Term
|
Definition
| A pair of programming calls in an application do not perform in the sequential manner that was intended. |
|
|
Term
| Race Condition Vulnerabilities |
|
Definition
Authentication
Integrity
Confidentiality |
|
|
Term
|
Definition
A race condition where:
1. Attacker si able to gain access prior to an authentication check
2. INserts code or alters authentication to disrupt normal authentication processes
3. Admin sees the intrusion and resets passwords, but the attacker remains logged in with old credentials. |
|
|
Term
|
Definition
| Time of Check to Time of Use. |
|
|
Term
| Support / Lifecycle Vulnerability |
|
Definition
| Maintaining systems past their useful life or maintaining multiple versions of hardware and software suchas End-of-Life, Embedded Systems, or systems that no long have Vendor Support. |
|
|
Term
| Secure Coding - Input Validation |
|
Definition
Techniques used to validate what is entered at the client or server side before processing
Mitigation of attacks such as XSS
SQL Injection Attacks |
|
|
Term
|
Definition
| Open Web Application Security Project |
|
|
Term
| Securing Coding - Two sites that support secure coding |
|
Definition
|
|
Term
| Misconfiguration / Weak Configuration |
|
Definition
| Weak or improper sconfigurations can expose an organization to risk with increased attack surface and holes in defenses |
|
|
Term
| Mitigation of Weak COnfigurations |
|
Definition
| Establish a standard configuration baseline, and periodically audit for that baseline. |
|
|
Term
|
Definition
An attack that is repeated on a machine until all resources are exhausted.
Examples:
- DoS
- DDoS |
|
|
