Browse Definitions :

Application security

Terms related to application security, including procedural definitions for preventing software vulnerabilities and words and phrases about secure code development.

ACT - NAT

  • Active Directory Certificate Services (AD CS) - Active Directory Certificate Services (AD CS) is an Active Directory tool that lets administrators customize services in order to issue and manage public key certificates.
  • active man-in-the-middle attack (MitM) - Active man-in-the-middle (MitM) is an attack method that allows an intruder to access sensitive information by intercepting and altering communications between the user of a public network and a requested website.
  • adaptive security - Adaptive security is an approach to safeguarding systems and data by recognizing threat-related behaviors rather than the files and code used by virus definitions.
  • Android WebView - Android WebView is a component that allows Web developers to render a web page within an Android app.
  • app wrapping (application wrapping) - App wrapping is the process of applying a management layer to a mobile app without requiring any changes to the underlying application.
  • application blacklisting - Application blacklisting, sometimes just referred to as blacklisting, is a network administration practice used to prevent the execution of undesirable programs.
  • application firewall - An application firewall is an enhanced firewall that limits access by applications to the operating system (OS) of a computer.
  • application security - Application security is the use of software, hardware, and procedural methods to protect applications from external threats.
  • application whitelisting - Application whitelisting is the practice of identifying applications that have been deemed safe for execution and restricting all other applications from running.
  • attack surface analysis - An organization's attack surface includes all the exploitable vulnerabilities in its hardware, software, connections and even its employees, in the form of social engineering.
  • Automatic Identification and Data Capture (AIDC) - Automatic Identification and Data Capture (AIDC) is a broad set of technologies used to collect information from an object, image or sound without manual data entry.
  • behavior blacklisting - Behavior blacklisting is a security method based on detecting specified suspicious actions on the part of software or human agents and blocking access accordingly.
  • behavior whitelisting - Behavior whitelisting is a security method in which permissable actions within a given system are specified and all others are blocked.
  • BitLocker - BitLocker is an operating system-level extension to Vista that combines on-disk encryption and special key management techniques.
  • blacklist - A blacklist, in IT, is a collection of entities that are blocked from communicating with or logging into a computer, site or network.
  • bot worm - A bot worm is a self-replicating malware program that resides in current memory, turns infected computers into zombies (or bots) and transmits itself to other computers.
  • bug bounty program - A bug bounty program, also called a vulnerability rewards program (VRP), is a crowdsourcing initiative that rewards individuals for finding errors in software.
  • bug convergence - In a software development project, bug convergence is the point at which the number of bugs fixed exceeds the number of bugs reported.
  • Centre for the Protection of National Infrastructure (CPNI) - The Centre for the Protection of National Infrastructure (CPNI) is the agency charged with providing advice to any entity within the United Kingdom that owns or operates services or property critical to commerce, public health or security.
  • CERT-In (the Indian Computer Emergency Response Team) - CERT-In (the Indian Computer Emergency Response Team) is a government-mandated information technology (IT) security organization.
  • Certified Cloud Security Professional (CCSP) - The Certified Cloud Security Professional (CCSP) certification is intended for experienced IT professionals who have a minimum of five years of experience in the industry with three of those years being in information security and one year in one of the six CCSP domains.
  • CGI scanner - A CGI (common gateway interface) scanner is a program that searches for known vulnerabilities in Web servers and application programs by testing HTTP requests against known CGI strings.
  • channel partner portal - A channel partner portal is a web-based application that provides a vendor's established partners (usually distributors, resellers, service providers or other strategic partners) with access to deal registration, marketing resources, pricing and sales information for products and services, as well as technical details and support that are unavailable to other end users.
  • chief risk officer (CRO) - The chief risk officer (CRO) is the corporate executive tasked with assessing and mitigating significant competitive, regulatory and technological threats to an enterprise's capital and earnings.
  • Class C2 - Class C2 is a security rating established by the U.
  • clickjacking (user-interface or UI redressing and IFRAME overlay) - Clickjacking (also known as user-interface or UI redressing and IFRAME overlay) is an exploit in which malicious coding is hidden beneath apparently legitimate buttons or other clickable content on a website.
  • clipboard hijack attack - A clipboard hijacking is an exploit in which the attacker gains control of the victim's clipboard and replaces its contents with their own data, such as a link to a malicious Web site.
  • Clonezilla - Clonezilla is a free open source disk cloning application based on Debian.
  • CloudAudit - CloudAudit is a specification for the presentation of information about how a cloud computing service provider addresses control frameworks.
  • CloudAV - CloudAV is a program that combines multiple antivirus applications and scans user files over a network of servers.
  • column-level encryption - Column-level encryption is a method of database encryption in which the information in every cell (or data field) in a particular column has the same password for access, reading, and writing purposes.
  • Common Weakness Enumeration (CWE) - Common Weakness Enumeration (CWE) is a universal online dictionary of weaknesses that have been found in computer software.
  • Conduit browser hijacker - Conduit is a browser hijacker that is usually installed without the user’s knowledge through a drive-by download.
  • Conficker - Conficker is a fast-spreading worm that targets a vulnerability (MS08-067) in Windows operating systems.
  • content spoofing - Content spoofing is a type of exploit used by a malicious hackers to present a faked or modified Web site to the user as if it were legitimate.
  • control framework - A control framework is a data structure that organizes and categorizes an organization’s internal controls, which are practices and procedures established to create business value and minimize risk.
  • counterfeit app (fake app) - A counterfeit app is an app that claims to fill a purpose while actually being fake, ineffective, useless or even harmful to a user's device.
  • covert redirect - Covert redirect is a security flaw that allows attackers to exploit an open redirect vulnerability.
  • cross-site request forgery (XSRF or CSRF) - Cross-site request forgery (XSRF or CSRF) is a method of attacking a Web site in which an intruder masquerades as a legitimate and trusted user.
  • cross-site tracing (XST) - Cross-site tracing (XST) is a sophisticated form of cross-site scripting (XSS) that can bypass security countermeasures already put in place to protect against XSS.
  • Cybercrime - Cybercrime is any criminal activity that involves a computer, networked device or a network.
  • cybersecurity - Cybersecurity is the protection of internet-connected systems, including hardware, software and data, from cyberattacks.
  • cyberwarfare - Cyberwarfare is computer- or network-based conflict involving politically motivated attacks by a nation-state on another nation-state.
  • data breach - A data breach is a confirmed incident in which sensitive, confidential or otherwise protected data has been accessed and/or disclosed in an unauthorized fashion.
  • data masking - Data masking is a method of creating a structurally similar but inauthentic version of an organization's data that can be used for purposes such as software testing and user training.
  • DCPromo (Domain Controller Promoter) - DCPromo (Domain Controller Promoter) is a tool in Active Directory that installs and removes Active Directory Domain Services and promotes domain controllers.
  • digital wallet security - Digital wallets are used for transactions involving both conventional and digital currencies, but because the latter work differently, they require different safeguards – or at least variations on traditional security measures.
  • disposable email - What is a disposable email?Disposable email is a service that allows a registered user to receive email at a temporary address that expires after a certain time period elapses.
  • DNS Security Extensions (DNSSEC) - DNS Security Extensions (DNSSEC) are a set of Internet Engineering Task Force (IETF) standards created to address vulnerabilities in the Domain Name System (DNS) and protect it from online threats.
  • eavesdropping - Eavesdropping is the unauthorized real-time interception of a private communication, such as a phone call, instant message, videoconference or fax transmission.
  • encryption key management - Encryption key management is the administration of tasks involved with protecting, storing, backing up and organizing encryption keys.
  • endpoint fingerprinting - Endpoint fingerprinting is a feature of enterprise network access control (NAC) products that enables discovery, classification and monitoring of connected devices, including non-traditional network endpoints such as smartcard readers, HVAC systems, medical equipment and IP-enabled door locks.
  • engine-level encryption - Engine-level encryption is cryptographic encoding and decoding of data that is executed within a database engine.
  • Fennec - Fennec is a version of the Firefox browser adapted for mobile phones and other small computing devices.
  • FFIEC compliance (Federal Financial Institutions Examination Council) - FFIEC compliance is conformance to a set of standards for online banking issued in October 2005 by the Federal Financial Institutions Examination Council (FFIEC).
  • Firefox 3.5 - Firefox 3.5 is a version of the Mozilla Foundation's Web browser that was released in June 2009.
  • Firesheep - Firesheep is a Firefox plug-in that automates session hijacking attacks over unsecured Wi-Fi networks.
  • Flexible Mandatory Access Control (FMAC) - Flexible Mandatory Access Control (FMAC) is an ongoing project intended to enhance the Sun Microsystems OpenSolaris operating platform by adding two security technologies: Flux Advanced Security Kernel (Flask) and Type Enforcement (TE).
  • fuzz testing (fuzzing) - Fuzz testing (fuzzing) is a technique used by ethical hackers to discover security loopholes in software, operating systems or networks by massive inputting of random data to the system in an attempt to make it crash.
  • geolocation - Geolocation is the detection of the physical location of an Internet connected computing device.
  • Google Docs - Google Docs is a free Web-based application in which documents and spreadsheets can be created, edited and stored online.
  • hackerazzi - Hackerazzi are cybercriminals who hack into the email accounts of celebrities to access and exploit their private information.
  • health informatics - Health informatics is the practice of acquiring, studying and managing health data and applying medical concepts in conjunction with health information technology systems to help clinicians provide better healthcare.
  • Higgins Trust Framework (HTF) - The Higgins Trust Framework (HTF) is an API (application program interface) that allows end users to store identity information in locations of their choice and share portions of that information anonymously with online vendors and service providers in a controlled manner.
  • honey monkey - A honey monkey is a virtual computer system that is programmed to lure, detect, identify and neutralize malicious activity on the Internet.
  • IFrame (Inline Frame) - The IFrame HTML element is often used to insert content from another source, such as an advertisement, into a Web page.
  • initialization vector (IV) - An initialization vector (IV) is an arbitrary number that can be used along with a secret key for data encryption.
  • intelligent video - Intelligent video is digital video technology integrated with analytical software.
  • Internet Storm Center - The Internet Storm Center is a website provided by the SANS Institute that monitors current online security attacks and publishes information about them.
  • iris recognition - Iris recognition is a method of identifying people based on unique patterns within the ring-shaped region surrounding the pupil of the eye.
  • ISO 27001 - ISO 27001 (formally known as ISO/IEC 27001:2005) is a specification for an information security management system (ISMS).
  • ISO/IEC 38500 - ISO/IEC 38500 is an international standard created to guide corporate governance of information technology (IT).
  • Java Authentication and Authorization Service (JAAS) - The Java Authentication and Authorization Service (JAAS) is a set of application program interfaces (APIs) that can determine the identity of a user or computer attempting to run Java code, and ensure that the entity has the privilege or permission to execute the functions requested.
  • JavaScript hijacking - JavaScript hijacking is a technique that an attacker can use to read sensitive data from a vulnerable Web application, particularly one using Ajax (Asynchronous JavaScript and XML).
  • key-value pair (KVP) - A key-value pair (KVP) is a set of two linked data items: a key, which is a unique identifier for some item of data, and the value, which is either the data that is identified or a pointer to the location of that data.
  • keystroke dynamics - Keystroke dynamics are the patterns of rhythm and timing created when a person types.
  • keyword stuffing - Keyword stuffing is the practice of inserting a large number of keywords into Web page content and meta tags in the attempt to artificially increase the page's ranking in search results.
  • kill switch - A kill switch is a mechanism used to shut down or disable machinery or a device or program.
  • knowledge process outsourcing (KPO) - Knowledge process outsourcing (KPO) is the allocation of relatively high-level tasks to an outside organization or a different group within the same organization.
  • LDAP injection - LDAP injection is a type of security exploit that is used to compromise the authentication process used by some websites.
  • load testing - Load testing is the process of subjecting a computer, peripheral, server, network or application to a work level approaching the limits of its specifications.
  • log analytics - Log analytics is the assessment of a recorded set of information from one or more events, captured from a computer, network, application operating system (OS) or other IT ecosystem component.
  • malvertizement - A malvertizement is malicious coding served through an ad on a Web site or in an email message.
  • man in the browser - Man in the browser refers to an emerging tactic used by hackers to commit financial fraud.
  • man-in-the-disk (MITD) attack - Man-in-the-disk (MITD) is an attack vector that allows an intruder to intercept and potentially alter data as it moves between Android external storage and an installed app.
  • managed file transfer (MFT) - Managed file transfer (MFT) is a type of software used to provide secure internal, external and ad-hoc data transfers through a network.
  • Massachusetts data protection law - What is the Massachusetts data protection law?The Massachusetts data protection law is legislation that stipulates security requirements for organizations that handle the private data of residents.
  • meet-in-the-middle attack - Meet-in-the-middle is a type of attack that can exponentially reduce the number of brute force permutations required to decrypt text that has been encrypted by more than one key.
  • Metamorphic virus - A metamorphic virus is a type of malware that is capable of changing its code and signature patterns with each iteration.
  • micropayment - A micropayment is an e-commerce transaction involving a very small sum of money in exchange for something made available online, such as an application download, a service or Web-based content.
  • Microsoft System Center Mobile Device Manager (MSCMDM) - Microsoft System Center Mobile Device Manager (MSCMDM) is server-based software that allows enterprise IT professionals to manage and automate tasks for Windows Mobile devices.
  • MIEL e-Security - MIEL e-Security is a Mumbai-based organization that provides information security services and solutions to organizations worldwide.
  • mobile app security - Mobile app security is the extent of protection that mobile device application programs (apps) have from malware and the activities of crackers and other criminals.
  • mobile application vetting - Mobile application vetting is a process that app developers take to verify the compliance of mobile applications with a specified security requirement or standard.
  • multifactor authentication (MFA) - Multifactor authentication (MFA) is a security system that requires more than one method of authentication from independent categories of credentials to verify the user’s identity for a login or other transaction.
  • mutual authentication - Mutual authentication, also called two-way authentication, is a process or technology in which both entities in a communications link authenticate each other.
  • MyDiamo - MyDiamo is database encryption software for MySQL that runs on virtually all platforms that MySQL supports, including Linux, UNIX and Windows.
  • National Vulnerability Database (NVD) - NVD (National Vulnerability Database) is a product of the National Institute of Standards and Technology (NIST) Computer Security Division and is used by the U.

-ADS BY GOOGLE

SearchCompliance

  • California Consumer Privacy Act (CCPA)

    The California Consumer Privacy Act (CCPA) is legislation in the state of California that supports an individual's right to ...

  • compliance audit

    A compliance audit is a comprehensive review of an organization's adherence to regulatory guidelines.

  • regulatory compliance

    Regulatory compliance is an organization's adherence to laws, regulations, guidelines and specifications relevant to its business...

SearchSecurity

  • endpoint detection and response (EDR)

    Endpoint detection and response (EDR) is a category of tools and technology used for protecting computer hardware devices–called ...

  • ransomware

    Ransomware is a subset of malware in which the data on a victim's computer is locked, typically by encryption, and payment is ...

  • single sign-on (SSO)

    Single sign-on (SSO) is a session and user authentication service that permits an end user to enter one set of login credentials ...

SearchHealthIT

SearchDisasterRecovery

  • disaster recovery team

    A disaster recovery team is a group of individuals focused on planning, implementing, maintaining, auditing and testing an ...

  • cloud insurance

    Cloud insurance is any type of financial or data protection obtained by a cloud service provider. 

  • business continuity software

    Business continuity software is an application or suite designed to make business continuity planning/business continuity ...

SearchStorage

  • blockchain storage

    Blockchain storage is a way of saving data in a decentralized network which utilizes the unused hard disk space of users across ...

  • disk mirroring (RAID 1)

    RAID 1 is one of the most common RAID levels and the most reliable. Data is written to two places simultaneously, so if one disk ...

  • RAID controller

    A RAID controller is a hardware device or software program used to manage hard disk drives (HDDs) or solid-state drives (SSDs) in...

Close