Comprehensive definitions of web application security terms, vulnerabilities, and concepts.
A
Advanced Encryption Standard (AES)The most widely used symmetric encryption algorithm, providing secure encryption in 128, 192, or 256-bit key variants.
API Key ExposureWhen API keys or credentials are inadvertently revealed in public locations like code repositories, client-side code,...
Arbitrary File ReadA vulnerability that allows attackers to read files from the server's filesystem they shouldn't access, exposing conf...
Arbitrary File WriteA critical vulnerability allowing attackers to write files to arbitrary locations on the server, typically leading to...
Argon2The current recommended password hashing algorithm, winner of the Password Hashing Competition, with configurable mem...
B
Banner GrabbingA reconnaissance technique collecting service identification strings that reveal software names, versions, and config...
bcryptA password hashing function with built-in salt and configurable work factor, designed to be slow enough to resist bru...
Billion Laughs AttackA denial-of-service attack using nested XML entity definitions that exponentially expand into gigabytes of data, exha...
Blind SQL InjectionA SQL injection technique where query results are not directly visible, requiring attackers to infer data by analyzin...
Blind SSRFAn SSRF variant where the attacker cannot see the response content, requiring out-of-band techniques or timing analys...
Blind XXEAn XXE variant where parsed data isn't reflected in responses, requiring out-of-band techniques like DNS or HTTP call...
Boolean-Based Blind SQL InjectionA blind SQL injection technique where data is extracted by observing different application responses based on whether...
Broken Access ControlA category of vulnerabilities where restrictions on authenticated users are not properly enforced, allowing access to...
Broken Object Level Authorization (BOLA)An API vulnerability where the application fails to verify user permissions before granting access to objects, allowi...
Burp SuiteThe industry-standard web security testing platform with proxy, scanner, and tools for intercepting, analyzing, and e...
C
Cache Key ManipulationTechniques exploiting how caches construct keys to achieve poisoning or deception, targeting unkeyed inputs and norma...
CBC Bit Flipping AttackAn attack on CBC-mode encryption where modifying ciphertext bytes causes predictable changes in the next decrypted bl...
Certificate Pinning BypassTechniques to circumvent certificate pinning in mobile apps, allowing HTTPS traffic interception for security testing...
Cipher Block Chaining (CBC)An encryption mode where each plaintext block is XORed with the previous ciphertext block before encryption, hiding p...
ClickjackingAn attack that tricks users into clicking hidden elements from another site by overlaying transparent iframes over de...
Code InjectionA vulnerability that allows attackers to inject and execute arbitrary code within an application's runtime environmen...
Command InjectionA vulnerability that allows attackers to execute arbitrary operating system commands on a server by injecting malicio...
Content Security Policy (CSP)A browser security mechanism that prevents XSS by specifying which content sources are allowed to load and execute on...
Cookie Security FlagsCookie attributes (HttpOnly, Secure, SameSite) that control browser handling, protecting against session hijacking, X...
Credential StuffingAn automated attack testing stolen credentials from data breaches against other websites, exploiting password reuse a...
Cross-Origin Resource Sharing (CORS)A mechanism allowing servers to specify which origins can access their resources, relaxing Same-Origin Policy. Miscon...
Cross-Site Request Forgery (CSRF)An attack that tricks authenticated users into performing unintended actions on a web application by exploiting the b...
Cross-Site Script Inclusion (XSSI)A vulnerability where sensitive data in JavaScript format can be stolen through cross-origin script inclusion, bypass...
Cross-Site Scripting (XSS)A client-side code injection attack where malicious scripts are injected into trusted websites, executing in victims'...
Cryptographic NonceA number used only once in cryptographic communication to prevent replay attacks and ensure each encryption operation...
CSRF TokenA unique, unpredictable value included in forms or requests that the server validates to ensure the request originate...
CWE (Common Weakness Enumeration)A categorized list of software weakness types (like XSS, SQLi) that cause vulnerabilities, providing a taxonomy for d...
D
Deserialization Gadget ChainA technique for exploiting deserialization by chaining existing code fragments in libraries to achieve code execution...
Directory BruteforcingA reconnaissance technique discovering hidden web directories and files by systematically requesting paths from wordl...
Directory TraversalA vulnerability allowing attackers to navigate outside intended directories to access arbitrary files using path mani...
Django ORM LeakVulnerabilities where Django ORM field lookups can be manipulated to leak sensitive data through startswith filters, ...
DNS RebindingAn attack exploiting DNS to bypass Same-Origin Policy, allowing malicious websites to access internal network resourc...
Document Type Definition (DTD)A set of declarations defining XML document structure and entities. DTD entity features enable XXE attacks when exter...
DOM ClobberingA technique where HTML elements with id or name attributes overwrite JavaScript variables or DOM properties, potentia...
DOM-based XSSAn XSS attack where the vulnerability exists in client-side JavaScript code that processes untrusted data and writes ...
Double EncodingURL-encoding characters twice to bypass filters that decode only once, allowing malicious payloads to be decoded by t...
E
ECB Mode WeaknessA vulnerability in ECB encryption mode where identical plaintext blocks produce identical ciphertext blocks, revealin...
Horizontal Privilege EscalationAn access control vulnerability where a user can access resources belonging to another user at the same privilege level.
HTTP Request SmugglingA technique exploiting parsing discrepancies between front-end and back-end servers to smuggle hidden HTTP requests t...
I
Initialization Vector (IV)A random or pseudo-random value used with an encryption key to ensure identical plaintexts produce different cipherte...
Insecure DeserializationA vulnerability where untrusted data is used to abuse the logic of an application's deserialization process, potentia...
Insecure Direct Object Reference (IDOR)A vulnerability where user-supplied input directly references internal objects (files, database records) without prop...
J
John the RipperA free, versatile password cracking tool with auto-detection, extensive format support, and powerful rule-based trans...
JSON CSRFA CSRF attack targeting endpoints that accept JSON content-type, often exploiting misconfigured CORS or content-type ...
JSON Web Encryption (JWE)A standard for encrypting JWT content, providing confidentiality in addition to the integrity protection offered by J...
JSON Web Signature (JWS)A standard for digitally signing JSON content, providing integrity protection and authentication for JWT payloads.
JSON Web Token (JWT)A compact, URL-safe token format for securely transmitting claims between parties, commonly used for stateless authen...
JSONP (JSON with Padding)A legacy technique for cross-origin data loading by wrapping JSON in callbacks. Deprecated due to security risks incl...
JWT Algorithm Confusion AttackAn attack where the JWT verification algorithm is switched from asymmetric (RS256) to symmetric (HS256), using the pu...
JWT Key Confusion AttackAn attack where the JWT verification process is tricked into using an incorrect key, often by exploiting how the libr...
JWT Kid InjectionAn attack exploiting the JWT "kid" (Key ID) header when it's used unsafely in database queries or file paths, enablin...
JWT None Algorithm AttackAn attack exploiting JWT libraries that accept tokens with "alg": "none", allowing unsigned tokens to be treated as v...
L
LDAP InjectionA vulnerability where user input in LDAP queries allows attackers to modify query logic, potentially bypassing authen...
Length Extension AttackAn attack against Merkle-Damgård hash functions (MD5, SHA-1, SHA-256) that allows appending data to a message and com...
Local File Inclusion (LFI)A vulnerability where an application includes local files based on user input, allowing attackers to read sensitive f...
Log PoisoningAn attack technique where malicious code is injected into log files, which are then included through an LFI vulnerabi...
Log4j JNDI InjectionA critical vulnerability in Apache Log4j (Log4Shell) allowing remote code execution through JNDI lookup injection in ...
M
Man-in-the-Middle (MITM)An attack where the adversary intercepts communications between two parties, enabling eavesdropping, data modificatio...
Mass AssignmentA vulnerability where attackers can modify object properties they shouldn't have access to by including extra paramet...
MetasploitA penetration testing framework with extensive exploit, payload, and post-exploitation modules for security testing a...
Mutation XSS (mXSS)An XSS variant that bypasses HTML sanitizers by exploiting browser parsing quirks, where benign-looking input mutates...
N
Node.js Prototype PollutionPrototype pollution in Node.js, where polluting Object.prototype can lead to remote code execution via child_process ...
NoSQL InjectionAn injection attack against NoSQL databases (MongoDB, CouchDB) using query operators like $ne, $gt, or $regex to bypa...
NucleiA fast, template-based vulnerability scanner using YAML definitions, highly customizable with a large community templ...
Null Byte InjectionExploiting null byte (0x00) handling differences to truncate strings, bypass extension checks, or terminate paths pre...
O
OAuth2An authorization framework that enables third-party applications to obtain limited access to user accounts without ex...
OAuth2 Access TokenA credential issued by the authorization server that grants the client limited access to protected resources on behal...
OAuth2 Authorization Code FlowThe most secure OAuth2 flow where the client receives an authorization code that is exchanged server-side for tokens,...
OAuth2 Authorization ServerThe OAuth2 component that authenticates users, obtains authorization, and issues access tokens to clients after succe...
OAuth2 Predictable StateA vulnerability where the OAuth2 state parameter can be guessed or predicted, enabling attackers to forge valid autho...
OAuth2 Redirect URIThe URL where the authorization server redirects users after authentication, carrying authorization codes or tokens b...
OAuth2 Refresh TokenA long-lived credential used to obtain new access tokens without requiring user re-authentication, enabling persisten...
OAuth2 Resource ServerThe OAuth2 component that hosts protected resources and accepts access tokens to authorize API requests from clients.
OAuth2 State FixationAn attack where an attacker forces a victim to use a known OAuth2 state value, enabling the attacker to complete the ...
OAuth2 State ParameterA random value passed through the OAuth2 flow to prevent CSRF attacks by ensuring the callback originates from the sa...
OGNL InjectionA code injection vulnerability targeting Apache Struts applications where attackers inject OGNL expressions to access...
Open RedirectA vulnerability where user-controlled input determines redirect destination, enabling attackers to redirect victims t...
Out-of-Band SQL InjectionA SQL injection technique that exfiltrates data through alternative channels like DNS or HTTP requests, useful when d...
OWASP Top 10A standard document listing the ten most critical web application security risks, published by OWASP and updated peri...
OWASP ZAPA free, open-source web security scanner from OWASP with proxy, automated scanning, and CI/CD integration capabilities.
P
Padding Oracle AttackA cryptographic attack exploiting information leaked through error messages about padding validity, enabling decrypti...
Password SaltRandom data added to passwords before hashing, ensuring identical passwords produce different hashes and preventing r...
Password SprayingAn attack trying common passwords against many accounts with delays between attempts, avoiding lockouts while maximiz...
Path TraversalA vulnerability that allows attackers to access files outside the intended directory by manipulating file paths with ...
PBKDF2A key derivation function applying iterated HMAC to passwords. Widely supported but less GPU-resistant than bcrypt, s...
PHAR DeserializationA PHP vulnerability where accessing a PHAR archive file triggers automatic deserialization of its metadata, potential...
PHPA server-side scripting language widely used for web development, known for security considerations around type juggl...
PHP Object InjectionA vulnerability where user input passed to PHP's unserialize() function allows attackers to inject objects that trigg...
PHP Type JugglingVulnerabilities from PHP's loose type comparisons where automatic type conversion can lead to authentication bypasses...
PHP WrappersPHP stream protocols (php://, data://, etc.) that extend file handling. When used with user input, they enable file r...
PKCE (Proof Key for Code Exchange)An OAuth 2.0 extension that prevents authorization code interception using a cryptographic challenge-response, requir...
PKCS#7 PaddingA padding scheme that fills incomplete cipher blocks with bytes indicating the padding length, enabling block cipher ...
Polyglot PayloadA single payload valid in multiple contexts or formats, triggering vulnerabilities regardless of how the application ...
postMessage VulnerabilitySecurity issues from improper use of window.postMessage() for cross-origin communication, typically due to missing or...
Proof of Concept (PoC)Code or demonstration proving a vulnerability exists and is exploitable, validating security issues without full weap...
Prototype PollutionA JavaScript vulnerability where attackers modify Object.prototype, affecting all objects in the application and pote...
Python PicklePython's serialization module that can execute arbitrary code during deserialization, making it dangerous for untrust...
R
Race ConditionA vulnerability where concurrent operations exploit timing windows between security checks and actions, enabling doub...
Rails Mass AssignmentA Rails vulnerability where user-submitted parameters can modify protected model attributes like admin flags when Str...
Rails Session SerializationVulnerabilities from Rails session serialization using Marshal, which can lead to RCE if the secret_key_base is compr...
Rainbow TableA precomputed table of hash values used to reverse hashes back to plaintext, enabling fast password cracking when sal...
Reflected XSSA type of XSS where malicious script from the current HTTP request is reflected in the page response without proper s...
Remote File Inclusion (RFI)A vulnerability where an application includes and executes files from remote URLs based on user input, allowing execu...
Return-Oriented Programming (ROP)An exploitation technique chaining existing code sequences ending in return instructions to bypass non-executable mem...
RSA CryptographyA widely used asymmetric cryptography system based on the difficulty of factoring large prime numbers, used for encry...
Ruby MarshalRuby's serialization mechanism that can execute code during deserialization through marshal_load or gadget chains in ...
S
Same-Origin Policy (SOP)A browser security mechanism that restricts how documents from one origin (protocol + host + port) can interact with ...
SAML AssertionA digitally signed XML document issued by an identity provider containing statements about a user's authentication st...
SAML Identity Provider (IdP)The trusted authority that authenticates users and issues SAML assertions to service providers in a single sign-on sy...
SAML NameIDThe unique identifier for a user within a SAML assertion, typically formatted as an email address, persistent ID, or ...
SAML Service Provider (SP)The application or service that relies on an identity provider for user authentication in a SAML-based single sign-on...
SAMLRequestAn XML message sent by a service provider to an identity provider to initiate the authentication process for a user.
SAMLResponseAn XML message containing the SAML assertion sent from the identity provider back to the service provider after succe...
scryptA password hashing function designed to be memory-intensive, making brute-force attacks expensive on GPUs and special...
Server-Side Request Forgery (SSRF)A vulnerability where an attacker can make the server perform HTTP requests to arbitrary destinations, potentially ac...
Server-Side Template Injection (SSTI)A vulnerability where user input embedded into server-side templates allows attackers to inject template directives t...
Session FixationAn attack where the attacker fixes a user's session ID before authentication, then uses the same ID to access the vic...
Session HijackingAn attack where the attacker steals or captures a valid session token through XSS, network sniffing, or other means t...
Session InjectionAn attack injecting malicious data into session storage through insecure handling or deserialization, potentially lea...
SpEL InjectionA code injection vulnerability where attackers inject Spring Expression Language (SpEL) expressions to access Spring ...
Spring ActuatorsSpring Boot endpoints exposing operational data. When unsecured, they can leak credentials, configuration, or enable ...
SQL InjectionA code injection technique that exploits vulnerabilities in an application's database layer by inserting malicious SQ...
sqlmapAn open-source tool automating SQL injection detection and exploitation, supporting data extraction, filesystem acces...
Stacked QueriesA SQL injection technique where multiple SQL statements are executed in sequence by terminating the original query an...
Stored XSSA persistent XSS attack where malicious script is permanently stored on the target server (in a database, comment fie...
Struts DevModeA Struts development feature that exposes OGNL evaluation and debug capabilities, leading to code execution when enab...
Subdomain EnumerationThe process of discovering subdomains through DNS queries, certificate logs, and brute forcing to find hidden service...
Subdomain TakeoverA vulnerability where dangling DNS records point to deprovisioned cloud services, allowing attackers to claim the ser...
SVG XSSCross-site scripting attacks that abuse SVG (Scalable Vector Graphics) elements, which can contain embedded JavaScrip...
T
Time-Based Blind SQL InjectionA blind SQL injection technique that uses database time delay functions to infer data based on response time differen...
Timing AttackA side-channel attack that extracts secrets by measuring the time taken to perform cryptographic operations, exploiti...
TLS StrippingA man-in-the-middle attack that downgrades HTTPS connections to HTTP, allowing attackers to intercept encrypted traff...