Glossary: Difference between revisions

From SecurityTools
(Adding a few more terms, setup internal page links for future definitions. Considering changing to single-page term/definition already...)
m (Deleted double definition for Packet Capture.)
(7 intermediate revisions by the same user not shown)
Line 1: Line 1:
* [[Blue Team]]
;Blue Team
*[[Buffer Overflow]]
: Security team members who emphasize defensive security practices such as digital forensics and incident response
* [[Cross-Site Scripting]]
;Buffer Overflow
* [[Digital Forensics]]
: An attack on an application where more data is sent than the program is prepared to accept, resulting in unexpected application behavior. The concept was possibly first explained in great detail in [http://www.phrack.org/issues/49/16.html Phrack issue 49] way back in 1996 by well-known hacker Aleph1 in his article "[https://inst.eecs.berkeley.edu/~cs161/fa08/papers/stack_smashing.pdf Smashing the Stack for Fun and Profit]"
*[[Fuzzing]]
;[https://www.cloudflare.com/learning/cloud/what-is-the-cloud/ Cloud]
* [[Incident Response]]
: A software platform where another organization supports/manages the software and data storage online that in the past would have been maintained in-house. Sometimes derisively stated as "just someone else's computer"
* [[Open Source Intelligence|OSInt]]
;Cross-Site Scripting (XSS)
*[[Packet Capture]]
: A web-based attack in which unsanitized inputs to the server results in unexpected behavior by the web client. For a greater discussion of Cross-Site Scripting, [https://cybr.com/courses/cross-site-scripting-xss-the-2021-guide/ see Cybr.com's XSS 2021 Guide]
*[[Penetration Testing]]
;Database
* [[Purple Team]]
: A means of storing data in a format which allows easier retrieval and analysis
* [[Red Team]]
;DFIR (Digital Forensics and Incident Response)
*[[SQL Injection]]
: The combined effect of examining digital media for evidence of unintended alteration and the response to the findings of that analysis
* [[Cross-Site Scripting|XSS]]
;Digital Forensics
: The method of examining digital media for evidence of malfeasance
;EDR (Endpoint Detection Response)
: The practice of detecting and responding to threats on your network or system
;Fuzzing
: The automated testing of security systems through submission of random, unexpected, or invalid data as inputs to a system designed to accept user data. For a more detailed explanation, please [https://patricegodefroid.github.io/public_psfiles/Fuzzing-101-CACM2020.pdf read this article (PDF)] from Patrice Godefroid
;HIBP (Have I Been Pwned?)
: A [https://haveibeenpwned.com/ password security website] run by Troy Hunt, it's most well known for tracking security leaks like the RockYou password leak from 2012 (see below) as well as offering a web interface to test visitors' passwords to see if they have been leaked online at some point
;Incident Response
: The response to attacks or malware by the security team
;OSInt (Open-Source Intelligence)
: The use of freely available resources to gather information about a target
;MDR (Managed Detection and Response)
: A managed security service where your assets are monitored 24/7 (and you are notified if needed) by SOC staff
;Packet Capture
: The gathering of network traffic for analysis by a [[network protocol analyzer]]
;Penetration Testing (PenTesting)
: The red team practice of simulating actions of an external attacker but in a more controlled manner. This concept is written up well in the Cisco product & service explanation, [https://www.cisco.com/c/en/us/products/security/what-is-pen-testing.html covering methods and types of pentesting]
;Purple Team
: A security team with members focusing on both Red Team and Blue Team practices
;Red Team
: Security team members who emphasize offensive security practices such as penetration testing
;RockYou
: A company which once developed MySpace widgets and other social networks, they are responsible for [https://techcrunch.com/2009/12/14/rockyou-hack-security-myspace-facebook-passwords/ one of the largest password leaks ever released] onto the Internet
;[https://www.oracle.com/applications/what-is-saas/ SaaS (Software as a Service)]
: A cloud-based software delivery model in which the cloud provider develops and maintains cloud application software, provides automatic software updates, and makes software available to its customers via the internet on a pay-as-you-go basis..
;[https://www.ibm.com/topics/security-operations-center SOC (Security Operations Center)]
: An in-house or outsourced team of IT security professionals that monitors an organization’s entire IT infrastructure, 24/7, to detect cybersecurity events in real time and address them as quickly and effectively as possible.
;Structured Query Language (SQL)
: The most commonly used means of interacting with a database, SQL is the language used to access, process, or update information in a relational database
;SQL Injection (SQLi)
: A web attack which uses unsanitized user input to push SQL statements through a web server in order to corrupt a database or extract information from a database. A [https://www.w3schools.com/sql/sql_injection.asp brief write-up of how this can be done] is available from w3schools, and [https://cybr.com/courses/injection-attacks-the-free-guide/ a free course on SQLi] as well as other injection methods is available from Cybr
;[https://www.microsoft.com/en-us/security/business/security-101/what-is-xdr XDR (Extended Detection and Response)]
: An SaaS tool that combines prevention, detection, investigation, and response, providing visibility, analytics, correlated incident alerts, and automated responses to improve data security and combat threats. See also the [https://www.paloaltonetworks.com/cyberpedia/what-is-xdr Palo Alto Networks definition of XDR].

Revision as of 18:13, 18 October 2022

Blue Team
Security team members who emphasize defensive security practices such as digital forensics and incident response
Buffer Overflow
An attack on an application where more data is sent than the program is prepared to accept, resulting in unexpected application behavior. The concept was possibly first explained in great detail in Phrack issue 49 way back in 1996 by well-known hacker Aleph1 in his article "Smashing the Stack for Fun and Profit"
Cloud
A software platform where another organization supports/manages the software and data storage online that in the past would have been maintained in-house. Sometimes derisively stated as "just someone else's computer"
Cross-Site Scripting (XSS)
A web-based attack in which unsanitized inputs to the server results in unexpected behavior by the web client. For a greater discussion of Cross-Site Scripting, see Cybr.com's XSS 2021 Guide
Database
A means of storing data in a format which allows easier retrieval and analysis
DFIR (Digital Forensics and Incident Response)
The combined effect of examining digital media for evidence of unintended alteration and the response to the findings of that analysis
Digital Forensics
The method of examining digital media for evidence of malfeasance
EDR (Endpoint Detection Response)
The practice of detecting and responding to threats on your network or system
Fuzzing
The automated testing of security systems through submission of random, unexpected, or invalid data as inputs to a system designed to accept user data. For a more detailed explanation, please read this article (PDF) from Patrice Godefroid
HIBP (Have I Been Pwned?)
A password security website run by Troy Hunt, it's most well known for tracking security leaks like the RockYou password leak from 2012 (see below) as well as offering a web interface to test visitors' passwords to see if they have been leaked online at some point
Incident Response
The response to attacks or malware by the security team
OSInt (Open-Source Intelligence)
The use of freely available resources to gather information about a target
MDR (Managed Detection and Response)
A managed security service where your assets are monitored 24/7 (and you are notified if needed) by SOC staff
Packet Capture
The gathering of network traffic for analysis by a network protocol analyzer
Penetration Testing (PenTesting)
The red team practice of simulating actions of an external attacker but in a more controlled manner. This concept is written up well in the Cisco product & service explanation, covering methods and types of pentesting
Purple Team
A security team with members focusing on both Red Team and Blue Team practices
Red Team
Security team members who emphasize offensive security practices such as penetration testing
RockYou
A company which once developed MySpace widgets and other social networks, they are responsible for one of the largest password leaks ever released onto the Internet
SaaS (Software as a Service)
A cloud-based software delivery model in which the cloud provider develops and maintains cloud application software, provides automatic software updates, and makes software available to its customers via the internet on a pay-as-you-go basis..
SOC (Security Operations Center)
An in-house or outsourced team of IT security professionals that monitors an organization’s entire IT infrastructure, 24/7, to detect cybersecurity events in real time and address them as quickly and effectively as possible.
Structured Query Language (SQL)
The most commonly used means of interacting with a database, SQL is the language used to access, process, or update information in a relational database
SQL Injection (SQLi)
A web attack which uses unsanitized user input to push SQL statements through a web server in order to corrupt a database or extract information from a database. A brief write-up of how this can be done is available from w3schools, and a free course on SQLi as well as other injection methods is available from Cybr
XDR (Extended Detection and Response)
An SaaS tool that combines prevention, detection, investigation, and response, providing visibility, analytics, correlated incident alerts, and automated responses to improve data security and combat threats. See also the Palo Alto Networks definition of XDR.