Security Glossary

172 terms covering web security, cryptography, and penetration testing

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
A
  • Advanced Encryption Standard (AES) The most widely used symmetric encryption algorithm, providing secure encryption in 128, 192, or 256-bit key variants.
  • API Key Exposure When API keys or credentials are inadvertently revealed in public locations like code repositories, client-side code, or logs, enabling u...
  • Arbitrary File Read A vulnerability that allows attackers to read files from the server's filesystem they shouldn't access, exposing configurations, credenti...
  • Arbitrary File Write A critical vulnerability allowing attackers to write files to arbitrary locations on the server, typically leading to code execution via ...
  • Argon2 The current recommended password hashing algorithm, winner of the Password Hashing Competition, with configurable memory, time, and paral...
B
  • Banner Grabbing A reconnaissance technique collecting service identification strings that reveal software names, versions, and configuration details.
  • bcrypt A password hashing function with built-in salt and configurable work factor, designed to be slow enough to resist brute-force attacks.
  • Billion Laughs Attack A denial-of-service attack using nested XML entity definitions that exponentially expand into gigabytes of data, exhausting server memory.
  • Blind SQL Injection A SQL injection technique where query results are not directly visible, requiring attackers to infer data by analyzing application behavi...
  • Blind SSRF An SSRF variant where the attacker cannot see the response content, requiring out-of-band techniques or timing analysis to confirm and ex...
  • Blind XXE An XXE variant where parsed data isn't reflected in responses, requiring out-of-band techniques like DNS or HTTP callbacks to exfiltrate ...
  • Boolean-Based Blind SQL Injection A blind SQL injection technique where data is extracted by observing different application responses based on whether injected conditions...
  • Broken Access Control A category of vulnerabilities where restrictions on authenticated users are not properly enforced, allowing access to unauthorized functi...
  • Broken Object Level Authorization (BOLA) An API vulnerability where the application fails to verify user permissions before granting access to objects, allowing unauthorized data...
  • Burp Suite The industry-standard web security testing platform with proxy, scanner, and tools for intercepting, analyzing, and exploiting web vulner...
C
  • Cache Key Manipulation Techniques exploiting how caches construct keys to achieve poisoning or deception, targeting unkeyed inputs and normalization inconsisten...
  • CBC Bit Flipping Attack An attack on CBC-mode encryption where modifying ciphertext bytes causes predictable changes in the next decrypted block, enabling conten...
  • Certificate Pinning Bypass Techniques to circumvent certificate pinning in mobile apps, allowing HTTPS traffic interception for security testing or malicious purposes.
  • Cipher Block Chaining (CBC) An encryption mode where each plaintext block is XORed with the previous ciphertext block before encryption, hiding patterns but vulnerab...
  • Clickjacking An attack that tricks users into clicking hidden elements from another site by overlaying transparent iframes over deceptive content.
  • Code Injection A vulnerability that allows attackers to inject and execute arbitrary code within an application's runtime environment through functions ...
  • Command Injection A vulnerability that allows attackers to execute arbitrary operating system commands on a server by injecting malicious input into system...
  • Content Security Policy (CSP) A browser security mechanism that prevents XSS by specifying which content sources are allowed to load and execute on a web page.
  • Cookie Security Flags Cookie attributes (HttpOnly, Secure, SameSite) that control browser handling, protecting against session hijacking, XSS, and CSRF attacks.
  • Credential Stuffing An automated attack testing stolen credentials from data breaches against other websites, exploiting password reuse across services.
  • Cross-Origin Resource Sharing (CORS) A mechanism allowing servers to specify which origins can access their resources, relaxing Same-Origin Policy. Misconfigurations can expo...
  • Cross-Site Request Forgery (CSRF) An attack that tricks authenticated users into performing unintended actions on a web application by exploiting the browser's automatic i...
  • Cross-Site Script Inclusion (XSSI) A vulnerability where sensitive data in JavaScript format can be stolen through cross-origin script inclusion, bypassing Same-Origin Policy.
  • Cross-Site Scripting (XSS) A client-side code injection attack where malicious scripts are injected into trusted websites, executing in victims' browsers to steal d...
  • Cryptographic Nonce A number used only once in cryptographic communication to prevent replay attacks and ensure each encryption operation produces unique out...
  • CSRF Token A unique, unpredictable value included in forms or requests that the server validates to ensure the request originated from the legitimat...
  • CVE (Common Vulnerabilities and Exposures) A publicly available list of disclosed cybersecurity vulnerabilities, each with a unique identifier (CVE-YYYY-NNNNN) for standard reference.
  • CVSS (Common Vulnerability Scoring System) A scoring system providing numerical ratings (0-10) for vulnerability severity based on attack characteristics and impact metrics.
  • CWE (Common Weakness Enumeration) A categorized list of software weakness types (like XSS, SQLi) that cause vulnerabilities, providing a taxonomy for discussing root causes.
D
  • Deserialization Gadget Chain A technique for exploiting deserialization by chaining existing code fragments in libraries to achieve code execution without injecting n...
  • Directory Bruteforcing A reconnaissance technique discovering hidden web directories and files by systematically requesting paths from wordlists and analyzing r...
  • Directory Traversal A vulnerability allowing attackers to navigate outside intended directories to access arbitrary files using path manipulation sequences l...
  • Django ORM Leak Vulnerabilities where Django ORM field lookups can be manipulated to leak sensitive data through startswith filters, JSON extraction, or ...
  • DNS Rebinding An attack exploiting DNS to bypass Same-Origin Policy, allowing malicious websites to access internal network resources or localhost serv...
  • Document Type Definition (DTD) A set of declarations defining XML document structure and entities. DTD entity features enable XXE attacks when external entities are pro...
  • DOM Clobbering A technique where HTML elements with id or name attributes overwrite JavaScript variables or DOM properties, potentially enabling XSS or ...
  • DOM-based XSS An XSS attack where the vulnerability exists in client-side JavaScript code that processes untrusted data and writes it to the DOM withou...
  • Double Encoding URL-encoding characters twice to bypass filters that decode only once, allowing malicious payloads to be decoded by the application.
E
  • ECB Mode Weakness A vulnerability in ECB encryption mode where identical plaintext blocks produce identical ciphertext blocks, revealing patterns in encryp...
  • ECDSA (Elliptic Curve Digital Signature Algorithm) A digital signature algorithm using elliptic curve cryptography, providing equivalent security to RSA with significantly smaller key sizes.
  • EdDSA (Edwards-curve Digital Signature Algorithm) A modern digital signature scheme using Edwards curves, designed for high performance and resistance to implementation vulnerabilities.
  • Exploit Chain A sequence of multiple vulnerabilities combined to achieve higher impact than any single vulnerability, often escalating from low to crit...
  • Exploit Payload The code or data delivered by an exploit to achieve objectives like spawning shells, establishing backdoors, or exfiltrating data.
  • Expression Language Injection A class of vulnerabilities where attackers inject code into expression languages (like JSP EL, SpEL, or OGNL) used by web frameworks to e...
F
  • ffuf A fast web fuzzer for directory discovery, parameter brute-forcing, and virtual host enumeration with powerful filtering options.
  • Fingerprinting The process of identifying software, versions, and technologies used by a target to find known vulnerabilities and tailor attacks.
G
  • Gadget Chain A sequence of existing code fragments within an application that can be chained together during deserialization to achieve code execution...
  • Galois/Counter Mode (GCM) An authenticated encryption mode combining counter-mode encryption with Galois field authentication, providing both confidentiality and i...
  • GCM Nonce Reuse A critical vulnerability where reusing a nonce with the same key in AES-GCM encryption completely breaks confidentiality and authentication.
  • Gobuster A fast brute-forcing tool for directories, DNS subdomains, virtual hosts, and S3 buckets, written in Go.
  • Google Dorking Using advanced Google search operators to find sensitive information, exposed files, and vulnerable systems indexed by search engines.
  • GraphQL Batching Attack Exploiting GraphQL's batch operation capability to bypass rate limiting, brute-force credentials in single requests, or cause denial of s...
  • GraphQL Injection Attack vectors targeting GraphQL APIs, including query manipulation, argument injection, and exploiting flexible query structures to acce...
  • GraphQL Introspection A GraphQL feature allowing schema queries that reveals all types, fields, and operations. Exposed in production, it aids attacker reconna...
H
  • Hash Collision When two different inputs produce the same hash output, potentially allowing attackers to substitute one document for another while maint...
  • Hashcat The world's fastest GPU-accelerated password recovery tool, supporting hundreds of hash types and multiple attack modes.
  • HMAC (Hash-based Message Authentication Code) A cryptographic construction combining a hash function with a secret key to produce a message authentication code, verifying both integri...
  • Horizontal Privilege Escalation An access control vulnerability where a user can access resources belonging to another user at the same privilege level.
  • HTTP Request Smuggling A technique exploiting parsing discrepancies between front-end and back-end servers to smuggle hidden HTTP requests that bypass security ...
I
  • Initialization Vector (IV) A random or pseudo-random value used with an encryption key to ensure identical plaintexts produce different ciphertexts.
  • Insecure Deserialization A vulnerability where untrusted data is used to abuse the logic of an application's deserialization process, potentially leading to remot...
  • Insecure Direct Object Reference (IDOR) A vulnerability where user-supplied input directly references internal objects (files, database records) without proper authorization che...
J
  • John the Ripper A free, versatile password cracking tool with auto-detection, extensive format support, and powerful rule-based transformations.
  • JSON CSRF A CSRF attack targeting endpoints that accept JSON content-type, often exploiting misconfigured CORS or content-type handling to forge AP...
  • JSON Web Encryption (JWE) A standard for encrypting JWT content, providing confidentiality in addition to the integrity protection offered by JWS signatures.
  • JSON Web Signature (JWS) A standard for digitally signing JSON content, providing integrity protection and authentication for JWT payloads.
  • JSON Web Token (JWT) A compact, URL-safe token format for securely transmitting claims between parties, commonly used for stateless authentication in web appl...
  • JSONP (JSON with Padding) A legacy technique for cross-origin data loading by wrapping JSON in callbacks. Deprecated due to security risks including data theft and...
  • JWT Algorithm Confusion Attack An attack where the JWT verification algorithm is switched from asymmetric (RS256) to symmetric (HS256), using the public key as the HMAC...
  • JWT Key Confusion Attack An attack where the JWT verification process is tricked into using an incorrect key, often by exploiting how the library handles key type...
  • JWT Kid Injection An attack exploiting the JWT "kid" (Key ID) header when it's used unsafely in database queries or file paths, enabling SQL injection or p...
  • JWT None Algorithm Attack An attack exploiting JWT libraries that accept tokens with "alg": "none", allowing unsigned tokens to be treated as valid.
L
  • LDAP Injection A vulnerability where user input in LDAP queries allows attackers to modify query logic, potentially bypassing authentication or accessin...
  • Length Extension Attack An attack against Merkle-Damgård hash functions (MD5, SHA-1, SHA-256) that allows appending data to a message and computing a valid hash ...
  • Local File Inclusion (LFI) A vulnerability where an application includes local files based on user input, allowing attackers to read sensitive files or execute code...
  • Log Poisoning An attack technique where malicious code is injected into log files, which are then included through an LFI vulnerability to achieve code...
  • Log4j JNDI Injection A critical vulnerability in Apache Log4j (Log4Shell) allowing remote code execution through JNDI lookup injection in logged messages.
M
  • Man-in-the-Middle (MITM) An attack where the adversary intercepts communications between two parties, enabling eavesdropping, data modification, or content inject...
  • Mass Assignment A vulnerability where attackers can modify object properties they shouldn't have access to by including extra parameters in requests that...
  • Metasploit A penetration testing framework with extensive exploit, payload, and post-exploitation modules for security testing and research.
  • Mutation XSS (mXSS) An XSS variant that bypasses HTML sanitizers by exploiting browser parsing quirks, where benign-looking input mutates into executable Jav...
N
  • Node.js Prototype Pollution Prototype pollution in Node.js, where polluting Object.prototype can lead to remote code execution via child_process or template engines.
  • NoSQL Injection An injection attack against NoSQL databases (MongoDB, CouchDB) using query operators like $ne, $gt, or $regex to bypass authentication an...
  • Nuclei A fast, template-based vulnerability scanner using YAML definitions, highly customizable with a large community template library.
  • Null Byte Injection Exploiting null byte (0x00) handling differences to truncate strings, bypass extension checks, or terminate paths prematurely.
O
  • OAuth2 An authorization framework that enables third-party applications to obtain limited access to user accounts without exposing credentials.
  • OAuth2 Access Token A credential issued by the authorization server that grants the client limited access to protected resources on behalf of the user.
  • OAuth2 Authorization Code Flow The most secure OAuth2 flow where the client receives an authorization code that is exchanged server-side for tokens, keeping secrets sec...
  • OAuth2 Authorization Server The OAuth2 component that authenticates users, obtains authorization, and issues access tokens to clients after successful authentication.
  • OAuth2 Predictable State A vulnerability where the OAuth2 state parameter can be guessed or predicted, enabling attackers to forge valid authorization callbacks.
  • OAuth2 Redirect URI The URL where the authorization server redirects users after authentication, carrying authorization codes or tokens back to the client ap...
  • OAuth2 Refresh Token A long-lived credential used to obtain new access tokens without requiring user re-authentication, enabling persistent sessions.
  • OAuth2 Resource Server The OAuth2 component that hosts protected resources and accepts access tokens to authorize API requests from clients.
  • OAuth2 State Fixation An attack where an attacker forces a victim to use a known OAuth2 state value, enabling the attacker to complete the OAuth flow on behalf...
  • OAuth2 State Parameter A random value passed through the OAuth2 flow to prevent CSRF attacks by ensuring the callback originates from the same session that init...
  • OGNL Injection A code injection vulnerability targeting Apache Struts applications where attackers inject OGNL expressions to access Java objects and ex...
  • Open Redirect A vulnerability where user-controlled input determines redirect destination, enabling attackers to redirect victims to malicious sites fr...
  • Out-of-Band SQL Injection A SQL injection technique that exfiltrates data through alternative channels like DNS or HTTP requests, useful when direct response is no...
  • OWASP Top 10 A standard document listing the ten most critical web application security risks, published by OWASP and updated periodically based on in...
  • OWASP ZAP A free, open-source web security scanner from OWASP with proxy, automated scanning, and CI/CD integration capabilities.
P
  • Padding Oracle Attack A cryptographic attack exploiting information leaked through error messages about padding validity, enabling decryption without knowing t...
  • Password Salt Random data added to passwords before hashing, ensuring identical passwords produce different hashes and preventing rainbow table attacks.
  • Password Spraying An attack trying common passwords against many accounts with delays between attempts, avoiding lockouts while maximizing credential disco...
  • Path Traversal A vulnerability that allows attackers to access files outside the intended directory by manipulating file paths with sequences like ../.
  • PBKDF2 A key derivation function applying iterated HMAC to passwords. Widely supported but less GPU-resistant than bcrypt, scrypt, or Argon2.
  • PHAR Deserialization A PHP vulnerability where accessing a PHAR archive file triggers automatic deserialization of its metadata, potentially leading to code e...
  • PHP A server-side scripting language widely used for web development, known for security considerations around type juggling, object injectio...
  • PHP Object Injection A vulnerability where user input passed to PHP's unserialize() function allows attackers to inject objects that trigger magic methods to ...
  • PHP Type Juggling Vulnerabilities from PHP's loose type comparisons where automatic type conversion can lead to authentication bypasses using "magic hash" ...
  • PHP Wrappers PHP stream protocols (php://, data://, etc.) that extend file handling. When used with user input, they enable file reading, code executi...
  • PKCE (Proof Key for Code Exchange) An OAuth 2.0 extension that prevents authorization code interception using a cryptographic challenge-response, required for public client...
  • PKCS#7 Padding A padding scheme that fills incomplete cipher blocks with bytes indicating the padding length, enabling block cipher encryption of arbitr...
  • Polyglot Payload A single payload valid in multiple contexts or formats, triggering vulnerabilities regardless of how the application processes the input.
  • postMessage Vulnerability Security issues from improper use of window.postMessage() for cross-origin communication, typically due to missing origin validation or u...
  • Proof of Concept (PoC) Code or demonstration proving a vulnerability exists and is exploitable, validating security issues without full weaponization.
  • Prototype Pollution A JavaScript vulnerability where attackers modify Object.prototype, affecting all objects in the application and potentially enabling pro...
  • Python Pickle Python's serialization module that can execute arbitrary code during deserialization, making it dangerous for untrusted input.
R
  • Race Condition A vulnerability where concurrent operations exploit timing windows between security checks and actions, enabling double-spending, bypasse...
  • Rails Mass Assignment A Rails vulnerability where user-submitted parameters can modify protected model attributes like admin flags when Strong Parameters aren'...
  • Rails Session Serialization Vulnerabilities from Rails session serialization using Marshal, which can lead to RCE if the secret_key_base is compromised.
  • Rainbow Table A precomputed table of hash values used to reverse hashes back to plaintext, enabling fast password cracking when salts are not used.
  • Reflected XSS A type of XSS where malicious script from the current HTTP request is reflected in the page response without proper sanitization, executi...
  • Remote File Inclusion (RFI) A vulnerability where an application includes and executes files from remote URLs based on user input, allowing execution of attacker-hos...
  • Return-Oriented Programming (ROP) An exploitation technique chaining existing code sequences ending in return instructions to bypass non-executable memory protections.
  • RSA Cryptography A widely used asymmetric cryptography system based on the difficulty of factoring large prime numbers, used for encryption and digital si...
  • Ruby Marshal Ruby's serialization mechanism that can execute code during deserialization through marshal_load or gadget chains in loaded classes.
S
  • Same-Origin Policy (SOP) A browser security mechanism that restricts how documents from one origin (protocol + host + port) can interact with resources from anoth...
  • SAML Assertion A digitally signed XML document issued by an identity provider containing statements about a user's authentication status and attributes.
  • SAML Identity Provider (IdP) The trusted authority that authenticates users and issues SAML assertions to service providers in a single sign-on system.
  • SAML NameID The unique identifier for a user within a SAML assertion, typically formatted as an email address, persistent ID, or transient identifier.
  • SAML Service Provider (SP) The application or service that relies on an identity provider for user authentication in a SAML-based single sign-on system.
  • SAMLRequest An XML message sent by a service provider to an identity provider to initiate the authentication process for a user.
  • SAMLResponse An XML message containing the SAML assertion sent from the identity provider back to the service provider after successful authentication.
  • scrypt A password hashing function designed to be memory-intensive, making brute-force attacks expensive on GPUs and specialized hardware.
  • Security Assertion Markup Language (SAML) An XML-based open standard for exchanging authentication and authorization data between an identity provider and a service provider for s...
  • Server-Side Request Forgery (SSRF) A vulnerability where an attacker can make the server perform HTTP requests to arbitrary destinations, potentially accessing internal ser...
  • Server-Side Template Injection (SSTI) A vulnerability where user input embedded into server-side templates allows attackers to inject template directives that execute arbitrar...
  • Session Fixation An attack where the attacker fixes a user's session ID before authentication, then uses the same ID to access the victim's authenticated ...
  • Session Hijacking An attack where the attacker steals or captures a valid session token through XSS, network sniffing, or other means to impersonate an aut...
  • Session Injection An attack injecting malicious data into session storage through insecure handling or deserialization, potentially leading to privilege es...
  • SpEL Injection A code injection vulnerability where attackers inject Spring Expression Language (SpEL) expressions to access Spring beans and execute ar...
  • Spring Actuators Spring Boot endpoints exposing operational data. When unsecured, they can leak credentials, configuration, or enable code execution.
  • SQL Injection A code injection technique that exploits vulnerabilities in an application's database layer by inserting malicious SQL statements into in...
  • sqlmap An open-source tool automating SQL injection detection and exploitation, supporting data extraction, filesystem access, and command execu...
  • Stacked Queries A SQL injection technique where multiple SQL statements are executed in sequence by terminating the original query and appending new comm...
  • Stored XSS A persistent XSS attack where malicious script is permanently stored on the target server (in a database, comment field, etc.) and execut...
  • Struts DevMode A Struts development feature that exposes OGNL evaluation and debug capabilities, leading to code execution when enabled in production.
  • Subdomain Enumeration The process of discovering subdomains through DNS queries, certificate logs, and brute forcing to find hidden services and attack surfaces.
  • Subdomain Takeover A vulnerability where dangling DNS records point to deprovisioned cloud services, allowing attackers to claim the service and control the...
  • SVG XSS Cross-site scripting attacks that abuse SVG (Scalable Vector Graphics) elements, which can contain embedded JavaScript via event handlers...
T
  • Time-Based Blind SQL Injection A blind SQL injection technique that uses database time delay functions to infer data based on response time differences.
  • Timing Attack A side-channel attack that extracts secrets by measuring the time taken to perform cryptographic operations, exploiting data-dependent ex...
  • TLS Stripping A man-in-the-middle attack that downgrades HTTPS connections to HTTP, allowing attackers to intercept encrypted traffic in plaintext.
U
V
  • Vertical Privilege Escalation An access control vulnerability where a lower-privileged user gains access to functions or data reserved for higher-privileged users like...
W
  • WAF Bypass Techniques to evade WAF detection using encoding, case manipulation, alternative syntax, and exploiting parsing differences.
  • Web Application Firewall (WAF) A security solution that filters HTTP traffic to block common web attacks like XSS and SQL injection using signatures, behavior analysis,...
  • Web Cache Deception An attack that tricks caches into storing a victim's sensitive content by exploiting URL parsing differences between the cache and applic...
  • Web Cache Poisoning An attack that manipulates cache behavior to store malicious responses served to other users, using unkeyed inputs that affect responses ...
  • Wireshark The world's most popular network protocol analyzer for capturing and deeply inspecting network traffic in real-time or from files.
X
  • XML External Entity (XXE) A vulnerability in XML parsers where external entities can be defined to read local files, perform SSRF, or cause denial of service.
  • XML Signature Wrapping An attack that exploits XML signature validation by moving or copying signed elements, tricking the application into using unsigned attac...
  • XPath Injection A vulnerability where user input in XPath queries allows attackers to manipulate query logic to access unauthorized data from XML documents.
  • XS-Leak (Cross-Site Leak) A class of attacks that infer sensitive cross-origin information by exploiting browser side-channel behaviors like timing, error events, ...
  • XSLT Injection A vulnerability where malicious content injected into XSLT stylesheets can lead to file disclosure, SSRF, or code execution through exten...
Y
  • ysoserial A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization using various gadget chains.

No terms match your search.