skip to Main Content
This website use cookies which are necessary to its functioning and required to achieve the purposes illustrated in the privacy policy. To learn more or withdraw consent please click on Learn More. By continued use of this website you are consenting to our use of cookies.

Glossary of Cybersecurity Terms

Acutenix Vulnerability Scanner

The Acunetix vulnerability scanner is an automated web application security testing tool. Acunetix is used to scan your web applications and checks for a wide variety of exploitable vulnerabilities. The Acunetix vulnerability scanner works on any web application or website via browser and utilizes t...

Aircrack-ng

Aircrack-ng is a software suite for analyzing and hacking WiFi networks. Aircrack-ng functionality includes: Monitoring through packet capture and export of data to text files.  Attacking through deauthentication or fake access points. Testing by checking WiFi cards and driver capabilities. Cracking...

Alert Triage

Alert triage is the process of going through cybersecurity alerts and investigating them to determine the potential threat severity. An alert triage is also known as a cybersecurity alert triage or simply triage. The alert triage process must ultimately determine whether or not the alert should be e...

Anonymous Hackers

Anonymous hackers are a loosely organized Internet group of political activists who engage in hacktivism. Anonymous hackers began as a collective on the imageboard 4chan, an anonymous Internet chat room. Anonymous hackers are known as “Anons” and often wear Guy Fawkes masks to disguise their identit...

Application Security Testing

Application security testing is the process of scouting for vulnerabilities within applications. Due to the explosive use of APIs as a key driver in the rise of DevOps, digital transformation, and the creation of new mobile and web applications, the potential for sensitive data and even an applicati...

Application-Level Denial-of-Service (DoS)

Photo by Michael Geiger on Unsplash Application DDoS attacks are distributed denial of service (DDoS) attacks designed to make online application services unavailable by overwhelming them with a virtual flood of internet traffic. The significant increase in traffic overwhelms machines and networks,...

Asymmetric Cryptography

Asymmetric cryptography is a method of cryptography that uses pairs of keys. Asymmetric cryptography is also known as public-key cryptography. Each pair consists of a public key (known to others) and a private key (known only to the key owner). Asymmetric cryptography uses this pair of mathematicall...

Attack Surface Analysis

Attack surface analysis is a cybersecurity strategy that endeavors to eliminate or mitigate vulnerabilities and weak points in an organization’s IT environment through monitoring, scanning and penetration testing digital assets. The attack surface is defined as “the set of points on the boundary of...

Autonomous System

An autonomous system is a network or series that is all under the same administrative control. Sometimes, an autonomous system is also called a routing domain. An autonomous system is given a unique global number, sometimes known as an Autonomous System Number (ASN). Want to learn more? Check out ou...

Bounty Brief

Outlines the rules of engagement for a bounty program, thereby setting the expectations for how both parties will behave throughout the process.

British Standard 7799 (BS 7799)

The British Standard 7799 (BS 7799) is a standard that outlines how to set up an Information Security Management Infrastructure (ISMI). While the United States has not adopted the British Standard 7799, BS 7799 remains one of the most popular information security management systems globally. Securit...

Broken Access Control (BAC)

Broken Access Control is when an application does not thoroughly restrict user permissions for appropriate access to administrative functionality. The consequences associated to broken access control may include viewing of unauthorized content, modification or deletion of content, or full applicatio...

Buffer Overflow Attack

Buffer overflow attack is a cyberattack method in which the attacker exploits an application's security by deliberately overwriting the application's memory. A buffer overflow is one of the most known forms of software vulnerabilities. In a buffer overflow attack, a hacker most commonly manipulates...

Bug Bounty Program (BBP)

A bug bounty program (BBP) is a sponsored, organized effort that compensates security researchers for surfacing and reporting otherwise unknown network and software security vulnerabilities, thereby enabling the digitally connected business to manage and reduce their cybersecurity risks. The phrase...

Burp Vulnerability Scanner

The Burp Vulnerability Scanner is a tool used for testing web penetration. The Burp Vulnerability Scanner, part of the Burp Suite, is used by many cybersecurity professionals across the world. Many large retailers, banks, financial institutions, and government agencies use it to make information tec...

Canonicalization Attack

A canonicalization attack is a cyberattack method in which the attacker substitutes various inputs for the canonical name of a path or file. Typically exploited by entering the file path in an input field or webpage or part of a URL, canonical attacks enable attackers to access unauthorized files an...

CEH Certification

CEH certification is an accreditation that an individual understands and knows how to look for weaknesses and vulnerabilities in target systems, using the same knowledge and tools as a malicious hacker but for legal and ethical purposes. CEH certification was developed and offered by the EC-Council,...

Certificate-based Authentication

Certificate-based authentication is a method of cryptography that allows a user, machine, device, or IoT to securely identify itself to another across a network connection, using a public-key certificate. IT security teams generally consider certificate-based authentication preferable to password-ba...

Clickjacking

Clickjacking is a cyber-attack in which an attacker tricks a user into clicking on something different from what the user perceives, thereby causing the user to perform actions of which they are unaware. Clickjacking is also referred to as a “UI redress attack.” A common objective with a clickjackin...

Code Injection

Photo by Sigmund on Unsplash Code injection is a technique that a threat actor uses to input or inject malicious code which takes advantage of a validation flaw in the software. Code injection is also known as remote code execution (RCE). The malicious code is usually "injected" in the same language...

Common Vulnerability Exposure (CVE)

Photo by Florian Olivo on Unsplash Common Vulnerabilities and Exposures (CVE) are a listing of security threats categorized within a standardized reference system. The CVE program was launched in 1999 by MITRE to identify and catalog vulnerabilities in software into a freely accessible set of data s...

Common Vulnerability Scoring System (CVSS)

CVSS (Common Vulnerability Scoring System) is an industry standard for assessing the severity of a security vulnerability. The characteristics of a vulnerability are assessed, and then a numerical score is produced, which weights the overall severity. This numerical score can then be assigned to a c...

Common Weakness Enumeration (CWE)

Common Weakness Enumeration (CWE) is a classification and categorization of common software vulnerability types. There are currently over 600 categories ranging from buffer overflows, cross-site scripting to insecure random numbers. Weaknesses are generally vulnerabilities that may consist of flaws,...

CREST Certification

CREST certification is an accreditation that establishes professional standards for penetration testing. CREST (i.e., Council of Registered Security Testers) is a UK-based, nonprofit organization created in response to unregulated penetration vulnerability testing. The absence of penetration testing...

Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) is a cyberattack technique that forces a user to submit a request to a web application they have currently authenticated. CSRF is also referred to as session riding (sea surf) and hostile linking. CSRF is also classified as a flaw under the OWASP Top 10 A5 category....

Cross-Site Scripting (XSS)

Photo by Sigmund on Unsplash XSS (cross-site scripting) is a type of cyberattack in which the threat actor injects malicious scripts into websites and web applications. The goal is to have these scripts executed on the users' end-point devices where the threat actors can bypass controls and imperson...

Crowdcontrol

A powerful platform connecting the global security researcher community to the security market.

Crowdsourced Penetration Testing

Crowdsourced penetration testing is a form of penetration testing that varies from the standard pen test by involving a group of invited participants, otherwise known as ethical security hackers or “white hats.” These researchers are engaged on an incentivized basis, usually paid through “bug bounti...

Crowdsourced Security (CSS)

Crowdsourced security is an organized security approach wherein a number of ethical hackers are incentivized to search for and report vulnerabilities in the assets of a given organization, with the full understanding and awareness of the organization in question. The power of crowdsourced security i...

Cryptographic Algorithm

A cryptographic algorithm is the means of altering data from a readable form to a protected form and back to the readable form. Cryptographic algorithms are also known as ciphers. The Roman Empire first used cryptography using a non-complex letter substitution cipher to transmit sensitive messages....

Denial of Service

Denial of Service is the prevention of authorized access or delay in system operations and functions. A cybersecurity denial of service attack is a cyber attack that attempts to block access to a computer or network resource. Denial of service attacks are accomplished by disrupting the services of a...

Directory Traversal Attack

A directory traversal attack is a cyberattack in which an attacker gains access to restricted directories and can execute commands outside of a server’s root directory. A directory traversal attack is also known as a path traversal attack, dot-dot-slash attack, or a directory-climbing attack. In som...

Dynamic Link Library (DLL)

A dynamic link library (DLL) is a set of small programs that can be called by larger programs running on the computer. A dynamic link library program allows the larger program to communicate with a specific device, such as a scanner or printer. This program is commonly referred as a dynamic link lib...

Email Spoofing

Email spoofing is the malicious art of tricking an email recipient into believing that the message came from a person or an organization they can trust. Email spoofing is used extensively in phishing attacks to get the recipient to click on malware attachments, click on malicious links, provide sens...

Ethical Hackers

An ethical hacker is a computer security expert who uses penetration testing skills to help secure an organization's networks and information system assets.  An ethical hacker is also known as a white-hat hacker. Ethical hackers work with information technology and network operations teams to fix vu...

Ettercap

Ettercap is an open-source tool that can be used to support man-in-the-middle attacks on networks. Ettercap can capture packets and then write them back onto the network. Ettercap enables the diversion and alteration of data virtually in real-time. Ettercap can also be used for the protocol analysis...

Exponential Backoff Algorithm

The exponential backoff algorithm is a collision resolution mechanism that uses multiplicative factors to vary the timing of repeated transmissions to avoid network collisions. Exponential backoff algorithms were initially proposed for computer networking where multiple computers share a single medi...

Frontline Vulnerability Manager (Frontline VM)

Frontline Vulnerability Manager (Frontline VM) is a full-featured and easy-to-use SaaS vulnerability management solution brought to market by Digital Defense, Inc. Frontline Vulnerability Manager provides comprehensive security assessments which are then prioritized and tracked for remediation. This...

GFI LanGuard Network Scanner

The GFI LanGuard network scanner is a popular network and security tool for scanning and resolving security vulnerabilities. Today, there are tens of thousands of customers that use the product.  Like any security scanner, the GFI LanGuard network scanner provides the capability for you to scan your...

GIAC Certification

GIAC Certification is accreditation of information security expertise. Founded in 1999, the Global Information Assurance Certification (GIAC) entity offers more than 40 cybersecurity GIAC certifications that confirm mastery in critical, specialized infosec domains. The SANS Institute founded GIAC in...

Hack the Pentagon

Hack the Pentagon is a bug bounty program sponsored by the US Defense Department. Launched with a pilot in 2016, Hack the Pentagon was the first bug bounty program in the federal government's history. The goal of the Hack the Pentagon bug bounty program is to identify and resolve security vulnerabil...

Hacker

If you do a Google Image Search against the word hacker, you’ll get images of scary-looking balaclava-clad cybercriminals hunched over a quintessentially green computer terminal. They’re up to no good… Stealing your data, crashing critical systems, or causing general Internet badness. In reality, th...

Hacker Community

A hacker community is a group of individuals who enjoy the challenge of overcoming software security measures to achieve targeted outcomes. Hacker communities originated at MIT in the early 1960s and focused on finding creative ways to access secure computer systems without causing significant damag...

Hacktivism

Hacktivism is a form of civil disobedience to promote political or social change that uses hacking or other computer-based techniques. A form of Internet activism, hacktivists aim to question, provoke, and challenge governments, organizations, and companies who go against their moral position. Hackt...

HTTP Request Smuggling

HTTP request smuggling is a cyber-attack method in which an attacker inserts a second request into an original request between a front-end and back-end server. In a successful HTTP request smuggling attack, the second request is “smuggled” in the initial request and then processed by the back-end se...

Input Validation Attacks

Input validation attacks are a method of cyberattack in which the attacker injects malicious input that can be interpreted and executed by a target system to exploit its vulnerabilities. Input validation attacks can employ a variety of input types such as code, scripting, and commands. The most comm...

Internet of Things (IoT)

Any device (often called a “smart” or “connected” device) that connects to and exchanges information over the internet.

Intruder Vulnerability Scanner

The Intruder vulnerability scanner is a cloud-based software tool that finds and prioritizes cybersecurity weaknesses, helping organizations avoid the most serious security risks. Intruder was founded in 2015 by Chris Wallis. The company set initial goals upon improving the prioritization of identif...

IP Spoofing

IP spoofing is a cyberattack in which the attacker falsifies the content in the Source IP header, most often with randomized numbers, to masquerade as a legitimate entity. IP spoofing is the most common form of spoofing and is a common technique employed by hackers in DDoS malware kits and attack sc...

ISO 27001

ISO 27001 and ISO 27002 are cybersecurity framework standards that businesses use to improve their cyber strategy and better manage and minimize business risk. (ISO 27001 and ISO 27002 are also referred to as ISO/IEC 27001 and ISO/IEC 27002.) The International Organization for Standardization (ISO)...

Kali Linux

Kali Linux is an open source Linux distribution designed to support penetration testing and related security auditing. First released in 2013, Kali actually contains hundreds of tools to support activities such as penetration testing, computer forensics, reverse engineering and much more. Kali Linux...

Local File Inclusion (LFI)

Local File Inclusion (LFI) is a security vulnerability that allows a hacker to include a file, usually exploiting a “dynamic file inclusion” mechanism implemented in the target application. The Local File Inclusion vulnerability is created when the developer fails to ensure data validation of user-s...

LulzSec Hacker Group

LulzSec was the computer hacker group that was responsible for the 2011 Sony Pictures attack, among other high-profile attacks. LulzSec is a contraction of “lulz” for laughs and “security,” which hackers like to compromise. During their peak activity in 2011, LulzSec broke into government and privat...

Metasploit Framework

The Metasploit Framework is a complete software platform used for testing and executing exploits. Metasploit can also be used as a very flexible penetration testing system and is perhaps the most popular penetration testing tool used across the broad spectrum of ethical hackers, security researchers...

National Cybersecurity Awareness Month

Photo by Jefferson Santos on Unsplash National Cybersecurity Awareness Month (NCSAM) is an initiative by the US Department of Homeland Security to promote the importance of cybersecurity. Established in 2004, National Cybersecurity Awareness Month was started jointly by DHS's National Cyber Security...

Nessus® Vulnerability Scanner

The Nessus vulnerability scanner is a remote security scanner from Tenable, Inc. Nessus scans a computer and then generates alerts if vulnerabilities are discovered. Nessus runs over 1,000+ checks to see if vulnerabilities exist. First, you need to install Nessus. There are instructions on the Tenab...

Netsparker

Netsparker is a leading web vulnerability management software tool used by information technology, security operations, and development teams worldwide. Netsparker is a fully configurable Enterprise Dynamic Application Security Testing (DAST) tool.  A DAST tool  communicates with a web application u...

Nexpose Vulnerability Scanner

Nexpose vulnerability scanner is an automated penetration testing system. Nexpose can help you identify the open ports, applications, and services on each scanned machine. Nexpose will then seek vulnerabilities based upon the attributes of these discovered and known applications and services.  Penet...

NIKTO Web Scanner

The NIKTO web scanner is a popular open source scanner, used mostly on Apache servers, that runs a comprehensive suite of tests to check for security vulnerabilities and configuration issues. As it turns out, a point of NIKTO trivia is to know that the name “NIKTO” came from a cult science fiction m...

NIST Cybersecurity Framework

NIST CSF (The National Institute of Standards and Technologies Cyber Security Framework ) is a set of standards to help companies improve their overall cybersecurity posture. The NIST CSF defines a set of best practices that enables IT organizations to more effectively manage cybersecurity risks. Or...

Nmap Vulnerability Scanner (“Network Mapper”)

The Nmap vulnerability scanner (also known as “Network Mapper”) is a popular, open-source tool for security auditing and related network discovery. Authorized users can utilize Nmap to identify the devices running on their systems, hosts and the services that may be available. Nmap does a wonderful...

Open Web Application Security Project (OWASP)

The Open Web Application Security Project® (OWASP®) is a nonprofit foundation that works to improve software security. The OWASP Foundation is a trusted resource for software developers and technologists seeking to secure the Internet. OWASP sponsors many community-led open-source software projects...

OpenVAS

Photo by Shahadat Rahman on Unsplash OpenVAS is a widely used vulnerability scanner distributed by Greenbone Networks. OpenVAS includes a variety of built-in tests and a Web interface. In addition, OpenVAS makes setting up scanning user-friendly and highly configurable. OpenVAS is open source. When...

OSCP Certification

OSCP certification is an ethical hacking accreditation that uniquely requires to demonstrate both hands-on penetration testing skills as well as passing a final certification exam. Offensive Security offers OSCP (Offensive Security Certified Professional) certification. To become OSCP certified, can...

Payout

The money paid to a researcher once their vulnerability submission has been validated.

PCI Compliance

PCI Compliance refers to the technical and operational practices engaged in by businesses to adhere to the Payment Card Industry Data Security Standard (PCI DSS). A self-governance standard maintained by the Payment Card Industry Security Standards Council (PCI SSC), the PCI DSS provides security gu...

PCI DSS

PCI DSS, otherwise known as the Payment Card Industry Data Security Standard, is a set of guidelines and requirements businesses must adhere to ensure credit card information remains secure online. Companies that handle cardholder data, whether it involves processing, storing, or transmitting data,...

Penetration Testing

Penetration testing, commonly known as pen testing, is a simulated cyberattack done by authorized 3rd party ethical hackers, that tests and evaluates the security vulnerabilities of the target organization's computer systems, networks, and application infrastructure. Human penetration testing operat...

PHP Injection

PHP Injection is an application-level vulnerability that enables a hacker to execute different cyberattack methods, such as Code Injection, SQL Injection, Path Traversal, and Application Denial of Service, depending on the context. PHP Injection is also commonly referred to as PHP Object Injection....

Phreakers

Phreakers are hackers who specialize in attacks on the telephone system. Phreakers originally referred to groups who reverse-engineered the system of tones used to route long-distance calls. Phreakers re-created these tones, enabling them to switch calls from their phone handset and make free calls...

Ping of Death (PoD)

A ping of death (PoD) is a cyberattack in which an incorrectly large ICMP echo request packet is sent (a "ping") to cause the target machine to crash and overflow its input buffers. A similar attack known as an ICMP flood attack is more common today than a ping of death attack. The ping of death att...

Points

Points awarded or deducted for submissions to the researcher, builds status and used to measure the leaderboard.

Port Knocking

Port knocking is an authentication technique to validate a user and open a TCP/IP port to incoming packets. A port knocking sequence consists of a specific number of closed port connection attempts to particular IP addresses. When the correct series of port "knocks" is received, the firewall opens t...

Private Bug Bounty Program

Unlike public bug bounty programs, private bug bounty programs are programs that are not published to the public. Researchers on the Bugcrowd Platform can participate by invitation only. It is ideal for targets that are not publicly accessible such as staging environments, applications that require...

Public Program

A public bug bounty program is open to the entire researcher community to test for and report vulnerabilities in an organization’s software or digital assets. This means that all researchers on the Bugcrowd platform are given the right to hack your program.   Interested in learning more? Bugcrowd’s...

Public-Key Cryptography

Public-key cryptography is a method of cryptography that uses pairs of keys. Public-key cryptography is also known as asymmetric cryptography. Each pair consists of a public key (known to others) and a private key (known only to the key owner). Public-key cryptography uses this pair of mathematicall...

Qualified Security Assessor (QSA)

A Qualified Security Assessor (QSA) is an independent security organization that has been qualified and approved by the Payment Card Industry (PCI) Security Standards Council (SSC) to confirm and validate an entity's compliance with the PCI Data Security Standard (DSS). A QSA is responsible for the...

Qualys Vulnerability Scanner

The Qualys vulnerability scanner is an advanced cybersecurity tool used to identify and quantify software security vulnerabilities.  The Qualys vulnerability scanner is sold commercially around the world, and Qualys helps users prioritize these vulnerabilities, triage them, and then remediate them b...

RedHack

RedHack is a Turkish Marxist-Leninist hacktivist group. Founded in 1997, RedHack is also known as the Red Hackers Association or RHA. With 12 known members, RedHack is the first hacker group accused of being a terrorist organization and remains one of the world's most wanted hacker groups. RedHack's...

Remote Code Execution (RCE)

Remote code execution is a cyber-attack whereby an attacker can remotely execute commands on someone else's computing device. Remote code executions (RCEs) usually occur due to malicious malware downloaded by the host and can happen regardless of the device's geographic location. Remote Code Executi...

Researcher Portal

A community platform for researchers to follow and join programs, submit and manage vulnerabilities and receive rewards for their work.

Return on Security Investment (ROSI)

Return on Security Investment (ROSI) is a metric that quantifies the expected net value of an IT security investment. ROSI is a popular IT management metric in budgeting IT security investments and corporate IT budgets. In the case of cybersecurity, Return on Security Investment is focused on risk a...

Rewards

The payment for a valid vulnerability submission. This is defined in the scope of a program and can include anything from points to swag and cash.

SAINT Security Scanner

The SAINT Security Scanner is a commercial vulnerability assessment platform. SAINT, which is an acronym for Security Administrator’s Integrated Network Tool, was initially developed as a free UNIX tool. Later SAINT became part of a commercial suite of tools for vulnerability detection, exploitation...

Scope

Outlines the rules of engagement for a bounty program. This includes a clearly defined testing parameter to inform researchers what they can and cannot test, as well as the payout range for accepted vulnerabilities.

Script Kiddies

Script kiddies are less-experienced hackers who rely on existing software and tools to launch cyber attacks. A script kiddie is also known as a “skiddie” or “skid.” While security professionals often create their tools, script kiddies rely on off-the-shelf exploits, scripts, and tools for their cybe...

Secure SDLC

Secure SDLC is a software development life cycle that has been protected against attackers and outside threats through the integration of security testing through the process. The standard SDLC, referring to the framework used to build an application, involves the entire process of planning, design,...

Security Researcher

Security researchers are skilled computer experts that use their technical knowledge to identify cybersecurity vulnerabilities within an organization or industry. A security researcher must keep up with the latest data, developments, and trends in the cybersecurity world. Generally, they have respon...

Server-Side Request Forgery (SSRF)

A Server-Side Request Forgery (SSRF) is a dangerous form of cyberattack initiated by application requests that flow between HTTP servers. These requests are often associated with accessing and retrieving software updates, or perhaps to import data or metadata from another web server. These requests...

Session Hijacking

Session hijacking is a cyberattack in which an attacker controls a user’s web session by exploiting the web session control mechanism. A session hijacking attack is also known as TCP session hijacking. A session hijacking attack compromises the web session by stealing or predicting a valid session t...

SOC 2

SOC 2 is a voluntary compliance standard for services organizations, which defines criteria for managing customer data. SOC 2 is the second of three types of reports under the System and Organization Controls (SOC) standards program managed by the American Institute of Certified Public Accountants (...

SQL Injection (SQLi)

In a SQL injection attack malicious code is embedded in a poorly-designed application and then passed to the backend database. The malicious data then produces database query results or actions that should never have been executed.

Subdomain Takeover

Subdomain takeover is a form of cyberattack in which an attacker gains control over a subdomain of a target domain. An attacker’s objectives in a subdomain takeover might include serving content on the vulnerable subdomain, reading cookies from the primary domain, performing cross-site scripting, or...

Submission

The report a researcher submits to Bugcrowd describing the vulnerability or bug they found.

Target

A target is the thing (web or mobile application, hardware, API) that the crowd test for vulnerabilities.

The Crowd

The global community of white-hat hackers on the Bugcrowd platform who compete to find vulnerabilities in bug bounty programs.

Tripwire IP360

Tripwire IP360 is a vulnerability management solution which discovers assets, identifies vulnerabilities, and helps to prioritize cyberthreat risks. Tripwire IP360 is marketed by Portland, Oregon based Tripwire Inc. Tripwire has over 40+ patents and considerable intellectual property which makes IP3...

UI Redress Attack

A UI redress attack a is a cyber-attack in which an attacker tricks a user into clicking on something different from what the user perceives, thereby causing the user to perform actions of which they are unaware and unintended. A UI redress attack is also known as a “clickjacking” attack.  A common...

Valid

Valid refers to the state of a vulnerability that has been tested and confirmed real.

Vulnerability

A security flaw or weakness found in software or in an operating system (OS) that can lead to security concerns.

Vulnerability Assessment Tools

Vulnerability assessment tools are software and network scanners that can automatically scan your application for potential threats. The most common forms of vulnerability assessment tools are web application scanners (that simulate and test for known hacker attack patterns), protocol scanners (that...

Vulnerability Disclosure Program (VDP)

A Vulnerability Disclosure Program (VDP) is a structured framework for security researchers to document and submit security vulnerabilities to organizations. Vulnerability Disclosure Programs help organizations mitigate risk by supporting and enabling the disclosure and remediation of vulnerabilitie...

Vulnerability Priority

P1 - Critical: Vulnerabilities that cause a privilege escalation from unprivileged to admin or allow for remote code execution, financial theft, etc. P2 - High: Vulnerabilities that affect the security of the software and impact the processes it supports. P3 - Medium: Vulnerabilities that affect mul...

Vulnerability Report

A vulnerability report is a written record of a security issue or systemic flaws in an IT system, network architecture, application or resource. Vulnerability reports can be a comprehensive set of findings resulting from an overall security assessment, or a specific notice on a particular weak point...

White Hat Hacker

Photo by Philipp Katzenberger on Unsplash A white hat hacker is a computer security expert who uses penetration testing skills to help secure an organization's networks and information system assets. A white hack hacker is also known as an ethical computer hacker. White hat hackers work with informa...

Wireshark

Wireshark is an open-source packet analyzer which is used for network troubleshooting, analysis, communications protocol development, software development, and often education. Wireshark is regularly used to assist in the analysis of problems involving latency, dropped packets, and malicious and/or...

WPScan Security Scanner

WPScan is a security scanner designed for testing the security of websites built using WordPress. WPScan was developed using the Ruby programming language and then released in the first version in 2019. The WPScan security scanner is primarily intended to be used by WordPress administrators and secu...

XML External Entity Injection (XXE)

An attack against application(s) that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port sca...

Ysoserial

Ysoserial is a cyberattack tool for exploiting Java deserialization vulnerabilities. Ysoserial includes a collection of utilities and property-oriented programming "gadget chains" discovered in standard java and .NET libraries that can, under the right conditions, exploit Java and .NET applications...

Zero Day Attack

A zero-day attack is a computer attack that attempts to exploit vulnerabilities in computer applications that are unknown to others or disclosed to the software developer. A zero-day attack is also known as zero-hour or day zero threat. Before the software developer is aware, attackers can use zero-...
Back To Top