Term
|
Definition
| Text files placed on the client computer that store information about it, which could include your computer’s browsing habits and credentials. Tracking cookies are used by spyware to collect information about a web user’s activities. Session cookies are used by attackers in an attempt to hijack a session. |
|
|
Term
|
Definition
| When a process stores data outside the memory that the developer intended. This could cause erratic behavior in the application, especially if the memory already had other data in it. |
|
|
Term
|
Definition
User Account Control
A security component of Windows Vista that keeps every user (besides the actual Administrator account) in standard user mode instead of as an administrator with full administrative rights—even if they are a member of the administrators group. |
|
|
Term
|
Definition
Systems Development Life Cycle
The process of creating systems and applications, and the methodologies used to do so. |
|
|
Term
|
Definition
| An in-depth code inspection procedure. |
|
|
Term
|
Definition
| The best practices used during the life cycle of software development. |
|
|
Term
|
Definition
| When random data is inputted into a computer program in an attempt to find vulnerabilities |
|
|
Term
|
Definition
Crosssite Scripting
A type of vulnerability found in web applications used with session hijacking. |
|
|
Term
|
Definition
Cross-Site Request Forgery
An attack that exploits the trust a website has in a user’s browser in an attempt to transmit unauthorized commands to the website. |
|
|
Term
|
Definition
| Input validation or data validation is a process that ensures the correct usage of data. |
|
|
Term
|
Definition
| When a web script runs in its own environment for the express purpose of not interfering with other processes, possibly for testing. |
|
|
Term
|
Definition
| Also known as the ../ (dot dot slash) attack is a method of accessing unauthorized parent directories. |
|
|
Term
|
Definition
| An attack that is executed on a vulnerability in software before that vulnerability is known to the creator of the software. |
|
|
