Term
|
Definition
| A set of rules for how applications under the Microsoft Windows operating system should share information. |
|
|
Term
|
Definition
| A specific way of implementing ActiveX that runs through the web browser and functions like a miniature application. |
|
|
Term
|
Definition
Program that provides additional functionality to web browsers. Also called
extension |
|
|
Term
| Address Resolution Protocol (ARP) |
|
Definition
| Part of the TCP/IP protocol for determining the MAC address based on the IP address. |
|
|
Term
| arbitrary/remote code execution |
|
Definition
| An attack that allows an attacker to run programs and execute commands on a different computer. |
|
|
Term
|
Definition
| An attack that corrupts the ARP cache. |
|
|
Term
|
Definition
| A file that is coupled to an email message and often carries malware. |
|
|
Term
|
Definition
| An attack that occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer. |
|
|
Term
|
Definition
| An attack that targets vulnerabilities in client applications that interact with a compromised server or process malicious data. |
|
|
Term
|
Definition
| Injecting and executing commands to execute on a server. |
|
|
Term
|
Definition
| A file on a local computer in which a web server stores user-specific information. |
|
|
Term
| cross-site scripting (XSS) |
|
Definition
| An attack that injects scripts into a web application server to direct attacks at clients. |
|
|
Term
|
Definition
An attack that attempts to prevent a system from performing its
normal functions by overwhelming the system with requests. |
|
|
Term
|
Definition
An attack that takes advantage of a vulnerability so that a user can
move from the root directory to restricted directories. |
|
|
Term
| distributed denial of service (DDoS) |
|
Definition
An attack that uses many computers to perform a
DoS attack. |
|
|
Term
|
Definition
An attack that substitutes DNS addresses so that the computer is
automatically redirected to an attacker’s device. |
|
|
Term
|
Definition
A hierarchical name system for translating domain names to
IP addresses. |
|
|
Term
|
Definition
|
|
Term
|
Definition
| A cookie that is created from the website currently being viewed. |
|
|
Term
|
Definition
| Another name for locally shared object (LSO). |
|
|
Term
|
Definition
| A list of the mappings of host names to IP addresses. |
|
|
Term
|
Definition
Part of HTTP that is comprised of fields that contain the different
characteristics of the data that is being transmitted. |
|
|
Term
|
Definition
| Modifying HTTP headers to create an attack. |
|
|
Term
|
Definition
An attack that is the result of an attacker changing the value of a
variable to something outside the range that the programmer had intended. |
|
|
Term
| locally shared object (LSO) |
|
Definition
A cookie that is significantly different in size and location from
regular cookies, and can store more complex data. Also called Flash cookie. |
|
|
Term
|
Definition
An attack that intercepts legitimate communication and forges a
fictitious response to the sender. |
|
|
Term
|
Definition
A cookie that is recorded on the hard drive of the computer and does
not expire when the browser closes |
|
|
Term
|
Definition
| A utility that sends an ICMP echo request message to a host |
|
|
Term
|
Definition
An attack that uses the Internet Control Message Protocol (ICMP) to flood a
victim with packets |
|
|
Term
|
Definition
A third-party library that attaches to a web browser and can be embedded inside a
webpage. |
|
|
Term
|
Definition
An attack that exploits a vulnerability in software to gain access to
resources that the user normally would be restricted from accessing. |
|
|
Term
|
Definition
| An attack that makes a copy of the transmission before sending it to the recipient. |
|
|
Term
|
Definition
A cookie that is stored in Random Access Memory (RAM), instead of on
the hard drive, and only lasts only for the duration of a visit to a website. |
|
|
Term
|
Definition
An attack in which an attacker attempts to impersonate the user by
using the user’s session token |
|
|
Term
|
Definition
| A form of verification used when accessing a secure web application. |
|
|
Term
|
Definition
An attack that broadcasts a ping request to computers yet changes the
address so that all responses are sent to the victim. |
|
|
Term
|
Definition
| Impersonating another computer or device. |
|
|
Term
|
Definition
An attack that targets SQL servers by injecting commands to be manipulated
by the database. |
|
|
Term
|
Definition
An attack that takes advantage of the procedures for initiating a TCP/IP
session. |
|
|
Term
|
Definition
A cookie that was created by a third party that is different from the
primary website. |
|
|
Term
|
Definition
| An attack that exploits the trust relationship between three parties |
|
|
Term
| XML (Extensible Markup Language) |
|
Definition
A markup language that is designed to carry data, in
contrast to HTML, which indicates how to display data. |
|
|
Term
|
Definition
| An attack that injects XML tags and data into a database. |
|
|
Term
|
Definition
Attack that exploits previously unknown vulnerabilities, so victims have
no time (zero days) to prepare for or defend against the attack. |
|
|
