What is a computer worm? Computer worms have been around for more than three decades and show no sign of extinction...

Learn More

Cross-Site Scripting

What is cross-site scripting? "Cross-site scripting" originally referred to loading the attacked, third-party web..

Learn More

CSRF

Cross-site request forgery (CSRF) attack Application attacks are on the rise and becoming more advanced. On average,..

Learn More

CVE-2016-1000027

CVE-2016-1000027 Learn about the CVE-2016-1000027 Spring Framework vulnerability, its background, its description, its..

Learn More

Dangerous Functions

What are dangerous functions? Dangerous functions are the root cause of all Application Security (AppSec) problems. In..

Learn More

Data Breach

What is a data breach and how to prevent it? A data breach is an incident in which an unauthorized person or entity..

Learn More

DevOps Security

What is DevOps security? DevOps security refers to the practice of safeguarding an organization’s entire..

Learn More

DevSecOps

As organizations rush to embrace various digital transformation initiatives, DevOps (development and operations)..

Learn More

Expression Language Injection

What is expression language injection? Expression Language Injection (aka EL Injection) enables an attacker to view..

Learn More

False Negative

What is a false negative? Designing test cases that accurately identify defects in software can be challenging. As..

Learn More

False Positive

What is false positive? False positives occur when a scanning tool, web application firewall (WAF), or intrusion..

Learn More

Firewall

What is a firewall network security system? A firewall is a network security system that monitors and controls incoming..

Learn More

Fuzz Testing

What is fuzz testing, or “fuzzing”? In the world of cybersecurity, fuzz testing (or fuzzing) is an automated software..

Learn More

Go Language

What is go language? Go language is an open-source programming language used for general purposes. Go was developed by..

Learn More

IAST vs SAST

Definitions of SAST and IAST testing methodologies Static Application Security Testing (SAST) is a static application..

Learn More

Injection Attack

What is injection? Injection is #1 on the latest (2017) OWASP Top 10 list. Injection vulnerabilities allow attackers to..

Learn More

Insecure Deserialization

Deserialization is a core component of web applications At the heart of the essentially limitless realm of information..

Learn More

Instrumentation

What is code instrumentation? Code instrumentation is a technique where additional code is injected into an..

Learn More

Insufficient Logging and Monitoring

What is insufficient logging and monitoring? Insufficient logging and monitoring is #10 on 2017 OWASP Top Ten list of..

Learn More

Interactive Application Security Testing

What is interactive application security testing (IAST)? Application security testing describes the various approaches..

Learn More

Java Programming Language

What is java programming language? Java is a programming language and computing platform first released by Sun..

Learn More

JavaScript Programming Language

What is JavaScript programming language?? JavaScript is a text-based programming language used both on the client-side..

Learn More

Kotlin Programming Language

What is Kotlin programming language? Kotlin is a general purpose, free, open source, statically typed "pragmatic"..

Learn More

Log4Shell

What is Log4Shell? Log4shell is the nickname provided to the Remote Code Execution (RCE) vulnerability that was..

Learn More

Malicious Code

What is malicious code? Malicious code is code inserted in a software system or web script intended to cause undesired..

Learn More

Malicious Cyber Intrusion

What is a malicious cyber intrusion? As developers strive to meet the demands of the modern software development life..

Learn More

Man-in-the-Middle Attack

What is a Man-In-The-Middle (MITM) Attack? In a man-in-the-middle (MITM) attack, the attacker eavesdrops on the..

Learn More

Method Tampering

What is method tampering? Method tampering (aka verb tampering and HTTP method tampering) is an attack against..

Learn More

Microsoft Azure Function App

What is a function app? A Function App is a Microsoft Azure Functions construct. Essentially it is a group of one or..

Learn More

NIST CSF 2.0

Overview NIST CSF 2.0 provides key guidance to organizations of all sizes looking to improve their security posture...

Learn More

Node.js

What is Node.js? Node.js is an open-source, server-side script that runs on top of Google's open-source scripting..

Learn More

OGNL Injection (OGNL)

What is OGNL injection (OGNL)? Object-Graph Navigation Language is an open-source Expression Language (EL) for Java..

Learn More

Open Source Security

Implementing a good open source security strategy The term "open source" refers to software in the public domain that..

Learn More

OWASP Top 10

What is OWASP Top 10? The Open Web Application Security Project (OWASP) is a worldwide not-for-profit organization..

Learn More

PCI Application

What is PCI application? The Payment Card Industry Data Security Standard (PCI DSS) is a set of widely followed..

Learn More

PCI Compliance

What is PCI compliance? Payment card industry (PCI) compliance, also referred to as Payment Card Industry Data Security..

Learn More

Penetration Testing

What is penetration testing? Penetration testing, also known as pen testing, security pen testing, and security..

Learn More

PHP Programming Language

What is PHP programming language? PHP (short for Hypertext PreProcessor) is the most widely used open source and..

Learn More

Project

What is a Project? A project is a collection of source code contained in a ‘folder’, ‘Zip file’, war file or one or..

Learn More

Python Programming Language

What is python programming language? Python has become one of the most popular programming languages in the world in..

Learn More

ReDoS Attack

What is a ReDoS attack? A ReDoS attack is a denial-of-service (DoS) attack that exploits an application’s exponential..

Learn More

Regular Expression DoS (ReDoS)

What is regular expression DoS (ReDoS)? Regular expressions can reside in every layer of the web. The Regular..

Learn More

Ruby Programming Language

What is ruby programming language? Ruby is an open-source, object-oriented scripting language developed in the mid-90s..

Learn More

Runtime Application Self Protection (RASP) Security

What is RASP security? Coined by Gartner in 2012, Runtime Application Self-Protection, RASP, is an emerging security..

Learn More

Runtime Security

What is runtime security? Runtime Security is defined as protecting software everywhere it runs. Typically, runtime is..

Learn More

SBOM

What is an SBOM (Software Bills of Materials)? Software Bills of Materials (SBOMs) were born out of the need to provide..

Learn More

Scala Programming Language

What is scala programming language? Scala is a statically-typed, general-purpose programming language that can be both..

Learn More

SCRUM

What is agile scrum environment? As a set of values and principles that describes a group's day-to-day interactions and..

Learn More

Security Misconfigurations

What is security misconfigurations? Security misconfigurations is #6 on the latest (2017) OWASP Top 10 list. This..

Learn More

Sensitive Data Exposure

Any industry that collects, stores, or processes sensitive data is at risk for a data breach. In 2020, the average cost..

Learn More

Serverless Security

What is serverless? Serverless is a cloud-native development and deployment model that abstracts underlying servers and..

Learn More

Session Fixation Attack

What is session fixation attack? Session fixation and session hijacking are both attacks that attempt to gain access to..

Learn More

Session Hijacking

Session hijacking attacks The importance of security is on the rise as digital innovation explodes. And as..

Learn More

Software Composition Analysis (SCA)

What is software composition analysis (SCA)? Today’s software applications rely heavily on open-source components...

Learn More

Software Development Life Cycle (SDLC) Security

What is the software development life cycle, aka SDLC? The Software Development Life Cycle (SDLC) is a framework that..

Learn More

Spoofing

What is spoofing? Spoofing is when a bad actor disguises themselves as a trusted device or user in order to gain access..

Learn More

Spoofing Attack

What is a spoofing attack? In a spoofing attack, a malicious party or program impersonates another device or user on a..

Learn More

Spring Core

What is Spring Core? Spring Core (spring-core) is the core of the framework that powers features such as Inversion of..

Learn More

Spring Framework

What is Spring Framework? The Spring Framework provides a comprehensive programming and configuration model for modern..

Learn More

Spring Web MVC

What is Spring Web MVC? A Model-View-Controller (MVC) architecture for the Spring Framework that can be used to develop..

Learn More

Spring Webflux

What is Spring Webflux? Spring Webflux is the reactive-stack web framework added in Spring version 5.0. Reactive..

Learn More

Spring4Shell

What is Spring4Shell? Zero-day, remote code execution (RCE) vulnerability in the Spring Framework was Disclosed on..

Learn More

SQL Injection

What is SQL injection? An SQL injection attack consists of an insertion or injection of a SQL query via the input data..

Learn More

Static Application Security Testing

What is static application security testing (SAST)? Static application security testing (SAST) involves analyzing an..

Learn More

Untrusted or Insecure Deserialization

What is untrusted or insecure deserialization? Serialization refers to the process of converting an object into a..

Learn More

Vulnerability Assessment

Cyber crimes are expected to cause more than 6 trillion dollars in damages in 2021. By the year 2025, it's estimated..

Learn More

Vulnerability Scanning

What is vulnerability scanning? Vulnerability scanning is the finding of security flaws and vulnerabilities, analyzing..

Learn More

Vulnerability Testing

What is vulnerability testing? Vulnerability testing is an assessment used to evaluate application security by..

Learn More

WAF vs RASP

WAF vs. RASP: a defense in depth approach to application security In today's threat landscape, web applications are..

Learn More

Web Application

What is a web application? A web application is a program that can be accessed through a web browser and runs on a web..

Learn More

Web application firewall (WAF)

While web application firewalls (WAFs) have long played — and continue to play — a key role in defending applications..

Learn More

Web Browser Attacks

What is a web browser attack? A web browser attack is a type of cyber attack that targets vulnerabilities in web..

Learn More

Website Scanner

Development teams are a fundamental part of organizations, with digital transformation ascending to the top of..

Learn More

What is a path traversal attack or directory traversal attack?

What is a path traversal attack? Understanding the harm it can cause Path traversal attacks use an affected application..

Learn More

What is Dynamic Application Security Testing?: DAST Tools for Security Testing

Dynamic application security testing (DAST) Organizations across all industries are transforming digitally to keep up..

Learn More

XSS (Cross-site scripting)

Understand the different types of XSS attacks and how to protect against them. Cross-Site Scripting (XSS) - a common..

Learn More

Zero day

What is a Zero-day? Zero-day vulnerabilities are software flaws unknown before exploitation. Why should I care about..

Learn More

Zip File Overwrite

What is zip file overwrite? Zip file overwrite (also known as Zip Slip) exploits a vulnerability that is found in..

Learn More