Hazardous Characters

Any character or encoded representation of a character that can affect the intended operation of the application or associated system by being interpreted to have a special meaning, outside the intended use of the character. These characters may be used to:

  • Altering the structure of existing code or statements
  • Inserting new unintended code
  • Altering paths
  • Causing unexpected outcomes from program functions or routines
  • Causing error conditions
  • Having any of the above effects on down stream applications or systems

Regular Expression

A regular expression (regex or regexp for short) is a special text string for describing a search pattern. (source)

ReDoS

Regular expression Denial of Service (ReDoS) is a Denial of Service attack that exploits the fact that most Regular Expression implementations may reach extreme situations that cause them to work very slowly (exponentially related to input size).

dot-dot-slash

Path alteration characters like ../ and ..\

Sanitization

Sanitization refers to the process of removing or replacing submitted data to ensure that it is valid and safe.

Canonicalize

To reduce various encodings and representations of data to a single simple form.

CDN

Content Delivery Network or Content Distribution Network is a geographically distributed network of proxy servers and their data centers. The goal is to distribute service spatially relative to end-users to provide high availability and high performance. (source)

SRI

Subresource Integrity (SRI) is a security feature that enables browsers to verify that files they fetch (for example, from a CDN) are delivered without unexpected manipulation. It works by allowing you to provide a cryptographic hash that a fetched file must match. (source)

CSP

Content Security Policy is a computer security standard introduced to prevent cross-site scripting (XSS), clickjacking and other code injection attacks resulting from execution of malicious content in the trusted web page context. (source)

Sandbox

Sandbox is a security mechanism for separating running programs, usually in an effort to mitigate system failures or software vulnerabilities from spreading. It is often used to execute untested or untrusted programs or code, possibly from unverified or untrusted third parties, suppliers, users or websites, without risking harm to the host machine or operating system. (source)

XSS

Cross-Site Scripting is an attack that consists of injecting malicious JavaScript code in the website.

DOM

Document Object Model (DOM) is a cross-platform and language-independent application programming interface that treats an HTML, XHTML, or XML document as a tree structure wherein each node is an object representing a part of the document. (source)

URI

Unified Resource Identifier

JSON

JavaScript Object Notation is a lightweight data-interchange format. It is easy for humans to read and write. It is easy for machines to parse and generate. It is based on a subset of the JavaScript Programming Language, Standard ECMA-262 3rd Edition - December 1999. JSON is a text format that is completely language independent but uses conventions that are familiar to programmers of the C-family of languages, including C, C++, C#, Java, JavaScript, Perl, Python, and many others. These properties make JSON an ideal data-interchange language. (source)

CSRF

Cross-Site Request Forgery (CSRF) "is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated." (source).

MitM

The Man-in-the-Middle attack intercepts a communication between two systems. Using different techniques, the attacker splits the original TCP connection into 2 new connections, one between the client and the attacker and the other between the attacker and the server. Once the TCP connection is intercepted, the attacker acts as a proxy, being able to read, insert and modify the data in the intercepted communication. (source)

TLS

Transport Layer Security is a cryptographic protocol that provides communication security over a computer network.

SSL is the TLS predecessor.

SSL

Secure Sockets Layer is a cryptographic protocol that provides communication security over a computer network.

TLS is the successor of SSL.

POODLE

Padding Oracle On Downgraded Legacy Encryption is a Man-in-the-Middle (MitM) exploit which takes advantage of internet and security software clients' fallback to SSL 3.0, allowing an attacker to reveal unencrypted messages (on average after 256 requests, 1 byte of unencrypted messages will be revealed).

BEAST

Browser Exploit Against SSL/TLS is a proof-of-concept demonstrated by Thai Duong and Juliano Rizzo back in 2011, which violates browsers' same origin policy constraints, for a long-known cipher block chaining (CBC) vulnerability in TLS 1.0. (source)

State Data

When data or parameters are used by the application or server to emulate a persistent connection or track a client's status across a multi-request process or transaction.

DoS

Denial of Service is a cyber-attack where the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. (source)

ES6

ECMAScript 6th Edition.

ECMAScript (or ES) is a trademarked scripting-language specification standardized by Ecma International in ECMA-262 and ISO/IEC 16262. It was created to standardize JavaScript, so as to foster multiple independent implementations. (source)

results matching ""

    No results matching ""