111 relations: Access control, Adware, Asset (computer security), Attack surface, Audit trail, Availability, Browser security, Buffer over-read, Buffer overflow, CERT Coordination Center, Chapman & Hall, Clickjacking, Code injection, Committee on National Security Systems, Common Criteria, Common Vulnerabilities and Exposures, Common Vulnerability Scoring System, Computer emergency response team, Computer language, Computer security, Confidentiality, Confused deputy problem, Countermeasure (computer), Cross-site request forgery, Cross-site scripting, Cyberattack, Cybercrime, Cyberwarfare, Dangling pointer, Data validation, Defence in depth, Directory traversal attack, Email injection, European Union Agency for Network and Information Security, Exploit (computer security), Factor analysis of information risk, File system permissions, Firewall (computing), FTP bounce attack, Full disclosure (computer security), Google, Hacking: The Art of Exploitation, HTTP header injection, HTTP response splitting, Improper input validation, Information security, Information technology security audit, Integrity, International Organization for Standardization, Internet Engineering Task Force, ..., Internet security, Intrusion detection system, IPv4, IPv6, ISACA, ISO/IEC 27000-series, ISO/IEC 27001, ISO/IEC 27002, IT risk, ITSEC, Linux, List of tools for static code analysis, MacOS, Memory safety, Metasploit Project, Microsoft, Microsoft Windows, Mitre Corporation, Mobile security, National Information Assurance Glossary, National Information Assurance Training and Education Center, National Institute of Standards and Technology, Network architecture, OpenVMS, Operating system, OWASP, Password strength, Penetration test, Physical security, Privacy law, Privilege escalation, Race condition, Responsible disclosure, Risk factor (computing), Risk IT, Risk management, Security awareness, Security bug, Security controls, Security engineering, Security service (telecommunication), Side-channel attack, Social engineering (security), Software bug, Spyware, SQL injection, Symlink race, The Open Group, Threat (computer), Time of check to time of use, Timing attack, TippingPoint, Uncontrolled format string, United States, Unix, User interface, Victim blaming, Vulnerability management, Vulnerability scanner, White hat (computer security), Zero-day (computing). Expand index (61 more) » « Shrink index
In the fields of physical security and information security, access control (AC) is the selective restriction of access to a place or other resource.
Adware, or advertising-supported software, is software that generates revenue for its developer by automatically generating online advertisements in the user interface of the software or on a screen presented to the user during the installation process.
In information security, computer security and network security, an asset is any data, device, or other component of the environment that supports information-related activities.
The attack surface of a software environment is the sum of the different points (the "attack vectors") where an unauthorized user (the "attacker") can try to enter data to or extract data from an environment.
An audit trail (also called audit log) is a security-relevant chronological record, set of records, and/or destination and source of records that provide documentary evidence of the sequence of activities that have affected at any time a specific operation, procedure, or event.
In reliability theory and reliability engineering, the term availability has the following meanings.
Browser security is the application of Internet security to web browsers in order to protect networked data and computer systems from breaches of privacy or malware.
In computer security and programming, a buffer over-read is an anomaly where a program, while reading data from a buffer, overruns the buffer's boundary and reads (or tries to read) adjacent memory.
In information security and programming, a buffer overflow, or buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory locations.
The CERT Coordination Center (CERT/CC) is the coordination center of the computer emergency response team (CERT) for the Software Engineering Institute (SEI), a non-profit United States federally funded research and development center.
Chapman & Hall was a British publishing house in London, founded in the first half of the 19th century by Edward Chapman and William Hall.
Clickjacking (User Interface redress attack, UI redress attack, UI redressing) is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages.
Code injection is the exploitation of a computer bug that is caused by processing invalid data.
The Committee on National Security Systems (CNSS) is a United States intergovernmental organization that sets policy for the security of the US security systems.
The Common Criteria for Information Technology Security Evaluation (abbreviated as Common Criteria or CC) is an international standard (ISO/IEC 15408) for computer security certification.
The Common Vulnerabilities and Exposures (CVE) system provides a reference-method for publicly known information-security vulnerabilities and exposures.
The Common Vulnerability Scoring System (CVSS) is a free and open industry standard for assessing the severity of computer system security vulnerabilities.
A computer emergency response team (CERT) is an expert group that handles computer security incidents.
A computer language is a method of communication with a computer.
Cybersecurity, computer security or IT security is the protection of computer systems from theft of or damage to their hardware, software or electronic data, as well as from disruption or misdirection of the services they provide.
Confidentiality involves a set of rules or a promise usually executed through confidentiality agreements that limits access or places restrictions on certain types of information.
A confused deputy is a computer program that is innocently fooled by some other party into misusing its authority.
In computer security a countermeasure is an action, device, procedure, or technique that reduces a threat, a vulnerability, or an attack by eliminating or preventing it, by minimizing the harm it can cause, or by discovering and reporting it so that corrective action can be taken.
Cross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF (sometimes pronounced sea-surf) or XSRF, is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts.
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications.
A cyberattack is any type of offensive maneuver that targets computer information systems, infrastructures, computer networks, or personal computer devices.
Cybercrime, or computer oriented crime, is crime that involves a computer and a network.
Cyberwarfare is the use or targeting in a battlespace or warfare context of computers, online control systems and networks.
Dangling pointers and wild pointers in computer programming are pointers that do not point to a valid object of the appropriate type.
In computer science, data validation is the process of ensuring data have undergone data cleansing to ensure they have data quality, that is, that they are both correct and useful.
Defence in depth (also known as deep or elastic defence) is a military strategy that seeks to delay rather than prevent the advance of an attacker, buying time and causing additional casualties by yielding space.
A directory traversal (or path traversal) consists in exploiting insufficient security validation / sanitization of user-supplied input file names, such that characters representing "traverse to parent directory" are passed through to the file APIs.
Email injection is a security vulnerability that can occur in Internet applications that are used to send email messages.
The European Union Agency for Network and Information Security - self-designation ENISA from the abbreviation of its original name - is an agency of the European Union.
An exploit (from the English verb to exploit, meaning "to use something to one’s own advantage") is a piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic (usually computerized).
Factor analysis of information risk (FAIR) is a taxonomy of the factors that contribute to risk and how they affect each other.
Most file systems have methods to assign permissions or access rights to specific users and groups of users.
In computing, a firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.
FTP bounce attack is an exploit of the FTP protocol whereby an attacker is able to use the PORT command to request access to ports indirectly through the use of the victim machine as a middle man for the request.
In the field of computer security, independent researchers often discover flaws in software that can be abused to cause unintended behaviour; these flaws are called vulnerabilities.
Google LLC is an American multinational technology company that specializes in Internet-related services and products, which include online advertising technologies, search engine, cloud computing, software, and hardware.
Hacking: The Art of Exploitation is a book by Jon "Smibbs" Erickson about computer security and network security.
HTTP header injection is a general class of web application security vulnerability which occurs when Hypertext Transfer Protocol (HTTP) headers are dynamically generated based on user input.
HTTP response splitting is a form of web application vulnerability, resulting from the failure of the application or its environment to properly sanitize input values.
Improper input validation or unchecked user input is a type of vulnerability in computer software that may be used for security exploits.
Information security, sometimes shortened to InfoSec, is the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information.
A computer security audit is a manual or systematic measurable technical assessment of a system or application.
Integrity is the quality of being honest and having strong moral principles, or moral uprightness.
The International Organization for Standardization (ISO) is an international standard-setting body composed of representatives from various national standards organizations.
The Internet Engineering Task Force (IETF) develops and promotes voluntary Internet standards, in particular the standards that comprise the Internet protocol suite (TCP/IP).
Internet security is a branch of computer security specifically related to the Internet, often involving browser security but also network security on a more general level, as it applies to other applications or operating systems as a whole.
An intrusion detection system (IDS) is a device or software application that monitors a network or systems for malicious activity or policy violations.
Internet Protocol version 4 (IPv4) is the fourth version of the Internet Protocol (IP).
Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communications protocol that provides an identification and location system for computers on networks and routes traffic across the Internet.
ISACA is an international professional association focused on IT governance.
The ISO/IEC 27000-series (also known as the 'ISMS Family of Standards' or 'ISO27K' for short) comprises information security standards published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).
ISO/IEC 27001 is an information security standard, part of the ISO/IEC 27000 family of standards, of which the last version was published in 2013, with a few minor updates since then.
ISO/IEC 27002 is an information security standard published by the International Organization for Standardization (ISO) and by the International Electrotechnical Commission (IEC), titled Information technology – Security techniques – Code of practice for information security controls.
Information technology risk, IT risk, IT-related risk, or Cyber Risk is any risk related to information technology.
The Information Technology Security Evaluation Criteria (ITSEC) is a structured set of criteria for evaluating computer security within products and systems.
Linux is a family of free and open-source software operating systems built around the Linux kernel.
This is a list of tools for static code analysis.
macOS (previously and later) is a series of graphical operating systems developed and marketed by Apple Inc. since 2001.
Memory safety is the state of being protected from various software bugs and security vulnerabilities when dealing with memory access, such as buffer overflows and dangling pointers.
The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development.
Microsoft Corporation (abbreviated as MS) is an American multinational technology company with headquarters in Redmond, Washington.
Microsoft Windows is a group of several graphical operating system families, all of which are developed, marketed, and sold by Microsoft.
The Mitre Corporation (stylized as The MITRE Corporation and MITRE) is an American not-for-profit organization based in Bedford, Massachusetts, and McLean, Virginia.
Mobile security, or more specifically mobile device security, has become increasingly important in mobile computing.
Committee on National Security Systems Instruction No.
The National Information Assurance Training and Education Center (NIATEC) is an American consortium of academic, industry, and government organizations to improve the literacy, awareness, training and education standards in Information Assurance.
The National Institute of Standards and Technology (NIST) is one of the oldest physical science laboratories in the United States.
Network architecture is the design of a communication network.
OpenVMS is a closed-source, proprietary computer operating system for use in general-purpose computing.
An operating system (OS) is system software that manages computer hardware and software resources and provides common services for computer programs.
The Open Web Application Security Project (OWASP), an online community, produces freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security.
Password strength is a measure of the effectiveness of a password against guessing or brute-force attacks.
A penetration test, colloquially known as a pen test, is an authorized simulated attack on a computer system, performed to evaluate the security of the system.
Physical security describes security measures that are designed to deny unauthorized access to facilities, equipment and resources and to protect personnel and property from damage or harm (such as espionage, theft, or terrorist attacks).
Privacy law refers to the laws that deal with the regulating, storing, and using of personally identifiable information of individuals, which can be collected by governments, public or private organizations, or other individuals.
Privilege escalation is the act of exploiting a bug, design flaw or configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user.
A race condition or race hazard is the behavior of an electronics, software, or other system where the output is dependent on the sequence or timing of other uncontrollable events.
In computer security or elsewhere, responsible disclosure is a vulnerability disclosure model in which a vulnerability or issue is disclosed only after a period of time that allows for the vulnerability or issue to be patched or mended.
In Information security, Risk factor is a collectively name for circumstances affecting the likelihood or the impact of a security risk.
Risk IT provides an end-to-end, comprehensive view of all risks related to the use of information technology (IT) and a similarly thorough treatment of risk management, from the tone and culture at the top, to operational issues.
Risk management is the identification, evaluation, and prioritization of risks (defined in ISO 31000 as the effect of uncertainty on objectives) followed by coordinator and economical application of resources to minimize, monitor, and control the probability or impact of unfortunate events or to maximize the realization of opportunities.
Security awareness is the knowledge and attitude members of an organization possess regarding the protection of the physical, and especially informational, assets of that organization.
A security bug or security defect is a software bug that can be exploited to gain unauthorized access or privileges on a computer system.
Security controls are safeguards or countermeasures to avoid, detect, counteract, or minimize security risks to physical property, information, computer systems, or other assets.
Security engineering is a specialized field of engineering that focuses on the security aspects in the design of systems that need to be able to deal robustly with possible sources of disruption, ranging from natural disasters to malicious acts.
Security service is a service, provided by a layer of communicating open systems, which ensures adequate security of the systems or of data transfers as defined by ITU-T X.800 Recommendation.
In computer security, a side-channel attack is any attack based on information gained from the implementation of a computer system, rather than weaknesses in the implemented algorithm itself (e.g. cryptanalysis and software bugs).
Social engineering, in the context of information security, refers to psychological manipulation of people into performing actions or divulging confidential information.
A software bug is an error, flaw, failure or fault in a computer program or system that causes it to produce an incorrect or unexpected result, or to behave in unintended ways.
Spyware is software that aims to gather information about a person or organization sometimes without their knowledge, that may send such information to another entity without the consumer's consent, that asserts control over a device without the consumer's knowledge, or it may send such information to another entity with the consumer's consent, through cookies.
SQL injection is a code injection technique, used to attack data-driven applications, in which nefarious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).
A symlink race is a kind of software security vulnerability that results from a program creating files in an insecure manner.
The Open Group is an industry consortium that seeks to "enable the achievement of business objectives" by developing "open, vendor-neutral technology standards and certifications".
In computer security, a threat is a possible danger that might exploit a vulnerability to breach security and therefore cause possible harm.
In software development, time of check to time of use (TOCTTOU or TOCTOU, pronounced "tock too") is a class of software bugs caused by changes in a system between the checking of a condition (such as a security credential) and the use of the results of that check.
In cryptography, a timing attack is a side channel attack in which the attacker attempts to compromise a cryptosystem by analyzing the time taken to execute cryptographic algorithms.
Trend Micro TippingPoint’s Intrusion Prevention System (IPS) deals with IT threat protection.
Uncontrolled format string is a type of software vulnerability discovered around 1989 that can be used in security exploits.
The United States of America (USA), commonly known as the United States (U.S.) or America, is a federal republic composed of 50 states, a federal district, five major self-governing territories, and various possessions.
Unix (trademarked as UNIX) is a family of multitasking, multiuser computer operating systems that derive from the original AT&T Unix, development starting in the 1970s at the Bell Labs research center by Ken Thompson, Dennis Ritchie, and others.
The user interface (UI), in the industrial design field of human–computer interaction, is the space where interactions between humans and machines occur.
Victim blaming occurs when the victim of a crime or any wrongful act is held entirely or partially at fault for the harm that befell them.
Vulnerability management is the "cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities", particularly in software.
A vulnerability scanner is a computer program designed to assess computers, computer systems, networks or applications for known weaknesses.
The term "white hat" in Internet slang refers to an ethical computer hacker, or a computer security expert, who specializes in penetration testing and in other testing methodologies to ensure the security of an organization's information systems.
A zero-day (also known as 0-day) vulnerability is a computer-software vulnerability that is unknown to those who would be interested in mitigating the vulnerability (including the vendor of the target software).
Component Vulnerability, Computer security vulnerabilities, Computer security vulnerability, Security Holes, Security hole, Security vulnerabilities, Security vulnerability, Software Security vulnerability, Software Vulnerabilities., Software security vulnerability, Software vulnerabilities, Software vulnerability, Vuln, Vulnerability (computer science), Vulnerability (software), Vulnerability disclosure, Vulnerability research, Vulnerability window, Weakness (computing).