Glossary of Terms
- A
- B
- C
- D
- E
- F
- G
- H
- I
- J
- K
- L
- M
- N
- O
- P
- Q
- R
- S
- T
- U
- V
- W
- X
- Y
- Z
AGILE
WHAT IS AGILE? Agile is a frequently used methodology applied to the management of software development projects. It is..
Learn MoreAPACHE STRUTS
WHAT IS APACHE STRUTS? Apache Struts is a free, open-source framework for creating elegant, enterprise-ready Java web..
Learn MoreApache Tomcat
What is Apache Tomcat? Apache Tomcat is an open-source Java servlet and Java Server Page container that lets developers..
Learn MoreAPI Security
WHAT IS API? With organizations pushing forward various digital transformation initiatives, the number of application..
Learn MoreApplication Attacks
Application Attacks Application development is burgeoning with the adoption of Agile and DevOps. As a result, cyber..
Learn MoreApplication Security
What Is Application Security? Application security is the use of software, hardware, and procedural methods to protect..
Learn MoreApplication Security Testing (AST)
WEB APPLICATION SECURITY TESTING Application security testing describes the various approaches used by organizations as..
Learn MoreApplication Vulnerability
WHAT IS APPLICATION VULNERABILITY? Application vulnerabilities are flaws or weaknesses in an application that can lead..
Learn MoreBINARY CODE ANALYSIS
WHAT IS BINARY CODE ANALYSIS? Binary code analysis, also referred to as binary analysis or code review, is a form of..
Learn MoreBroken Access Control
WHAT IS BROKEN ACCESS CONTROL? Broken access control is #5 on the latest (2017) OWASP Top 10 list. Originally a..
Learn MoreBroken Authentication
WHAT IS BROKEN AUTHENTICATION? Broken authentication is #2 on the latest (2017) OWASP Top 10 list. Broken..
Learn MoreBRUTE FORCE ATTACK
WHAT IS BRUTE FORCE ATTACK? With a brute force attack, the attacker attempts to crack a password or username using an..
Learn MoreBuffer Overflow
WHAT IS BUFFER OVERFLOW? Buffers provide a temporary area for programs to store data. A buffer overflow, also known as..
Learn MoreCODE INJECTION
WHAT IS CODE INJECTION? Code injection is the term used to describe attacks that inject code into an application. That..
Learn MoreCommand Injection
WHAT IS COMMAND INJECTION? With a command injection attack, the goal is to hijack a vulnerable application in order to..
Learn MoreComputer Worm
Computer worms have been around for more than three decades and show no sign of extinction. Throughout their existence,..
Learn MoreCross-Site Scripting
CROSS SITE SCRIPTING PREVENTION Cross-site scripting (XSS) describes a web security vulnerability that allows attackers..
Learn MoreDevOps Security
WHAT IS DEVOPS SECURITY? DevOps security refers to the practice of safeguarding an organization’s entire..
Learn MoreDevSecOps
As organizations rush to embrace various digital transformation initiatives, DevOps (development and operations)..
Learn MoreDynamic Application Security Testing
Dynamic Application Security Testing (DAST) Organizations across all industries are transforming digitally to keep up..
Learn MoreExpression Language Injection
WHAT IS EXPRESSION LANGUAGE INJECTION? Expression Language Injection (aka EL Injection) enables an attacker to view..
Learn MoreFALSE NEGATIVE
WHAT IS FALSE NEGATIVE ? Designing test cases that accurately identify defects in software can be challenging. As..
Learn MoreFALSE POSITIVE
WHAT IS FALSE POSITIVE? False positives occur when a scanning tool, web application firewall (WAF), or intrusion..
Learn MoreFIREWALL
WHAT IS FIREWALL? A firewall is a network security system that monitors and controls incoming and outgoing network..
Learn MoreFUZZ TESTING
WHAT IS FUZZ TESTING? In the world of cybersecurity, fuzz testing (or fuzzing) is an automated software testing..
Learn MoreInjection
WHAT IS INJECTION? Injection is #1 on the latest (2017) OWASP Top 10 list. Injection vulnerabilities allow attackers to..
Learn MoreINSECURE DESERIALIZATION
Deserialization Is a Core Component of Web Applications At the heart of the essentially limitless realm of information..
Learn MoreINSTRUMENTATION
WHAT IS INSTRUMENTATION? Security instrumentation (aka deep security instrumentation) embeds sensors within..
Learn MoreINSUFFICIENT LOGGING AND MONITORING
WHAT IS INSUFFICIENT LOGGING AND MONITORING ? Insufficient logging and monitoring is #10 on 2017 OWASP Top Ten list of..
Learn MoreInteractive Application Security Testing
WHAT IS INTERACTIVE APPLICATION SECURITY TESTING (IAST)? Application security testing describes the various approaches..
Learn MoreLog4Shell
What is Log4Shell? Log4shell is the nickname provided to the Remote Code Execution (RCE) vulnerability that was..
Learn MoreMalicious Code
WHAT IS MALICIOUS CODE? Malicious code is code inserted in a software system or web script intended to cause undesired..
Learn MoreMalicious Cyber Intrusion
What Is a Malicious Cyber Intrusion? As developers strive to meet the demands of the modern software development life..
Learn MoreMan-in-the-Middle Attack
What is a MAN-IN-THE-MIDDLE (MITM) ATTACK? In a man-in-the-middle (MITM) attack, the attacker eavesdrops on the..
Learn MoreMethod Tampering
WHAT IS METHOD TAMPERING? Method tampering (aka verb tampering and HTTP method tampering) is an attack against..
Learn MoreOGNL Injection (OGNL)
WHAT IS OGNL INJECTION (OGNL)? Object-Graph Navigation Language is an open-source Expression Language (EL) for Java..
Learn MoreOpen Source Security
IMPLEMENTING A GOOD OPEN SOURCE SECURITY STRATEGY The term "open source" refers to software in the public domain that..
Learn MoreOWASP Top 10
WHAT IS OWASP TOP 10? The Open Web Application Security Project (OWASP) is a worldwide not-for-profit organization..
Learn MorePath Traversal/Directory Traversal
WHAT IS PATH TRAVERSAL/DIRECTORY TRAVERSAL? Path traversal (also known as directory traversal) is an attack that uses..
Learn MorePCI Application
WHAT IS PCI APPLICATION? The Payment Card Industry Data Security Standard (PCI DSS) is a set of widely followed..
Learn MorePCI Compliance
WHAT IS PCI COMPLIANCE? Payment card industry (PCI) compliance, also referred to as Payment Card Industry Data Security..
Learn MorePenetration Testing
WHAT IS PENETRATION TESTING? Penetration testing, also known as pen testing, security pen testing, and security..
Learn MoreRASP Security
RASP SECURITY & WHY IT IS IMPORTANT Coined by Gartner in 2012, Runtime Application Self-Protection RASP is an emerging..
Learn MoreRegular Expression DoS (ReDoS)
WHAT IS REGULAR EXPRESSION DOS (REDOS)? Regular expressions can reside in every layer of the web. The Regular..
Learn MoreSCRUM
WHAT IS SCRUM? As a set of values and principles that describes a group's day-to-day interactions and..
Learn MoreSDLC
What is SDLC? The Software Development Life Cycle (SDLC) is a framework that defines tasks performed at each step in..
Learn MoreSecurity Misconfigurations
WHAT IS SECURITY MISCONFIGURATIONS? Security misconfigurations is #6 on the latest (2017) OWASP Top 10 list. This..
Learn MoreSensitive Data Exposure
Any industry that collects, stores, or processes sensitive data is at risk for a data breach. In 2020, the average cost..
Learn MoreSession Fixation Attack
WHAT IS SESSION FIXATION ATTACK? Session fixation and session hijacking are both attacks that attempt to gain access to..
Learn MoreSession Hijacking
Session Hijacking The importance of security is on the rise as digital innovation explodes. And as organizations launch..
Learn MoreSoftware Composition Analysis
WHAT IS SOFTWARE COMPOSITION ANALYSIS? Today’s software applications rely heavily on open-source components. Software..
Learn MoreSpoofing Attack
WHAT IS SPOOFING ATTACK? In a spoofing attack, a malicious party or program impersonates another device or user on a..
Learn MoreSpring Core
What is Spring Core? Spring Core (spring-core) is the core of the framework that powers features such as Inversion of..
Learn MoreSpring Framework
What is Spring Framework? The Spring Framework provides a comprehensive programming and configuration model for modern..
Learn MoreSpring Web MVC
What is Spring Web MVC? A Model-View-Controller (MVC) architecture for the Spring Framework that can be used to..
Learn MoreSpring Webflux
What is Spring Webflux? Spring Webflux is the reactive-stack web framework added in Spring version 5.0. Reactive..
Learn MoreSpring4Shell
What is Spring4Shell? Zero-day, remote code execution (RCE) vulnerability in the Spring Framework was Disclosed on..
Learn MoreSQL Injection
WHAT IS SQL INJECTION? An SQL injection attack consists of an insertion or injection of a SQL query via the input data..
Learn MoreStatic Application Security Testing
WHAT IS STATIC APPLICATION SECURITY TESTING? Static application security testing (SAST) involves analyzing an..
Learn MoreUntrusted or Insecure Deserialization
WHAT IS UNTRUSTED OR INSECURE DESERIALIZATION? Serialization refers to the process of converting an object into a..
Learn MoreVulnerability Scanning
Vulnerability Scanning Vulnerabilities continue to grow as organizations turn to digital transformation and roll out..
Learn MoreWeb Application Firewall
WHAT IS WEB APPLICATION FIREWALL? A web application firewall (WAF) is a network defense that filters, monitors, and..
Learn MoreZero-day
What is zero-day? 0-Day vulnerabilities are a vulnerability in the wild, without any vendor patch. The zero means..
Learn MoreZip File Overwrite
WHAT IS ZIP FILE OVERWRITE? Zip file overwrite (also known as Zip Slip) exploits a vulnerability that is found in..
Learn More