Glossary of Terms
- A
- B
- C
- D
- E
- F
- G
- H
- I
- J
- K
- L
- M
- N
- O
- P
- Q
- R
- S
- T
- U
- V
- W
- X
- Y
- Z
Brute Force Attack
What is a brute force attack? With a brute force attack, the attacker attempts to crack a password or username using an..
Learn More.NET Core Framework
What is .NET core framework? .NET Core is the latest version of .NET Framework, a free, open-source, general-purpose..
Learn More.NET Framework
What is .NET framework? Microsoft .NET was first released in 2016 as an open-source, cross-platform iteration of the..
Learn MoreActive vs Passive IAST Scanning
Active IAST testing and passive IAST testing Compared with traditional application testing tools and methodologies,..
Learn MoreAGILE
What is Agile? Agile is a frequently used methodology applied to the management of software development projects. It is..
Learn MoreApache Struts
What is Apache Struts? Apache Struts is a free, open-source framework for creating elegant, enterprise-ready Java web..
Learn MoreApache Tomcat
What is Apache Tomcat? Apache Tomcat is an open-source Java servlet and Java Server Page container that lets developers..
Learn MoreAPI Security
What is API security? With organizations pushing forward various digital transformation initiatives, the number of..
Learn MoreApplication
What is an application? app stack and tech stack explained Applications encompass a wide range of functionalities to..
Learn MoreApplication Attacks
Application attacks Application development is burgeoning with the adoption of Agile and DevOps. As a result, cyber..
Learn MoreApplication Detection and Response (ADR)
What is application detection and response (ADR)? In cybersecurity, ADR stands for application detection and response...
Learn MoreApplication layer attacks
Attacks targeting the application layer (Layer 7) are increasingly on the rise, with the application layer now being..
Learn MoreApplication Security
What is application security? Application security is the use of software, hardware, and procedural methods to protect..
Learn MoreApplication Security Testing (AST)
Application security testing tools Application security testing describes the various approaches used by organizations..
Learn MoreApplication Vulnerability
What is application vulnerability? Application vulnerabilities are flaws or weaknesses in an application that can lead..
Learn MoreApplication vulnerability monitoring
Contrast Application Vulnerability Monitoring (AVM) provides best-in-class monitoring that, when combined with our ADR..
Learn MoreARP Poisoning Attacks
ARP stands for Address Resolution Protocol which is used in network communications. ARPs translate Internet Protocol..
Learn MoreAuthentication bypass vulnerability
Authentication bypass vulnerabilities remain common and can cause significant harm. Traditional application defenses..
Learn MoreBinary Code Analysis
What is binary code analysis? Binary code analysis, also referred to as binary analysis or code review, is a form of..
Learn MoreBroken Access Control
What is broken access control? Broken access control has moved up from #5 in 2017 to #1 in 2021 in the OWASP Top 10..
Learn MoreBroken Authentication
What is broken authentication? Broken authentication was #2 on the 2017 OWASP Top 10 list. In 2021 the Broken..
Learn MoreBuffer Overflow
What is buffer overflow? Buffers provide a temporary area for programs to store data. A buffer overflow, also known as..
Learn MoreCode Injection
What is code injection? Code injection is the term used to describe attacks that inject code into an application. That..
Learn MoreCode Repository
What is a code repository A code repository is a central location where software developers can store, manage, and..
Learn MoreCommand injection
What is command injection? With a command injection attack, an attacker can hijack a vulnerable application in order to..
Learn MoreComputer Worm
What is a computer worm? Computer worms have been around for more than three decades and show no sign of extinction...
Learn MoreCross-Site Scripting
What is cross-site scripting? "Cross-site scripting" originally referred to loading the attacked, third-party web..
Learn MoreCSRF Vulnerability
Cross-site request forgery (CSRF) attack Application attacks are on the rise and becoming more advanced. On average,..
Learn MoreCVE-2016-1000027
CVE-2016-1000027 Learn about the CVE-2016-1000027 Spring Framework vulnerability, its background, its description, its..
Learn MoreDangerous Functions
What are dangerous functions? Dangerous functions are the root cause of all Application Security (AppSec) problems. In..
Learn MoreData Breach
What is a data breach and how to prevent it? A data breach is an incident in which an unauthorized person or entity..
Learn MoreDevOps Security
What is DevOps security? DevOps security refers to the practice of safeguarding an organization’s entire..
Learn MoreDevSecOps
As organizations rush to embrace various digital transformation initiatives, DevOps (development and operations)..
Learn MoreDynamic Application Security Testing (DAST)
Organizations across all industries are transforming digitally to keep up with the competition. Modern software..
Learn MoreEndpoint Detection and Response (EDR)
What is EDR? Endpoint Detection and Response (EDR) is a cybersecurity solution that monitors and protects endpoints —..
Learn MoreExpression Language Injection
What is expression language injection? Expression Language Injection (aka EL Injection) enables an attacker to view..
Learn MoreFalse Negative
What is a false negative? Designing test cases that accurately identify defects in software can be challenging. As..
Learn MoreFalse Positive
What is false positive? False positives occur when a scanning tool, web application firewall (WAF), or intrusion..
Learn MoreFirewall
What is a firewall network security system? A firewall is a network security system that monitors and controls incoming..
Learn MoreFuzz Testing
What is fuzz testing, or “fuzzing”? In the world of cybersecurity, fuzz testing (or fuzzing) is an automated software..
Learn MoreGo Language
What is go language? Go language is an open-source programming language used for general purposes. Go was developed by..
Learn MoreIAST vs SAST
Definitions of SAST and IAST testing methodologies Static Application Security Testing (SAST) is a static application..
Learn MoreIncident Response
What does incident response mean? In cybersecurity, incident response refers to the process of detecting, analyzing and..
Learn MoreInjection Attack
Overview Injection attacks remain one of the most common application attack vectors. To help prevent these attacks,..
Learn MoreInsecure Deserialization
Deserialization is a core component of web applications At the heart of the essentially limitless realm of information..
Learn MoreInstrumentation
What is code instrumentation? Code instrumentation is a technique where additional code is injected into an..
Learn MoreInsufficient Logging and Monitoring
What is insufficient logging and monitoring? Insufficient logging and monitoring is #10 on 2017 OWASP Top Ten list of..
Learn MoreInteractive Application Security Testing (IAST)
What is interactive application security testing (IAST)? Application security testing describes the various approaches..
Learn MoreJava Programming Language
What is java programming language? Java is a programming language and computing platform first released by Sun..
Learn MoreJavaScript Programming Language
What is JavaScript programming language?? JavaScript is a text-based programming language used both on the client-side..
Learn MoreKotlin Programming Language
What is Kotlin programming language? Kotlin is a general purpose, free, open source, statically typed "pragmatic"..
Learn MoreLog4Shell
What is Log4Shell? Log4shell is the nickname provided to the Remote Code Execution (RCE) vulnerability that was..
Learn MoreMalicious Code
What is malicious code? Malicious code is code inserted in a software system or web script intended to cause undesired..
Learn MoreMalicious Cyber Intrusion
What is a malicious cyber intrusion? As developers strive to meet the demands of the modern software development life..
Learn MoreMan-in-the-Middle Attack
What is a Man-In-The-Middle (MITM) Attack? In a man-in-the-middle (MITM) attack, the attacker eavesdrops on the..
Learn MoreMean time to detect (MTTD)
For Security Operations (SecOps) professionals and Security Operations Center (SOC) teams, having a low MTTD is crucial..
Learn MoreMethod Tampering
What is method tampering? Method tampering (aka verb tampering and HTTP method tampering) is an attack against..
Learn MoreMicrosoft Azure Function App
What is a function app? A Function App is a Microsoft Azure Functions construct. Essentially it is a group of one or..
Learn MoreMTTR
No matter if you define MTTR as mean time to respond or mean time to remediate, Contrast Security can help you meet..
Learn MoreNetwork detection and response (NDR)
What is NDR in cybersecurity? Network detection and response (NDR) is a cybersecurity solution that monitors network..
Learn MoreNIST CSF 2.0
Overview NIST CSF 2.0 provides key guidance to organizations of all sizes looking to improve their security posture...
Learn MoreNode.js
What is Node.js? Node.js is an open-source, server-side script that runs on top of Google's open-source scripting..
Learn Morenpm
When it comes to code and package security, Runtime Security is the best option out there for both engineering and..
Learn MoreOGNL Injection (OGNL)
What is OGNL injection (OGNL)? Object-Graph Navigation Language is an open-source Expression Language (EL) for Java..
Learn MoreOpen Source Security (OSS)
Implementing a good open source security strategy The term "open source" refers to software in the public domain that..
Learn MoreOSI Layer 7
With attacks targeting OSI layer 7, the application layer, on the rise, organizations need more robust solutions to..
Learn MoreOWASP Top 10
What is OWASP Top 10? The Open Web Application Security Project (OWASP) is a worldwide not-for-profit organization..
Learn MorePCI Application
What is PCI application? The Payment Card Industry Data Security Standard (PCI DSS) is a set of widely followed..
Learn MorePCI Compliance
What is PCI compliance? Payment card industry (PCI) compliance, also referred to as Payment Card Industry Data Security..
Learn MorePenetration Testing
What is penetration testing? Penetration testing, also known as pen testing, security pen testing, and security..
Learn MorePHP Programming Language
What is PHP programming language? PHP (short for Hypertext PreProcessor) is the most widely used open source and..
Learn MoreProject
What is a Project? A project is a collection of source code contained in a ‘folder’, ‘Zip file’, war file or one or..
Learn MorePython Programming Language
What is python programming language? Python has become one of the most popular programming languages in the world in..
Learn MoreReDoS Attack
What is a ReDoS attack? A ReDoS attack is a denial-of-service (DoS) attack that exploits an application’s exponential..
Learn MoreRegular Expression DoS (ReDoS)
What is regular expression DoS (ReDoS)? Regular expressions can reside in every layer of the web. The Regular..
Learn MoreRemote code execution (RCE)
Get a free trial of Contrast ADR and see how it can protect your applications from cyberattacks that result in RCE...
Learn MoreRuby Programming Language
What is ruby programming language? Ruby is an open-source, object-oriented scripting language developed in the mid-90s..
Learn MoreRuntime Application Self Protection (RASP) Security
What is RASP security? Coined by Gartner in 2012, Runtime Application Self-Protection, RASP, is an emerging security..
Learn MoreRuntime Security
What is runtime security? Runtime Security is defined as protecting software everywhere it runs. Typically, runtime is..
Learn MoreSAST vs SCA
What is a SAST tool? Static Application Security Testing (SAST) is a static application analysis technique used to..
Learn MoreSBOM
What is an SBOM (Software Bills of Materials)? Software Bills of Materials (SBOMs) were born out of the need to provide..
Learn MoreScala Programming Language
What is scala programming language? Scala is a statically-typed, general-purpose programming language that can be both..
Learn MoreSCRUM
What is agile scrum environment? As a set of values and principles that describes a group's day-to-day interactions and..
Learn MoreSecurity Misconfigurations
What is security misconfigurations? Security misconfigurations is #6 on the latest (2017) OWASP Top 10 list. This..
Learn MoreSecurity operations center (SOC)
What is a SOC? A SOC is a centralized facility that monitors and analyzes an organization's security systems and data..
Learn MoreSensitive Data Exposure
Any industry that collects, stores, or processes sensitive data is at risk for a data breach. In 2020, the average cost..
Learn MoreServerless Security
What is serverless? Serverless is a cloud-native development and deployment model that abstracts underlying servers and..
Learn MoreSession Fixation Attack
What is session fixation attack? Session fixation and session hijacking are both attacks that attempt to gain access to..
Learn MoreSession Hijacking
Session hijacking attacks The importance of security is on the rise as digital innovation explodes. And as..
Learn MoreSoftware Composition Analysis (SCA)
What is software composition analysis (SCA)? Today’s software applications rely heavily on open-source components. SCA..
Learn MoreSoftware Composition Analysis (SCA) tool in the code repository (repo)
What is SCA in the repo? What is repository level SCA? When a Software Composition Analysis (SCA) tool scans a..
Learn MoreSoftware Development Life Cycle (SDLC) Security
What is the software development life cycle, aka SDLC? The Software Development Life Cycle (SDLC) is a framework that..
Learn MoreSpoofing
What is spoofing? Spoofing is when a bad actor disguises themselves as a trusted device or user in order to gain access..
Learn MoreSpoofing Attack
What is a spoofing attack? In a spoofing attack, a malicious party or program impersonates another device or user on a..
Learn MoreSpring Core
What is Spring Core? Spring Core (spring-core) is the core of the framework that powers features such as Inversion of..
Learn MoreSpring Framework
What is Spring Framework? The Spring Framework provides a comprehensive programming and configuration model for modern..
Learn MoreSpring Web MVC
What is Spring Web MVC? A Model-View-Controller (MVC) architecture for the Spring Framework that can be used to develop..
Learn MoreSpring Webflux
What is Spring Webflux? Spring Webflux is the reactive-stack web framework added in Spring version 5.0. Reactive..
Learn MoreSpring4Shell
What is Spring4Shell? Zero-day, remote code execution (RCE) vulnerability in the Spring Framework was Disclosed on..
Learn MoreSQL Injection Attack
What is a SQL injection? A SQL injection attack consists of an insertion or injection of a SQL query via the input data..
Learn MoreStatic Application Security Testing (SAST)
What is static application security testing (SAST)? Static application security testing (SAST) involves analyzing an..
Learn MoreUntrusted or Insecure Deserialization
What is untrusted or insecure deserialization? Serialization refers to the process of converting an object into a..
Learn MoreVulnerability Assessment
Cyber crimes are expected to cause more than 6 trillion dollars in damages in 2021. By the year 2025, it's estimated..
Learn MoreVulnerability Scanning
What is vulnerability scanning? Vulnerability scanning is the finding of security flaws and vulnerabilities, analyzing..
Learn MoreVulnerability Testing
What is vulnerability testing? Vulnerability testing is an assessment used to evaluate application security by..
Learn MoreWAF vs. RASP Security Tools
WAF vs. RASP security tools: a defense in depth approach to application security In today's threat landscape, web..
Learn MoreWeb Application
What is a web application? A web application is a program that can be accessed through a web browser and runs on a web..
Learn MoreWeb application firewall (WAF)
While web application firewalls (WAFs) have long played — and continue to play — a key role in defending applications..
Learn MoreWeb Browser Attacks
What is a web browser attack? A web browser attack is a type of cyber attack that targets vulnerabilities in web..
Learn MoreWebsite Scanner
Development teams are a fundamental part of organizations, with digital transformation ascending to the top of..
Learn MoreWhat is a path traversal attack or directory traversal attack?
What is a path traversal attack? Understanding the harm it can cause Path traversal attacks use an affected application..
Learn MoreXSS (Cross-site scripting)
Understand the different types of XSS attacks and how to protect against them. Cross-Site Scripting (XSS) - a common..
Learn MoreZero-day exploits
With zero-day exploits on the rise, organizations need robust defenses designed to protect their applications against..
Learn MoreZip File Overwrite
What is zip file overwrite? Zip file overwrite (also known as Zip Slip) exploits a vulnerability that is found in..
Learn More