Dictionaries

A collection of security and general terms.

Security Dictionary

AdBlocker: A tool used to block third-party traffic on a website using a blacklist of domains known for serving ads. These blacklists also often include malicious domains or domains known for secretly tracking users.
Arbitrary Code Execution: Ability for attacker to execute arbitrary code on the target machine. See for example Arbitrary Code Execution
Arp Spoofing: Attacker sends fake ARP messages into network in hopes of associating anothers IP address with the attackers MAC address. Arp spoofing
Assessment Protection Detection Response:
backdoor:
Botnet:
CIA: In computer security terms, CIA stands for Confidentiality, Integrity, and Availability; it is a model designed to help security analysts
Code Injection: Attack type which consist of sending input to exploit the syntax of the targeted interpreter
Command and Control Server (C&C Server): A compromised host, as part of a botnet, takes its instructions from an attackers server.
Command Injection: An attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application.
Compromise:
Condition Leakage:
CVE: Common Vulnerability and Exposures, see the list at ... cve.mitre.org. Identified issues get a number for global reference and an entry in the database.
Denial of service/DOS/DDOS:
Direct object reference vulnerability: From the owasp 2013 top 10... See for example, direct object reference vulnerability: From the owasp 2013 top 10... A direct object reference occurs when a developer exposes a reference to an internal implementation object, such as a file, directory, or database key. Without an access control check or other protection, attackers can manipulate these references to access unauthorized data. See for example this
DOS: Denial of service
Drive by download:
Exploit:
Exploit kit: toolkits used by attackers to exploit vulnerabilities in software to spread malware. Typically, once a system is exploited installed software communicates back to a command and control center. See for example this
ICANN
LDAP: Lightweight Directory Access Protocol that is used to store organizational information
Malicious:
Malvertisement: An advertisement with malicious behaviour. Can be distributing through legitmate ad networks.
Man in the middle attack: In the Alice, Bob, Eve, Mallory model, it is Mallory. AKA MITM, MitMA, ...
Pentesting:
Priviledge escalation vulnerability:
Vertical privilege escalation: A lower privilege user or application accesses functions or content that is reserved for higher privilege users or applications. For example: A normal bank internet bank user accesses administrative functions
Horizontal privilege escalation: Normal user accesses functions or content reserved for other normal users. For example: Internet banking user A has access to account of another Internet banking user B.
User Account Control: feature in Windows that informs you of when a program makes a change that requires administrator-level permission. UAC works by adjusting the permission level of your user account. It does this by notifying the user via a popup.
Impersonation Token: A type of access token. Impersonation is a security concept implemented in Windows that allows a server application to temporarily "be" the client in the terms of access to secure objects.
Risk = 'Threat + Vulnerability':
root DNS servers/zones
SCM Source Control Managment: Examples are Git, SVN
Secure defaults:
Side Channel Attack:
SQL Injection: An injection flaw where user input could alter the SQL query being constructed and executed by the application
Spearfishing: A directed phishing attack; the act of encouraging a targeted individual or group to relinquish private information while posing as a trustworthy entity
Steganography: The field of study involving the concealment of messages/images within physical and digital media
Polyglot: A phrase, code, image, or other media that can be interpretted several different ways
Threat:
Vulnerability: