Acronyms Flashcards
3DES
Triple Data Encryption Standard
- Variant of DES that uses 3 different keys to perform the encryption process. (3 separate passes through the data)
- Symmetrical
- No longer use 3DES either
- (AES is the workhorse encryption standard today)
AAA
Authentication, Authorization, Accounting
- Proving who you are
- Deciding what you have access to
- ## Keeping track of who authenticated onto network
ABAC
Attribute Based Access Control
- An access control paradigm whereby access rights are granted to users through the use of policies which combine attributes together.
- The policies can use any type of attributes (user attributes, resource attributes, environment attribute etc.).
- Ex: Permit managers to **, provided that **, if ** or ** unless **
ACL
Access Control List
- set of permissions that are then assigned to an object
- Used in firewalls, switches, routers, and OS
- All of them to some degree allow/restrict access to certain parts of the network or to an OS
- They can be very specific (to ports) and / or very complex
AD
Active Directory
- Directory servers that runs on Microsoft Windows Server
- Main function is to enable administrators to manage permissions and control access to network resources
AES
Advanced Encryption Standard
- Most popular SYMMETRIC encryption in use today
- Standard of the US Federal Government
- Added to FIPS 197 in 2001 (It took five years to standardize and eventually replace DES)
- 128 cipher block encryption (in a single pass)
- Supports 128, 192, and 256 bit key sizes
- Ex: A wireless network where all information is encrypted with WPA2 uses AES
AES256
Advanced Encryption Standard 256bit
- largest key size for AES (symmetric)
AH
Authentication Header
- Can provide data integrity (Ex: in IPSec)
AI
Artificial Intelligence
AIS
Automated Indicator Sharing
- A way to automate the process of gathering and disseminating threat information that’s secure
- A way to process and move the information between organizations over the internet
ALE
Annualized Loss Expectancy
- ARO X SLE = ALE
- The total number in dollars if an event occurs based on its frequency
AP
Access Point
- Most APs allow you to configure MAC- level filtering to the AP itself
API
Application Programming Interface
APT
Advanced Persistent Threat
ARO
Annualized Rate of Occurrence
- The number of times / year something happens
- ARO X SLE = ALE
- can be based on historical data, how often a threat would be successful exploiting a vulnerability
ARP
Address Resolution Protocol
- A way to translate IP address to MAC address.
- Purpose is to find out the MAC address of a device on the LAN
- used when IPV4 is used over ethernet
- Helps resolve an address of a specific computer by sending a piece of information from the local computer to a remote computer where the server process is executed. This piece of information allows the server to identify the network system and provide the address
- See also DHCP and DNS
ASLR
Address Space Layout Randomization
- Method used by programmers to randomly arrange the different address spaces used by a program or process to prevent buffer overflow exploits
ASP
Active Server Pages
ATT&CK
Adversarial Tactics, Techniques and Common Knowledge
- MITRE framework
- Identify broad categories of attacks, find exact intrusions and how they are occurring and how attackers are moving around after the attack and identify security techniques that can help you block future attacks
AUP
Acceptable Use Policy
- Many organizations have them
- Detailed documentation that covers how all of the different technologies in your environment should be used
- Covers internet, telephones, computers, mobile devices
- A way for employer to set expectations
BCP
Business Continuity Plan
BGP
Border Gateway Protocol
- allows different autonomous systems on the internet to share routing information
- more flexible than OSPF and can be used on larger networks
- emphasis on determining the best path (OSPF, the fastest)
BIA
Business Impact Analysis
AV
Antivirus
BASH
Bourne Again Shell
BIOS
Basic Input Output Systems
BPA
Business Partnership Agreement
BPDU
Bridge Protocol Data Unit
- Primary protocol used by the Spanning tree protocol
BSSID
Basic Service Set Identifier
BYOD
Bring Your Own Device
CA
Certificate Authority
CAPTCHA
Completely Automated Public Turning Test to Tell Computers and Humans Apart
CAR
Corrective Action Report
CASB
Cloud Access Security Broker
CBC
Cipher Block Chaining
CCMP
Counter-Mode/CBC-MAC Protocol
CCTV
Closed Circuit Television
CERT
Computer Emergency Response Team
CFB
Cipher Feedback
CHAP
Challenge-Handshake Authentication Protocol
- Used to provide authentication by using the user’s password to encrypt a challenge string of random numbers
- PAP and CHAP are mostly used with dial-up
- MS-CHAP = Microsoft’s versions
CIO
Chief Information Officer
CIRT
Computer Incident Response Team
CIS
Center for Internet Security
- Non profit organization focused on developing globally-recognized best practices for securing IT systems and data against cyber attacks
CMS
Content Management System
CN
Common Name
COOP
Continuity of Operations Planning
COPE
Corporate-owned Personally Enabled
CP
Contingency Planning
CRC
Cyclic Redundancy Check
CSP
Cloud Service Provider
CSR
Certificate Signing Request
CSRF
Cross-Site Request Forgery
CSU
Channel Service Unit
- hardware that concerts digital data frames from LAN into frames for WAN and vice versa
- received and transmits signals to and from the WAN line and provided a barrier for electrical interference from either side of the unit
- can echo loop back signals for testing purposes
- connects the network provider side
- CSU/DSU (Data service Unit). The DSU connects to your Data Terminal Equipment (often a router)
CTM
Counter-Mode
CTO
Chief Technology Officer
CVE
Common Vulnerabilities and Exposures
CVSS
Common Vulnerability Scoring System
CYOD
Choose Your Own Device
DAC
Discretionary Access Control
DBA
Database Administrator
DDoS
Distributed Denial of Service
DEP
Data Execution Prevention
DER
Distinguished Encoding Rules
- most popular way to store X.509 file certificates
- DER encoding certificates are supported by almost all applications
- Ex: OpenSSL and keytool
DES
Data Encryption Standard
- Created by the NSA and IBM b/n 1972 -1977, used to be the most popular symmetric encryption algorithm in use
- Part of FIPs
- Used 64-bit block cypher (encrypted 64 bits of data at a time)
- Used a 56-bit key, which is small so now it is easy to brute force.
- No longer practically used today as a result
DHCP
Dynamic Host Configuration Protocol
- Network protocol that dynamically (automatically) assigns IP addresses to the computers or other devices on each LAN network
- Can assign an IP address from within a given range
- See also ARP and DNS
- DHCP snooping = switch configured with a series of trusted interfaces that may have routers, switches and other DHCP servers on it, but it would have other interfaces that are not trusted, the switch is constantly monitoring the conversations
DHE
Diffie-Hellman Ephemeral
DKIM
Domain Keys Identified Mail
DLL
Dynamic-link Library
DLP
Data Loss Prevention
DMARC
Domain Message Authentication Reporting and Conformance
DNAT
Destination Network Address Translation
DNS
Domain Name System
- Maps the IP addresses into a human-readable name and vice versa
- Ex: IP address 1234… = professormesser.com
- See also ARP and DHCP
DNSSEC
Domain Name System Security Extension
DoS
Denial of Service
DPO
Data Protection Officer
DRP
Disaster Recovery Plan
DSA
Digital Signature Algorithm
DSL
Digital Subscriber Line
EAP
Extensible Authentication Protocol
- A framework of protocols that allows for numerous methods of authentication including passwords, digital certificates and public key infrastructure
- EAP-MD5 uses simple passwords for challenge-authentication
- EAP-TLS uses digital certificates for mutual authentication
- EAP-TTLS uses server-side digital certificate and a client-side password for mutual authentication
- EAP-FAST provides flexible authentication via secure tunneling (FAST) by using a protected access credential instead of a certificate for mutual authentication
- Protected EAP - supports mutal authentication by using server certificates and Active Director to authenticate a client’s passcode
ECB
Electronic Code Book
ECC
Elliptic-curve Cryptography
ECDHE
Elliptic-curve Diffie-Hellman Ephemeral
ECDSA
Elliptic-curve Digital Signature Algorithm
EDR
Endpoint Detection and Response
EFS
Encrypted File System
EIP
Extended Instructions Pointer
- tracks the address of the current instruction running in an application
- holds the address to (points to) the first byte of the next instruction to be executed
EOL
End of Life
EOS
End of Service
ERP
Enterprise Resource Planning
ESP
Encapsulation Security Payload
- member of IPSec
- encrypts and authenticated packed if data between computers using a VPN
- one of two layers of protection for IP sec (other is AH)
- ESP + Ah can operate in two modes transport (less secure) and tunnel (more secure)
ESSID
Extended Service Set Identifier
FACL
File-system Access Control List
FDE
Full Disk Encryption
FIM
File Integrity Monitoring
FPGA
Field Programmable Gate Array
- A processor that can be programmed to perform a specific function by a customer rather than at the time of manufacture
- End customer can configure the programming logic to run a specific application instead of using ASIC (application-specific integrated circuit)
- (IoT)
- considered an anti-tamper mechanism
FRR
False Rejection Rate
FTP
File Transfer Protocol
FTPS
File Transport Protocol Secure
ESN
Electronic Serial Number
GCM
Galois/Counter Mode
GDPR
General Data Protection Regulation
GPG
GNU Privacy Guard
GPO
Group Policy Object
GPS
Global Positioning System
GPU
Graphics Processing Unit
GRE
Generic Routing Encapsulation
HA
High Availability
HDD
Hard Disk Drive
HIDS
Host-based Intrusion Detection System
HIPS
Host-based Intrusion Prevention System
HMAC
Hash-based Message Authentication Code
HOTP
HMAC based One-time Password
- A password is computed from a shared secret and is synchronized between the client and server
- This was the original standard
- Uses a counter, that increments with each new validation
- It’s still used but companies like Google use TOTP
HSM
Hardware Security Module
- An appliance for generating and storing cryptographic keys that is less susceptible to tampering and insider threats than software based storage
HSMaaS
Hardware Security Module as a Service
HTML
Hypertext Markup Language
HTTP
Hyper Text Transfer Protocol
HTTPS
Hyper Text Transfer Protocol Secure
HVAC
Heating, Ventilation, Air-conditioning
IaaS
Infrastructure as a Service
IAM
Identity and Access Management
ICMP
Internet Control Message Protocol
ICS
Industrial Control Systems
- A network that manages embedded devices
- Used for electrical power stations, water suppliers, health services, telecommunications, manufacturing and defense needs
IDEA
International Data Encryption Algorithm
IDF
Intermediate Distribution Frame
IdP
Identity Provider
- a trusted third-party service for validating user identity in a federated identity system
IDS
Intrusion Detection System
IEEE
Institute of Electrical and Electronics Engineers
IKE
Internet Key Exchange
IM
Instant Messaging
IMAP4
Internet Message Access Protocol v4
IoC
Indicators of Compromise
- A specific activity that could indicate that someone is now inside your network
- Ex: Increase traffic, could be normal or could indicate data exfiltration
- Ex: files that should have constant hash values, are now different (hacker is modifying trusted documents)
IoT
Internet of Things
IP
Internet Protocol
- IPv4 32-bit addressing scheme that provides over 4B possible unique addresses
- commonly represented in dotted decimal format
- 3 ways of transmitting data through networks: unicast, multicast (1 to few), broadcast (1 to many)
- IPv6 128 bit that provides over 340 undecillion possible unique addresses (eventually this will over take IPv4 as IPv4 is currently running out.)
- Commonly represented in comma separated hexadecimal
- Unicast, multicast and anycast (to replace broadcast)
IPS
Intrusion Prevention System
IPsec
Internet Protocol Security
IR
Incident Response
IRC
Internet Relay Chat
IRP
Incident Response Plan
ISA
Interconnection Security Agreement
- Document that regulates security-relevant aspects of an intended connection between an agency and an external system.
- Supports / usually proceeded by a MOU / MOA
ISFW
Internal Segmentation Firewall
ISO
International Organization for Standardization
ISP
Internet Service Provider
ISSO
Information Systems Security Officer
ITCP
IT Contingency Plan
IV
Initialization Vector
KDC
Key Distribution Center
KEK
Key Encryption Key
L2TP
Layer 2 Tunneling Protocol
LAN
Local Area Network
LDAP
Lightweight Directory Access Protocol
- A databased used to centralize information about clients and objects on the network
- Port 389 Unecrypted
- Port 636 encrypted
- (Active Directory is Microsoft’s version)
LEAP
Lightweight Extensible Authentication Protocol
- proprietary to Cisco based networks
MaaS
Monitoring as a Service
MAC
Media Access Control
- Address of a network card, the physical address (every adaptor has a different MAC address)
- 46 bits long (6 bytes)
- 1st section, is the OUI (manufacturer portion) 2nd section is the Serial Number
- Switches interpret the MAC addresses
- MAC flooding turns switch into a hub
- One issue with MAC filtering, easy to circumvent, you just need a packet capturing device to see which MAC addresses are allowed to communicate and then simply spoof that address (MAC filtering attempts security through obscurity but is really not effective at all)
MAM
Mobile Application Management
MAN
Metropolitan Area Network
MBR
Master Boot Record
MD5
Message Digest 5
MDF
Main Distribution Frame
MDM
Mobile Device Management
MFA
Multifactor Authentication
MFD
Multifunction Device
MFP
Multifunction Printer
ML
Machine Learning
MMS
Multimedia Message Service
MOA
Memorandum of Agreement
MOU
Memorandum of Understanding
MPLS
Multiprotocol Label Switching
MSA
Measurement Systems Analysis
- provides a way for a company to evaluate and assess the quality of the process used in their measurement systems.
- ex six sigma
- will assess the measurement itself and then be able to calculate any uncertainty that may be in place during the measurement process
- Specifies generic terms to simplify negotiation of future contracts
MS-CHAP
Microsoft Challenge-Handshake
MSP
Managed Service Provider
- Delivers services (like network, application, infrastructure and security) via ongoing and regular support and active administration on customers premise.
MSSP
Managed Security Service Provider
- Provides outsourced monitoring and management of security devices and systems.
- Common services: managed firewall, IDS, VPN, vulnerability scanning and anti viral services.
- use high availability security operation centers to provide 24/7 services designed to reduce the number of operational security personnel an enterprise needs
MTBF
Mean Time Between Failures
MTTF
Mean Time to Failure
MTTR
Mean Time to Repair
MTU
Maximum Transmission Unit
NAC
Network Access Control
- Method of controlling who or what gains access to a wired or wireless network
- Most cases NAC uses a combination of 802.1x security and some form of posture assessment for a device attempting to log into the network
- (a posture assessment considers the state of the requesting device (the device must meet a minimum set of standards before it is allowed access to the network. Ex: type of device, OS, patch level, presence of anti malware and is software up to date)
NAS
Network-attached Storage
= A storage appliance that is placed on the network.
- Specially designed to store data more efficiently than standard data methods
- (Note a SAN often includes many NAS. A SAN = storage area network, which is a an actual network of devices that have the sole purpose of storing data efficiently)
NAT
Network Address Translation
- Process of changing an IP address while it transits across a router
- NAT can help hide network IPs
NDA
Non-disclosure Agreement
NFC
Near-field Communication
NFV
Network Function Virtualization
NGFW
Next-generation Firewall
NG-SWG
Next-generation Secure Web Gateway
NIC
Network Interface Card
NIDS
Network-based Intrusion Detection System
NIPS
Network-based Intrusion Prevention System
NIST
National Institute of Standards & Technology
- CSF = NIST’s voluntary framework outlining best practices for computer security
NOC
Network Operations Center
NTFS
New Technology File System
NTLM
New Technology LAN Manager
NTP
Network Time Protocol
- Protocol used to synchronize computer clock times in a network.
- One of the oldest parts of the TCP/IP protocol suite
- ensures the reliability of the Kerberos authentication process
OCSP
Online Certificate Status Protocol
- allows the browser to check for certificate revocation
OID
Object Identifier
OS
Operating System
OSI
Open Systems Interconnection
OSINT
Open-source Intelligence
OSPF
Open-source Intelligence
OT
Operational Technology
- A communications network designed to implement an industrial control system rather than data networking
- Industrial Systems prioritize availability and integrity over confidentiality
- (ICS, SCADA vulnerabilities)
OTA
Over-The-Air
OTG
On-The-Go
- technology enables establishing direct communication links between two USB devices (ex: mobile phone to usb port)
OVAL
Open Vulnerability and Assessment Language
OWASP
Open Web Application Security Project
P12
PKCS #12
P2P
Peer-to-Peer
PaaS
Platform as a Service
PAC
Proxy Auto Configuration
PAM
Privileged Access Management
PAM
Pluggable Authentication Modules
PAP
Password Authentication Protocol
- Used to provide authentication but is not considered secure since it transmits login credentials in the clear
PAT
Port Address Translation
- Router keeps track of requests from internal hosts by assigning them random high number ports for each request
PBKDF2
Password-based Key Derivation Function 2
PBX
Private Branch Exchange
PCAP
Packet Capture
PCI DSS
Payment Card Industry Data Security Standard
PDU
Power Distribution Unit
PE
Portable Executable
PEAP
Protected Extensible Authentication Protocol
PED
Protected Extensible Authentication Protocol
PEM
Privacy Enhanced Mail
PFS
Perfect Forward Secrecy
PGP
Pretty Good Privacy
PHI
Personal Health Information
PII
Personally Identifiable Information
PIN
Personal Identification Number
PIV
Personal Identity Verification
PKCS
Public Key Cryptography Standards
PKI
Public Key Infrastructure
PoC
Proof of Concept
POP
Post Office Protocol
POTS
Plain Old Telephone Service
PPP
Point-to-Point Protocol
PPTP
Point-to-Point Tunneling Protocol
PSK
Pre-shared Key
PTZ
Pan-Tilt-Zoom
PUP
Potentially Unwanted Program
QA
Quality Assurance
QoS
Quality of Service
RA
Registration Authority
RAD
Rapid Application Development
RADIUS
Remote Authentication Dial-in User Service
- Provides centralized administration of dial-up, VPN, and wireless authentication services for 802.1x and the Extensible Authentication Protocol (EAP)
- Operates at the application layer
- Authentication = Port 1812 or 1645
- Authorization = Port 1813 or 1646
- Standard ports vs proprietary
RAID
Redundant Array of Inexpensive Disks
RAM
Random Access Memory
RAS
Remote Access Server
RAT
Remote Access Server
RC4
Rivest Cipher version 4
- A legacy symmetric encryption algorithm
- Rivest Cipher 4 (Ron Rivest)
- Part of the original WEP standard (no longer in use in today’s wireless)
- Also part of the SSL Standard (But when TLS replaced SSL, RC4 was also replaced)
- One problem: Biased output
- Uncommon today
RCS
Rich Communication Services
- a technology designated as a successor to SMS and MMS
RFC
Request for Comments
RFID
Radio Frequency Identification
RIPEMD
RACE Integrity Primitives
Evaluation Message Digest
ROI
Return on Investment
RPO
Recovery Point Objective
- maximum tolerable point in time to which systems and data must be recovered after an outage
RSA
Rivest, Shamir, & Adleman
RTBH
Remotely Triggered Black Hole
RTO
Recovery Time Objective
- Maximum tolerable period of time required for restoring business functions after a failure or disaster
RTOS
Real-time Operating System
RTP
Real-time Transport Protocol
S/MIME
Secure/Multipurpose Internet Mail Extensions
SaaS
Software as a Service
SAE
Simultaneous Authentication of Equals
SAML
Security Assertions Markup Language
SCADA
Supervisory Control and Data Acquisition
- A type of industrial control system that manages large-scale, multiple-site devices and equipment spread over geographical region
- Typically run as software on ordinary computers to gather data from and manage plant devices and equipment with embedded PLCs (Programmable Logic Controller - a type of computer designed for deployment in an industrial / outdoor setting that can automate and monitor mechanical systems)
SCAP
Security Content Automation Protocol
SCEP
Simple Certificate Enrollment Protocol
SDK
Software Development Kit
SDLC
Software Development Life Cycle
SDLM
Software Development Life-cycle Methodology
SDN
Software-defined Networking
SDP
Service Delivery Platform
SDV
Software-defined Visibility
SED
Self-Encrypting Drives
- Can provide whole disk encryption
- The controller can automatically encrypt data that is written to it on the disk drive
SEH
Structured Exception Handling
- Provides control over what the application should do when faced with a runtime or syntax error
SFTP
SSH File Transfer Protocol
SHA
Secure Hashing Algorithm
SIEM
Security Information and Event Management
SIM
Subscriber Identity Module
SIP
Session Initiation Protocol
- Protocol used for managing real-time sessions that include voice, video, application sharing or IM services
SLA
Service-level Agreement
- Agreement between a service provider and users defining the nature, availabilty, quality and scope of the service to be provided
- Specifies performance requirements for a vendor (and penalties)
SLE
Single Loss Expectancy
- Describes how much money we will lose if a single event occurs
- ARO X SLE = ALE
SMB
Server Message Block
S/MIME
Secure/Multipurpose Internet Mail Extensions
SMS
Short Message Service
SMTP
Simple Mail Transfer Protocol
SMTPS
Simple Mail Transfer Protocol Secure
SNMP
Simple Network Management Protocol
SOAP
Simple Object Access Protocol
SOAR
Security Orchestration, Automation, Response
SoC
System on Chip
- A processor that integrates the platform functionality of multiple logical controllers onto a single chip
- They are power efficient and used with embedded systems (IoT)
SOC
Security Operations Center
SPF
Sender Policy Framework
SPIM
Spam over Instant Messaging
SQL
Structured Query Language
SQLi
SQL Injection
SRTP
Secure Real-time Transport Protocol
SSD
Solid State Drive
SSH
Secure Shell
SSID
Service Set Identifier
SSL
Secure Sockets Layer
SSO
Single Sign-on
- A default user profile for each user is created and linked with all of the resources needed
- Compromised SSO credentials are a big security breach
STIX
Structured Threat Information eXpression
- Standardized format for threats
- Includes motivations, abilities, capabilities and response information
- Part of AIS
STP
Shielded Twisted Pair
SWG
Secure Web Gateway
TACACS+
Terminal Access Controller Access Control System
- Cisco’s proprietary version of RADIUS
- Port 49 (TCP)
- Encrypts the entire payload of the access-request packet
- Primarily used for device administration
- Separates authentication and authorization
- part of 802.1x (along with RADIUS)
TAXII
Trusted Automated eXchange
of Intelligence Information
- The trusted transportation to securely exchange STIX information
TCP/IP
Transmission Control Protocol/Internet Protocol
TGT
Ticket Granting Ticket
TKIP
Temporal Key Integrity Protocol
TLS
Transport Layer Security
- Cryptographic protocol to encrypt online communications.
- Uses certificates and asymmetrical cryptography to authenticate hosts and exchange security keys
- Better option than SSL which functions similarly
TOTP
Time-based One Time Password
- A password is computed from a shared secret and current time
TPM
Trusted Platform Module
- A specification for hardware based storage of digital certificates, keys, hashed passwords, and other user and platform identification information
- A TPM can be managed in Windows via the tpm.msc console or group policy
TSIG
Transaction Signature
TTP
Tactics, Techniques, and Procedures
UAT
User Acceptance Testing
UDP
User Datagram Protocol
UEBA
User and Entity Behavior Analytics
UEFI
Unified Extensible Firmware Interface
- A type of system firmware providing support for a 64-bit CPU operation at boot, full GUI and mouse operation at boot and better boot security
UEM
Unified Endpoint Management
UPS
Uninterruptible Power Supply
URI
Uniform Resource Identifier
URL
Universal Resource Locator
USB
Universal Serial Bus
USB OTG
USB On-The-Go
UTM
Unified Threat Management
UTP
Unshielded Twisted Pair
VBA
Visual Basic for Applications
VDE
Virtual Desktop Environment
VDI
Virtual Desktop Infrastructure
VLAN
Virtual Local Area Network
VLSM
Variable-length Subnet Masking
VM
Virtual Machine
VoIP
Voice over IP
VPC
Virtual Private Cloud
VPN
Virtual Private Network
- Allows end users to create a tunnel over an untrusted network and connect remotely and securely back into the enterprise network
- Client to Site VPN or Remote Access VPN
- VPN Concentrator = Specialized hardware device that allows for hundreds of simultaneous VPN connections for remote workers
VTC
Video Teleconferencing
WAF
Web Application Firewall
WAP
Wireless Access Point
- It’s a bridge
- Switch configuration that’s taking traffic from the wireless network and switching it on to the Ethernet network
- Very similar to a switch as a layer 2 device on a network
- Some let you control the power to the WAP (which controls its range)
- Different than the wireless router at home
WEP
Wired Equivalent Privacy
WIDS
Wireless Intrusion Detection System
WIPS
Wireless Intrusion Prevention System
WORM
Write Once Read Many
WPA
WiFi Protected Access
WPS
WiFi Protected Setup
XaaS
Anything as a Service
XML
Extensible Markup Language
- Markup language similar to HTML, but without predefined tags to use
- Instead you define your own tags for your needs
- powerful way to store data in a format that can be stored, searched, and shared
- Stores and transfers data (Whereas HTML displays data and describes the structure of a webpage), standard language which can define other computer languages
XOR
Exclusive OR
- Compares two input bits and generates one output bit
- if bits are the same, result = 0, if bits are different result = 1
- A way to make data less readable, it’s a cipher
XSRF
Cross-site Request Forgery
- aka one click attack or session-riding
- Takes advantage of the trust that a web browswer and web site have with each other
XSS
Cross-site Scripting
- Occurs when an attacker embeds malicious scripting commands on a trusted website
- Stored / Persistent = attempts to get data provided by the attacker to be saved on the webserver (so that anyone who visits will be infected)
- Reflected = Attempts to have a non-persistent effective, it’s activated by a victim clicking on a link
- DOM - based = AAtemptse to xeloit the vvictim’sweb browswer
