Glossary of Terms
- A
- B
- C
- D
- E
- F
- G
- H
- I
- J
- K
- L
- M
- N
- O
- P
- Q
- R
- S
- T
- U
- V
- W
- X
- Y
- Z
Software Composition Analysis (SCA) Tool in the Code Repository (Repo)
What is SCA in the Repo What is repository level SCA? When a Software Composition Analysis (SCA) tool scans a..
Learn More.NET Core Framework
.NET Core is the latest version of .NET Framework, a free, open-source, general-purpose development platform supported..
Learn More.NET Framework
Microsoft .NET was first released in 2016 as an open-source, cross-platform iteration of the previous .NET Framework. ..
Learn MoreActive vs Passive IAST
What is active IAST The active approach to Interactive Application Security Testing (IAST) requires two main components..
Learn MoreAGILE
WHAT IS AGILE? Agile is a frequently used methodology applied to the management of software development projects. It is..
Learn MoreAPACHE STRUTS
WHAT IS APACHE STRUTS? Apache Struts is a free, open-source framework for creating elegant, enterprise-ready Java web..
Learn MoreApache Tomcat
What is Apache Tomcat? Apache Tomcat is an open-source Java servlet and Java Server Page container that lets developers..
Learn MoreAPI Security
WHAT IS API SECURITY? With organizations pushing forward various digital transformation initiatives, the number of..
Learn MoreApplication Attacks
Application Attacks Application development is burgeoning with the adoption of Agile and DevOps. As a result, cyber..
Learn MoreApplication Security
What Is Application Security? Application security is the use of software, hardware, and procedural methods to protect..
Learn MoreApplication Security Testing (AST)
WEB APPLICATION SECURITY TESTING Application security testing describes the various approaches used by organizations as..
Learn MoreApplication Vulnerability
WHAT IS APPLICATION VULNERABILITY? Application vulnerabilities are flaws or weaknesses in an application that can lead..
Learn MoreARP Poisoning Attacks
ARPs are used in network communications. They translate Internet Protocol (IP) addresses into MAC addresses and vice..
Learn MoreBINARY CODE ANALYSIS
WHAT IS BINARY CODE ANALYSIS? Binary code analysis, also referred to as binary analysis or code review, is a form of..
Learn MoreBroken Access Control
WHAT IS BROKEN ACCESS CONTROL? Broken access control is #5 on the latest (2017) OWASP Top 10 list. Originally a..
Learn MoreBroken Authentication
WHAT IS BROKEN AUTHENTICATION? Broken authentication is #2 on the latest (2017) OWASP Top 10 list. Broken..
Learn MoreBRUTE FORCE ATTACK
WHAT IS BRUTE FORCE ATTACK? With a brute force attack, the attacker attempts to crack a password or username using an..
Learn MoreBuffer Overflow
WHAT IS BUFFER OVERFLOW? Buffers provide a temporary area for programs to store data. A buffer overflow, also known as..
Learn MoreCODE INJECTION
WHAT IS CODE INJECTION? Code injection is the term used to describe attacks that inject code into an application. That..
Learn MoreCode Repository
What is a Code Repository A code repository is a central location where software developers can store, manage, and..
Learn MoreCommand Injection
WHAT IS COMMAND INJECTION? With a command injection attack, the goal is to hijack a vulnerable application in order to..
Learn MoreComputer Worm
Computer worms have been around for more than three decades and show no sign of extinction. Throughout their existence,..
Learn MoreCross-Site Scripting
CROSS SITE SCRIPTING PREVENTION Cross-site scripting (XSS) describes a web security vulnerability that allows attackers..
Learn MoreCSRF
Cross-Site Request Forgery (CSRF) Attack Application attacks are on the rise and becoming more advanced. On average,..
Learn MoreData Breach
What is a Data Breach and How to Prevent it? A data breach is an incident in which an unauthorized person or entity..
Learn MoreDevOps Security
WHAT IS DEVOPS SECURITY? DevOps security refers to the practice of safeguarding an organization’s entire..
Learn MoreDevSecOps
As organizations rush to embrace various digital transformation initiatives, DevOps (development and operations)..
Learn MoreDynamic Application Security Testing
Dynamic Application Security Testing (DAST) Organizations across all industries are transforming digitally to keep up..
Learn MoreExpression Language Injection
WHAT IS EXPRESSION LANGUAGE INJECTION? Expression Language Injection (aka EL Injection) enables an attacker to view..
Learn MoreFALSE NEGATIVE
WHAT IS FALSE NEGATIVE ? Designing test cases that accurately identify defects in software can be challenging. As..
Learn MoreFALSE POSITIVE
WHAT IS FALSE POSITIVE? False positives occur when a scanning tool, web application firewall (WAF), or intrusion..
Learn MoreFIREWALL
WHAT IS A FIREWALL NETWORK SECURITY SYSTEM? A firewall is a network security system that monitors and controls incoming..
Learn MoreFUZZ TESTING
WHAT IS FUZZ TESTING? In the world of cybersecurity, fuzz testing (or fuzzing) is an automated software testing..
Learn MoreGo Language
Go language is an open-source programming language used for general purposes. Go was developed by Google engineers to..
Learn MoreInjection Attack
WHAT ARE INJECTION ATTACK TYPES? Injection is #1 on the latest (2017) OWASP Top 10 list. Injection vulnerabilities..
Learn MoreINSECURE DESERIALIZATION
Deserialization Is a Core Component of Web Applications At the heart of the essentially limitless realm of information..
Learn MoreINSTRUMENTATION
WHAT IS SECURITY INSTRUMENTATION? Security instrumentation (aka deep security instrumentation) embeds sensors within..
Learn MoreINSUFFICIENT LOGGING AND MONITORING
WHAT IS INSUFFICIENT LOGGING AND MONITORING ? Insufficient logging and monitoring is #10 on 2017 OWASP Top Ten list of..
Learn MoreInteractive Application Security Testing
WHAT IS INTERACTIVE APPLICATION SECURITY TESTING (IAST)? Application security testing describes the various approaches..
Learn MoreJava Programming Language
Java is a programming language and computing platform first released by Sun Microsystems in 1995. It has evolved from..
Learn MoreJavaScript Programming Language
JavaScript is a text-based programming language used both on the client-side and server-side that allows you to make..
Learn MoreKotlin Programming Language
Kotlin is a general purpose, free, open source, statically typed "pragmatic" programming language initially designed..
Learn MoreLog4Shell
What is Log4Shell? Log4shell is the nickname provided to the Remote Code Execution (RCE) vulnerability that was..
Learn MoreMalicious Code
WHAT IS MALICIOUS CODE? Malicious code is code inserted in a software system or web script intended to cause undesired..
Learn MoreMalicious Cyber Intrusion
What Is a Malicious Cyber Intrusion? As developers strive to meet the demands of the modern software development life..
Learn MoreMan-in-the-Middle Attack
What is a MAN-IN-THE-MIDDLE (MITM) ATTACK? In a man-in-the-middle (MITM) attack, the attacker eavesdrops on the..
Learn MoreMethod Tampering
WHAT IS METHOD TAMPERING? Method tampering (aka verb tampering and HTTP method tampering) is an attack against..
Learn MoreMicrosoft Azure Function App
What is a Function App? A Function App is a Microsoft Azure Functions construct. Essentially it is a group of one or..
Learn MoreNode.js
Node.js is an open-source, server-side script that runs on top of Google's open-source scripting engine, V8. Node.js is..
Learn MoreOGNL Injection (OGNL)
WHAT IS OGNL INJECTION (OGNL)? Object-Graph Navigation Language is an open-source Expression Language (EL) for Java..
Learn MoreOpen Source Security (OSS)
IMPLEMENTING A GOOD OPEN SOURCE SECURITY STRATEGY The term "open source" refers to software in the public domain that..
Learn MoreOWASP Top 10
WHAT IS OWASP TOP 10? The Open Web Application Security Project (OWASP) is a worldwide not-for-profit organization..
Learn MorePath Traversal/Directory Traversal
WHAT IS PATH TRAVERSAL/DIRECTORY TRAVERSAL? Path traversal (also known as directory traversal) is an attack that uses..
Learn MorePCI Application
WHAT IS PCI APPLICATION? The Payment Card Industry Data Security Standard (PCI DSS) is a set of widely followed..
Learn MorePCI Compliance
WHAT IS PCI COMPLIANCE? Payment card industry (PCI) compliance, also referred to as Payment Card Industry Data Security..
Learn MorePenetration Testing
WHAT IS PENETRATION TESTING? Penetration testing, also known as pen testing, security pen testing, and security..
Learn MorePHP Programming Language
PHP (short for Hypertext PreProcessor) is the most widely used open source and server-side scripting language. It is..
Learn MorePython Programming Language
Python has become one of the most popular programming languages in the world in recent years. It is used in everything..
Learn MoreRASP Security
RASP SECURITY & WHY IT IS IMPORTANT Coined by Gartner in 2012, Runtime Application Self-Protection RASP is an emerging..
Learn MoreREDOS Attack
A ReDoS attack is a denial-of-service (DoS) attack that exploits an application’s exponential evaluation of regular..
Learn MoreRegular Expression DoS (ReDoS)
WHAT IS REGULAR EXPRESSION DOS (REDOS)? Regular expressions can reside in every layer of the web. The Regular..
Learn MoreRuby Programming Language
Ruby is an open-source, object-oriented scripting language developed in the mid-90s by Yukihiro Matsumoto. Unlike C and..
Learn MoreSBOM
What’s an SBOM? Software Bills of Materials (SBOMs) were born out of the need to provide a better way to accurately..
Learn MoreScala Programming Language
Scala is a statically-typed, general-purpose programming language that can be both Object-Oriented and Functional,..
Learn MoreSCRUM
WHAT IS AGILE SCRUM ENVIRONMENT? As a set of values and principles that describes a group's day-to-day interactions and..
Learn MoreSecurity Misconfigurations
WHAT IS A SECURITY MISCONFIGURATIONS VULNERABILITY? Security misconfigurations is #6 on the latest (2017) OWASP Top 10..
Learn MoreSensitive Data Exposure
Any industry that collects, stores, or processes sensitive data is at risk for a data breach. In 2020, the average cost..
Learn MoreServerless Security
What is Serverless Security? Serverless is a cloud-native development and deployment model that abstracts underlying..
Learn MoreSession Fixation Attack
WHAT IS SESSION FIXATION ATTACK? Session fixation and session hijacking are both attacks that attempt to gain access to..
Learn MoreSession Hijacking
Session Hijacking Attacks The importance of security is on the rise as digital innovation explodes. And as..
Learn MoreSoftware Composition Analysis (SCA)
WHAT IS SOFTWARE COMPOSITION ANALYSIS (SCA)? Today’s software applications rely heavily on open-source components...
Learn MoreSoftware Development Life Cycle (SDLC) Security
What is SDLC? The Software Development Life Cycle (SDLC) is a framework that defines tasks performed at each step in..
Learn MoreSpoofing
A spoofing attack is an application attack where a bad actor disguises themselves as a trusted device or user in order..
Learn MoreSpoofing Attack
WHAT IS SPOOFING ATTACK? In a spoofing attack, a malicious party or program impersonates another device or user on a..
Learn MoreSpring Core
What is Spring Core? Spring Core (spring-core) is the core of the framework that powers features such as Inversion of..
Learn MoreSpring Framework
What is Spring Framework? The Spring Framework provides a comprehensive programming and configuration model for modern..
Learn MoreSpring Web MVC
What is Spring Web MVC? A Model-View-Controller (MVC) architecture for the Spring Framework that can be used to..
Learn MoreSpring Webflux
What is Spring Webflux? Spring Webflux is the reactive-stack web framework added in Spring version 5.0. Reactive..
Learn MoreSpring4Shell
What is Spring4Shell? Zero-day, remote code execution (RCE) vulnerability in the Spring Framework was Disclosed on..
Learn MoreSQL Injection
WHAT IS SQL INJECTION? An SQL injection attack consists of an insertion or injection of a SQL query via the input data..
Learn MoreStatic Application Security Testing
WHAT IS STATIC APPLICATION SECURITY TESTING (SAST)? Static application security testing (SAST) involves analyzing an..
Learn MoreUntrusted or Insecure Deserialization
WHAT IS UNTRUSTED OR INSECURE DESERIALIZATION? Serialization refers to the process of converting an object into a..
Learn MoreVulnerability Assessment
Cyber crimes are expected to cause more than 6 trillion dollars in damages in 2021. By the year 2025, it's estimated..
Learn MoreVulnerability Scanning
Vulnerability Scanning Vulnerabilities continue to grow as organizations turn to digital transformation and roll out..
Learn MoreVulnerability Testing
Vulnerability testing is an assessment used to evaluate application security by identifying, diagnosing, and triaging..
Learn MoreWeb Application
What is a Web Application? A web application is a program that can be accessed through a web browser and runs on a web..
Learn MoreWeb Application Firewall
WHAT IS WEB APPLICATION FIREWALL? A web application firewall (WAF) is a network defense that filters, monitors, and..
Learn MoreWeb Browser Attacks
What is a Web Browser Attack? A web browser attack is a type of cyber attack that targets vulnerabilities in web..
Learn MoreWebsite Scanner
Development teams are a fundamental part of organizations, with digital transformation ascending to the top of..
Learn MoreZero-day
What is a zero-day vulnerability? 0-Day vulnerabilities are a vulnerability in the wild, without any vendor patch. The..
Learn MoreZip File Overwrite
WHAT IS ZIP FILE OVERWRITE? Zip file overwrite (also known as Zip Slip) exploits a vulnerability that is found in..
Learn More