Skip to content

Commit

Permalink
security terms
Browse files Browse the repository at this point in the history
  • Loading branch information
@togakangaroo
togakangaroo committed Aug 19, 2018
1 parent 38a924f commit 610d9aa
Showing 1 changed file with 9 additions and 6 deletions.
15 changes: 9 additions & 6 deletions terms.org
View file
Original file line number Diff line number Diff line change
Expand Up @@ -354,21 +354,24 @@ Look at [[https://glossarytech.com/terms/software_architecture/page2][Glossary T
| Web Accessibility Initiative (WAI) | An effort lead by the W3C to improve accessibilty on the web for people with disabilities. |
| Web Content Accessibility Guidelines (WCAG) | A series of guidelines published by the W3C as part of the Web Acessibility Initiative. Specifies how to build web pages that are optmized for use by people with alternative devices, especially the disabled. |
| Cyber-Security | An umbrella term for all manner of hacking, defensive security, policy writing, and enforcement that has to do with attacking and keeping computer systems safe. |
| Tailored Access Operations (TAO) Unit | An elite hacking group within the NSA often concerned with offensive operations. Together with various other "white hat" groups is occasionally referred to as the "Equation Group". |
| Phishing | A category of typically black hat behavior where individuals are tricked into revealing private information using a computer, telephone, email, or some other communication medium. |
| OWASP | Organization that maintains lists of common attacks on internet-connected systems and their associated defensive remedies. |
| Common Vulnerabilities and Exposures (CVE) | A public database of known cyber-security vulnerabilities and disclosures. Vulnerabilities can be referred to the their CVE identifier eg. CVE-2017-9805 is the Apache Struts vulnerability used in the hacking of Equifax. |
| SQL Injection | A common type of vulnerability where an attacker crafts input that may cause a sytem's database to do unwanted things such as delete or reveal sensitive data. Prventable through the concept of parameterized queeries. |
| Cross Site Scripting (XSS) | A common type of vulnerability where an attacker crafts input that may allow them to take over the browser of others viewing data on the same page. Used often to steal credentials and gain aunauthorized access. |
| Cross Site Request Forgery (CSRF) | A type of vulnerability where a malicious web page tricks a user's browser into sending requests to another website in a way that is indistinguishable from the user triggering those requests on purpose. |
| Side channel attack | |
| Buffer overflow | |
| Shellshock | |
| Heartbleed | |
| Meltdown & Spectre | |
| Side channel attack | An attack on a system via the analysis of itsimplementation. For example stealing a password by listening to keypress sounds and their timings. |
| Ransomeware | A category of attack - often in the form of a virus locking all files and computers behind a password - where the attacker extorts money from the target to cease the attack. |
| Buffer overflow | Vulnerability in systems where inputting too much data can be used to cause unplanned code to execute potentially taking over the system. |
| Shellshock | A vulnerability in the Bash CLI which allows attackers to escalate privledges by exploiting the fact that many tools use environment variables inappropriately to share functions. |
| Heartbleed | A buffer overflow vulnerability in the popular OpenSSH open source software that enables attackers to execute code on a server you do not control. Still commonly seen due to the difficulty of updating many IoT devices. |
| Meltdown & Spectre | A timing side channel attack possible on many CPUs and can enable an attacker to steal data from other running applications. Demonstrates the limits of CPU speeds and optimization tradeoffs. |
| WannaCry | A worldwide series of attacks distributed via a virus using Windows bug known to but previously undisclosed by the NSA. This bug was revealed by the Shadow Brokers. |
| Shadow Brokers | |
| Nonce (Cryptography) | |
| Cryptographically Secure | |
| Public / Private Key Encryption | |
| Shadow Brokers | |
| Operating Systems | |
| Windows | |
| OsX | |
Expand Down

0 comments on commit 610d9aa

Please sign in to comment.