Abbreviations and Terms
These abbreviations and terms are commonly used when discussing web application security.
| ACL | Access Control List | |
|---|---|---|
| AES | Advanced Encryption System | |
| Brute Force | Brute force is the simplest way to gain access to a web application or server. The attacker tries various combinations of usernames and passwords again and again until they get in. | |
| CA | Certificate Authority | |
| CAPTCHA | Completely Automated Public Turing Test to Tell Computers and Humans Apart | |
| CBSP | Cloud-based Security Providers | |
| CORS | Cross-Origin Resource Sharing | |
| CSP | Content Security Policy | |
| CSRF | Cross-Site Request Forgery | |
| CT | Certificate Transparency | |
| CVSS | Common Vulnerability Scoring System | |
| CWE | Common Weakness Enumeration | |
| DAST | Dynamic Application Security Testing | |
| DDoS | Distributed Denial of Services | |
| DES | Data Encryption Standard | |
| DKIM | Domain Keys Identified Mail | |
| DMARC | Domain-based Message Authentication Reporting and Conformance | |
| DNSSEC | Domain Name System Security Extensions | |
| DOS | Denial of Services | |
| DSA | Digital Signature Algorithm | |
| DT | Directory Traversal | |
| Encryption | The process of converting data or information into random code. | |
| FQDN | Fully Qualified Domain Name | |
| FUD | Fully Undetectable | |
| GET | Used to request data from a specified resource | |
| Hashing | A method of cryptography that converts any form of data into a unique string of text. | |
| HTTP Cookies | A cookie contains small bits of data which is sent to the browser to be stored and sent along with future requests to the same server. | |
| HttpOnly | HttpOnly is an additional flag used in web development when generating a cookie to help reduce the risk of the client-side script accessing the cookie. | |
| HTTPS | Hypertext Transfer Protocol Secure | |
| IAM | Identity and Access Management | |
| IPSec | Internet Protocol Security | |
| LFI | Local File Inclusion | |
| MFA | Multi-Factor Authentication | |
| MITM | Man In The Middle Attack | |
| OSCI | OS Command Injection | |
| OWASP | Open Web Application Security Project | |
| PCI DSS | Payment Card Industry Data Security Standard | |
| POST | Used to send the data to server to create/update a resource | |
| PT | Path Traversal | |
| RASP | Runtime Application Self-Protection | |
| RAT | Remote Administration Tool | |
| RFI | Remote File Inclusion | |
| SameSite | This flag prevents the browser from sending the cookie along with cross-site requests. | |
| SAML | Security Assertion Markup Language | |
| SAST | Static Application Security Testing | |
| SCD | Source Code Disclosure | |
| SE | Social Engineering | |
| Session | A session is an implementation in the form of an ID given to the client side from the server side when a user first logs in to the application. This would ensure that the user does not log in again. | |
| SKid | script kiddie | |
| SPF | Sender Policy Framework | |
| SQLi | SQL Injection | |
| SSE | Server-Side Encryption | |
| SSL | Secure Socket Layer | |
| STS | Security Token Service | |
| TLS | Transport Layer Security | WAF |
| Username Harvesting | Username harvesting is the act of gathering usernames. | |
| WAP | Web Application Protection | |
| XSS | Cross-Site Scripting |