Glossary: Difference between revisions
From SecurityTools
m (Added brief promiscuous mode definition.) |
(Added CISA and altered HIBP description to move website link.) |
||
| Line 1: | Line 1: | ||
* Blue Team - Security team members who emphasize defensive security practices such as digital forensics and incident response | * Blue Team - Security team members who emphasize defensive security practices such as digital forensics and incident response | ||
*Buffer Overflow - An attack on an application where more data is sent than the program is prepared to accept, resulting in unexpected application behavior. The concept was possibly first explained in great detail in [http://www.phrack.org/issues/49/16.html Phrack issue 49] way back in 1996 by well-known hacker Aleph1 in his article "[https://inst.eecs.berkeley.edu/~cs161/fa08/papers/stack_smashing.pdf Smashing the Stack for Fun and Profit]" | *Buffer Overflow - An attack on an application where more data is sent than the program is prepared to accept, resulting in unexpected application behavior. The concept was possibly first explained in great detail in [http://www.phrack.org/issues/49/16.html Phrack issue 49] way back in 1996 by well-known hacker Aleph1 in his article "[https://inst.eecs.berkeley.edu/~cs161/fa08/papers/stack_smashing.pdf Smashing the Stack for Fun and Profit]" | ||
* [https://www.cisa.gov/ CISA (CyberSecurity and Infrastructure Security Agency)] - A US government organization dedicated to helping individuals and organizations secure their computing infrastructure. | |||
* Cross-Site Scripting (XSS) - A web-based attack in which unsanitized inputs to the server results in unexpected behavior by the web client. For a greater discussion of Cross-Site Scripting, [https://cybr.com/courses/cross-site-scripting-xss-the-2021-guide/ see Cybr.com's XSS 2021 Guide] | * Cross-Site Scripting (XSS) - A web-based attack in which unsanitized inputs to the server results in unexpected behavior by the web client. For a greater discussion of Cross-Site Scripting, [https://cybr.com/courses/cross-site-scripting-xss-the-2021-guide/ see Cybr.com's XSS 2021 Guide] | ||
*Database - | *Database - | ||
* Digital Forensics - The method of examining digital media for evidence of malfeasance | * Digital Forensics - The method of examining digital media for evidence of malfeasance | ||
*Fuzzing - The automated testing of security systems through submission of random, unexpected, or invalid data as inputs to a system designed to accept user data. For a more detailed explanation, please [https://patricegodefroid.github.io/public_psfiles/Fuzzing-101-CACM2020.pdf read this article] from Patrice Godefroid | *Fuzzing - The automated testing of security systems through submission of random, unexpected, or invalid data as inputs to a system designed to accept user data. For a more detailed explanation, please [https://patricegodefroid.github.io/public_psfiles/Fuzzing-101-CACM2020.pdf read this article] from Patrice Godefroid | ||
*HIBP (Have I Been Pwned?) - A | *[https://haveibeenpwned.com/ HIBP (Have I Been Pwned?)] - A password security website run by Troy Hunt, it's most well known for tracking security leaks like the RockYou password leak from 2012 (see below) as well as offering a web interface to test visitors' passwords to see if they have been leaked online at some point | ||
* Incident Response - The response to attacks or malware by the security team | * Incident Response - The response to attacks or malware by the security team | ||
* OSInt (Open-Source Intelligence) - The use of freely available resources to gather information about a target | * OSInt (Open-Source Intelligence) - The use of freely available resources to gather information about a target | ||
*Packet Capture - The gathering of network traffic for analysis by a [[network protocol analyzer]] | *Packet Capture - The gathering of network traffic for analysis by a [[network protocol analyzer]] | ||
*Penetration Testing (PenTesting) - The red team practice of simulating actions of an external attacker but in a more controlled manner. This concept is written up well in the Cisco product & service explanation, [https://www.cisco.com/c/en/us/products/security/what-is-pen-testing.html covering methods and types of pentesting] | *Penetration Testing (PenTesting) - The red team practice of simulating actions of an external attacker but in a more controlled manner. This concept is written up well in the Cisco product & service explanation, [https://www.cisco.com/c/en/us/products/security/what-is-pen-testing.html covering methods and types of pentesting] | ||
* Purple Team - | * Purple Team - | ||
* Red Team - Security team members who emphasize offensive security practices such as penetration testing | * Red Team - Security team members who emphasize offensive security practices such as penetration testing | ||
Revision as of 05:30, 14 October 2022
- Blue Team - Security team members who emphasize defensive security practices such as digital forensics and incident response
- Buffer Overflow - An attack on an application where more data is sent than the program is prepared to accept, resulting in unexpected application behavior. The concept was possibly first explained in great detail in Phrack issue 49 way back in 1996 by well-known hacker Aleph1 in his article "Smashing the Stack for Fun and Profit"
- CISA (CyberSecurity and Infrastructure Security Agency) - A US government organization dedicated to helping individuals and organizations secure their computing infrastructure.
- Cross-Site Scripting (XSS) - A web-based attack in which unsanitized inputs to the server results in unexpected behavior by the web client. For a greater discussion of Cross-Site Scripting, see Cybr.com's XSS 2021 Guide
- Database -
- Digital Forensics - The method of examining digital media for evidence of malfeasance
- Fuzzing - The automated testing of security systems through submission of random, unexpected, or invalid data as inputs to a system designed to accept user data. For a more detailed explanation, please read this article from Patrice Godefroid
- HIBP (Have I Been Pwned?) - A password security website run by Troy Hunt, it's most well known for tracking security leaks like the RockYou password leak from 2012 (see below) as well as offering a web interface to test visitors' passwords to see if they have been leaked online at some point
- Incident Response - The response to attacks or malware by the security team
- OSInt (Open-Source Intelligence) - The use of freely available resources to gather information about a target
- Packet Capture - The gathering of network traffic for analysis by a network protocol analyzer
- Penetration Testing (PenTesting) - The red team practice of simulating actions of an external attacker but in a more controlled manner. This concept is written up well in the Cisco product & service explanation, covering methods and types of pentesting
- Purple Team -
- Red Team - Security team members who emphasize offensive security practices such as penetration testing
- RockYou - A company which once developed MySpace widgets and other social networks, they are responsible for one of the largest password leaks ever released onto the Internet
- Structured Query Language (SQL) - The most commonly used means of interacting with a database, SQL is the language used to access, process, or update information in a relational database
- SQL Injection - A web attack which uses unsanitized user input to push SQL statements through a web server in order to corrupt a database or extract information from a database. A brief write-up of how this can be done is available from w3schools
