- AppSec: An IT field where specialists focus on secure application design and are familiar with programming.
- Authentication:?The process of checking if a user is allowed to gain access to a system. e.g., Login forms with username and password.
- Authorization:?Checking if the authenticated user has access to act: E.g., user, admin, super admin roles.
- Audit:?Conduct a complete inspection of an organization’s network to find vulnerable endpoints or malicious software.
- Access Control List:?A list that contains users and their level of access to a system.
- Aircrack-ng:?Aircrack-ng is a complete suite of tools to assess wifi network security. It contains sniffing, password cracking, and general wireless attacking tools.
- Availability:?Assuring information and communications services will be ready for use when expected.
- Backdoor:?A piece of code that lets hackers get into the system easily after being compromised.
- Burp Suite:?Web application security software helps test web apps for vulnerabilities. It is used in bug bounty hunting.
- Banner Grabbing:?Capturing necessary information about a server, like the type of web server software (e.g., Apache) and services running on it.
- Botnet:?A network of computers controlled by a hacker to perform attacks such as Distributed Denial of Service.
- Brute-Force Attack:?An attack where the hacker tries different login combinations to gain access. e.g., trying to crack a 9 -digit numeric password by trying all the numbers from 000000000 to 999999999
- Buffer Overflow:?When a program tries to store more information than it can, it overflows into other buffers (memory partitions), corrupting existing data.
- Cache:?Storing the response to a particular operation in temporary high-speed storage serves other incoming requests better. E.g., you can store a database request in a cache till it is updated to reduce calling the database again for the same query.
- Cloud Access Security Brokers (CASB): A type of software that provides security policy enforcement between cloud service consumers and providers, consolidating features such as encryption, auditing, DLP, access control, and anomaly detection.
- Content Delivery Network (CDN): A hosted, geographically-distributed server network that improves website file delivery and performance. It can also include security features such as DDoS protection.
- Cipher:?Cryptographic algorithm for encrypting and decrypting data.
- Code Injection:?Injecting malicious code into a system by exploiting a bug or vulnerability.
- Cross-Site Scripting:?Executing a script on the client side through a legitimate website. This can be prevented if the website sanitizes user input.
- Cross-Site Request Forgery (CSRF): A malicious web exploits in which an attacking program forces a user’s browser to perform an unwanted action on a site where the user is currently authenticated.
- Compliance:?Compliance is a set of rules defined by the government or other authorities on how to protect your customer’s data. Common ones include HIPAA, PCI-DSS, and FISMA.
- Confidentiality:?A security measure that protects against disclosing information to parties other than the intended recipient is by no means the only way of ensuring security.
- Cryptocurrency: An encrypted digital exchange whose encryption techniques are used as a method to ensure that secure transactions take place that is both regulated and verified.
- Data Exfiltration: An unauthorized transfer of data. It can be carried out manually or through a malicious automated program.
- Decentralized Autonomous Organization (DAO): An organization that serves as a venture capital fund. It runs through smart contracts, and its transaction records are maintained in a blockchain.
- Distributed Denial of Service Attack (DDOS): A type of attack that shuts down services, usually by sending several requests to the service that the service cannot handle, interrupting legitimate requests of the service.
- Dynamic Applications Security Testing (DAST): An analysis of an application’s security that only monitors the runtime environment and the code that is executed in it. It simulates potential attacks and analyzes the results.
- Dictionary Attack:??Attacking a system with a pre-defined list of usernames and passwords. E.g., admin/admin is a common username/password combination used by amateur sysadmins.
- Dumpster Diving:??Looking into a company’s trash cans for useful information.
- Denial of Service & Distributed Denial of Service:?Exhausting a server’s resources by sending too many requests is a Denial of Service. If a botnet is used to do the same, it’s called Distributed Denial of Service.
- DevSecOps:?Combining development and operations by considering security as a key ingredient from the initial system design.
- Directory Traversal:?A vulnerability that lets attackers list all the files and folders within a server. This can include system configuration and password files.
- Domain Name System (DNS):?Helps convert domain names into server IP addresses. eg. Google.com -> 216.58.200.142
- DNS Spoofing:?Trikcnig a system’s DNS to point to a malicious server. E.g., when you enter ‘facebook.com,’ you might be redirected to the attacker’s website that looks like Facebook.
- Discovery:?This stage aims to identify systems within the scope and the services used. It is not intended to discover vulnerabilities, but version detection may highlight deprecated versions of software/firmware and indicate potential vulnerabilities.
- Encryption:?Encoding a message with a key so that only the parties can read the message.
- Exploit?A piece of code that takes advantage of a vulnerability in the target system. e.g., Buffer overflow exploits can get you to root access to a system.
- Enumeration:?Mapping out all network components by gaining access to a single system.
- Footprinting:?Gathering information about a target using active methods such as scanning and enumeration.
- Flooding:?Sending too many data packets to a target system to exhaust its resources and cause a Denial of Service or similar attacks.
- Firewall:?A software or hardware filter that can be configured to prevent common types of attacks.
- Fork Bomb:?Forking a process indefinitely to exhaust system resources. It is related to a Denial of Service attack.
- Fuzzing:?Sending automated random input to a software program to test its exception-handling capacity.
- Hardening:?Securing a system from attacks like closing unused ports. It is usually done using scripts for servers.
- Hash Function:?Mapping a piece of data into a fixed value string. Hashes are used to confirm data integrity.
- Honey Pot:?An intentionally vulnerable system used to lure attackers. This is then used to understand the attacker’s strategies.
- HIPAA:?The Health Insurance Portability and Accountability Act. If you are working with healthcare data, you need to make sure you are HIPAA compliant. This is to protect the customer’s privacy.
- Input Validation:?Checking user inputs before sending them to the database. E.g., sanitizing form input to prevent SQL injection attacks.
- Integrity:?Integrity of information refers to protecting information from being modified by unauthorized parties, e.g., Making sure the data sent from the server is the same that the client received. This ensures there is no tampering, and integrity is usually achieved by hashing and encryption.
- Intrusion Detection System:?It is software similar to a firewall but with advanced features. Helps in defending against Nmap scans, DDoS attacks, etc.
- IP Spoofing:?Changing the source IP address of a packet to fool the target into thinking a request comes from a legitimate server.
- Information Security (InfoSec): An IT field where specialists are skilled security generalists, and in larger companies, they are CISOs and managers.
- Injection Attack: A scenario where attackers relay malicious code through an application to another system for malicious manipulation of the application. These attacks can target an operating system via system calls, external programs via shell commands, or databases via query language (SQL) injection.
- Interactive Application Security Testing (IAST): A combination of SAST and DAST, usually implemented as an agent that monitors attacks and identifies vulnerabilities within the test runtime environment.
- IT Security (ITSec): An IT field where specialists focus on system administration security (i.e. in the host, auth servers, mandatory access controls systems, etc.).
- John The Ripper:?Brilliant password-cracking tool that runs on all major platforms.
- Kerberos:?Default authorization software used by Microsoft uses a more robust encryption system.
- KeyLogger:?A software program that captures a user’s keystrokes on the system.
- Logic Bombs:?A piece of code (usually malicious) that runs when a condition is satisfied.
- Light Weight Directory Access Protocol (LDAP):?Lightweight client-server protocol on Windows, central place for authentication. Stores usernames and passwords to validate users on a network.
- Malware:?Short for “Malicious Software” Everything from viruses to backdoors is malware.
- MAC Address:?Unique address assigned to a Network Interface Card and is used as an identifier for local area networks. Easy to spoof.
- Multi-factor Authentication:?Using more than one authentication method to access a service. e.g., username/password with mobile OTP to access a bank account (two-factor authentication)
- MD5:?Widely used hashing algorithm. Once a favourite, it has many vulnerabilities.
- Metasploit:?All-in-one penetration testing framework that helps exploit vulnerabilities and successfully gain access to target systems.
- Meterpreter:?An advanced Metasploit payload that lives in memory and is hard to trace.
- Miners: Calculate the Proof-Of-Work hash of all transactions in a blockchain block, essentially sealing the new block and transmitting it to the network so that all nodes know a new block has been produced.
- Null-Byte Injection:?An?older exploit uses null bytes (i.e., %00 or 0x00 in hexadecimal) to URLs. It makes web servers return random/unwanted data, which might be useful for the attacker. You can easily prevent it by doing sanity checks.
- Network Interface Card(NIC):?Hardware that helps a device connect to a network.
- Network Address Translation:?Utility that translates your local IP address into a global IP address. e.g., your local IP might be 192.168.1.4, but to access the internet, you need a global IP address (from your router).
- Nmap:?Popular network scanning tool that gives information about systems, open ports, services, and operating system versions.
- Netcat:?Netcat is a?command line tool?responsible for reading and writing data in the network. To exchange data, Netcat uses the network protocols?TCP/IP?and?UDP.
- Nikto:?A popular web application scanner, helps to find over 6700 vulnerabilities, including server configurations and installed web server software.
- Nessus:?Commercial alternative to NMap, provides a detailed list of vulnerabilities based on scan results.
- Network Security (NetSec): An IT field where specialists focus on the security of data as it flows through network routers (i.e. firewalls, IDS, VPNs, application-specific protocols, etc.).
- Packet:?Data is sent and received by systems via packets. It contains source IP, destination IP, protocol, and other information.
- Password Cracking:?Cracking an encrypted password using tools like John the Ripper when you don’t have access to the key.
- Password Sniffing:?Performing man-in-the-middle attacks using tools like Wireshark to find password hashes.
- Patch:?A software update released by a vendor to fix a bug or vulnerability in a software system.
- Phishing:?Building fake websites that look remarkably similar to legitimate websites (like Facebook) to capture sensitive information.
- Ping Sweep:?A technique that tries to ping a system to see if it is alive on the network.
- Public Key Cryptography:?Encryption mechanism that uses a pair of keys, one private and one public. The sender will encrypt a message using your public key, which you can then decrypt using your private key.
- Public Key Infrastructure:?A public key infrastructure (PKI) is a system to create, store, and distribute digital certificates. This helps sysadmins verify that a particular public key belongs to a certain authorized entity.
- Personally Identifiable Information (PII):?Any information that identifies a user. E.g., Address, Phone number, Etc.
- Payload:?A piece of code (usually malicious) that performs a specific function. E.g., Keylogger.
- PCI-DSS:?Payment Card Industry Data Security Standard. If you are working with customer credit cards, you should be PCI-DSS compliant.
- Penetration Testing (Pen Testing): A technique to find vulnerabilities in a computer system by attacking that system through various methods that a real attacker would use.
- Open Web Application Security Project (OWASP): An online community of corporations, educational organizations, and individuals focused on providing web security tools, resources, events, and more for the wider development community.
- Ransomware:?Malware that locks your system using encryption and asks you to pay the price to get the key to unlock it.
- Rainbow Table:?Pre-calculated password hashes that will help you crack password hashes of the target easily.
- Reconnaissance:?Finding data about the target using methods such as google search, social media, and other publicly available information.
- Reverse Engineering:?Rebuilding a piece of software based on its functions.
- Role-Based Access:?Providing a set of authorizations for a role other than a user. E.g., the “Managers” role will have many permissions, while the “developers” role will have a different set of permissions.
- Rootkit:?A rootkit is a malware that provides unauthorized users with admin privileges. Rootkits include keyloggers, password sniffers, etc.
- Runtime Application Self-Protection (RASP): A feature that is built into an application to detect and halt attacks in real-time, automatically.
- Reentrancy Attacks: An attack where untrusted code reenters a contract and manipulates the state.
- Scanning:?Sending packets to a system and gaining information about the target system using the packets received. This involved the 3-way handshake.
- Secure Shell (SSH): SSH is a?Protocol that establishes an encrypted communication channel between a client and a server. You can use ssh to log in to remote servers and perform system administration.
- Session:?A session is a duration in which a communication channel is open between a client and a server. E.g., the time between logging into a website and logging out is a session.
- Session Hijacking:?Taking over someone else’s session by pretending to be the client. This is achieved by stealing cookies and session tokens. E.g., after you authenticate with your bank, an attacker can steal your session to perform financial transactions on your behalf.
- Social Engineering:?The art of tricking people into making them do something, not in their best interest. E.g., convincing someone to provide their password over the phone.
- Secure Hashing Algorithm (SHA): SHA is a widely used family of encryption algorithms. SHA256 is considered highly secure compared to earlier versions like SHA 1. It is also a one-way algorithm, unlike an encryption algorithm that you can decrypt. Once you hash a message, you can only compare it with another hash; you cannot re-hash it to its earlier format.
- Sniffing:?performing man-in-the-middle attacks on networks. It includes both wired and wireless networks.
- Spam:?Unwanted digital communication, including email, social media messages, Etc. Usually tries to get you into a malicious website.
- Syslog(System logging protocol): System administrators use it to capture all activity on a server, and it are usually stored on a separate server to retain logs in an attack.
- Secure Sockets Layer (SSL):?Establishes an encrypted tunnel between the client and server. E.g., when you submit passwords on Facebook, only the encrypted text will be visible to sniffers and not your original password.
- Snort:?Lightweight open-source Intrusion Detection System for Windows and Linux.
- SQL Injection:?A type of attack that can be performed on web applications using SQL databases. It happens when the site does not validate user input.
- Trojan:?Malware hidden within useful software. E.g., a pirated version of MS Office can contain trojans that will execute when you install and run the software.
- Traceroute:?A tool that maps a packet’s route between the source and destination.
- Tunnel:?Creating a private encrypted channel between two or more computers. Only allowed devices on the network can communicate through this tunnel.
- Virtual Private Network:?A subnetwork created within a network, mainly to encrypt traffic. e.g., connecting to a VPN to access a blocked third-party site.
- Virus:?A piece of code that is created to perform a specific action on the target systems. A virus has to be triggered to execute, e.g., auto-playing a USB drive.
- Vulnerability:?A point of attack caused by a bug / poor system design. e.g., a lack of input validation causes attackers to perform SQL injection attacks on a website.
- WarDriving:?Travelling through a neighbourhood looking for unprotected wifi networks to attack.
- WHOIS(Full form:?Who is responsible for this domain name?):?Helps to find information about IP addresses, their owners, DNS records, Etc.
- Wireshark:?Open source program to analyze network traffic and filter requests and responses for network debugging.
- Worm:?A malware program capable of replicating itself and spreading to other connected systems. e.g., a worm to build a botnet. Unlike Viruses, Worms don’t need a trigger.
- Wireless Application Protocol (WAP):?Protocol that helps mobile devices connect to the internet.
- Web Application Firewall (WAF):?Firewalls for web applications that help with cross-site scripting, Denial of Service, Etc.
- Zero-Day:?A newly discovered vulnerability in a system without a patch yet. Zero-day vulnerabilities are the most dangerous type since there is no possible way to protect against one.
- Zombie:?A compromised computer controlled by an attacker. A group of zombies is called a Botnet.