In cybersecurity, there’s always a replacement term, and it is vital to understand what all means for anyone involved within the spectrum of security management, from CISO to the safety team to the event team. Without the universal language, conversations around security could feel altogether foreign for various folks.
Say what you’ll about buzzwords and the way overused they maybe, but not knowing them may twiddling my thumbs your organization by not being on top of the industry jargon. If you’re currently building or working to secure applications at your organization, you actually can’t escape without knowing the safety buzzwords below.
What is a cyberattack?
A cyberattack is an effort by external or internal threats or attackers to take advantage of and compromise the confidentiality, integrity, and availability of data systems of a target organization or individual(s). Cyber-attackers use illegal tools and unethical methods, and approaches to cause damages and disruptions or gain unauthorized access to computers, devices, networks, applications, and databases. Both large-scale cyberattacks and mass incidents of knowledge theft feature within the top five presumably risks within the WEF’s Global Risks Report 2020
The following list highlights a number of the methods that criminals and attackers use to take advantage of software:
- Injection attacks (e.g., cross-site scripting, SQL injection, command injection)
- Session management and Man-in-the-Middle attacks
- Denial of service
- Privilege escalations
- Unpatched/Vulnerable software
- Remote code execution
- Brute force
Kind of cybersecurity threats
An email-borne attack that involves tricking the e-mail recipient into disclosing tip or downloading Malware by clicking on a hyperlink within the message.
A more sophisticated sort of phishing where the attacker learns about the victim and impersonates someone he or she knows and trusts.
Denial of Service attack or Distributed Denial of Service Attack (DDoS).
Where an attacker takes over many (perhaps thousands) of devices and uses them to invoke the functions of a target system, e.g. a website, causing it to crash from an overload of demand.
A data breach may be a cybersecurity incident of theft of knowledge by a malicious actor. Motives for data breaches include crime (i.e. identity theft), a desire to embarrass an establishment and espionage.
What is Cybersecurity Attack Surface?
Attack Surface is an application’s exposure, which incorporates all possible entry points, which could culminate in an exploit of a software bug or logical flow. After a successful attack, malicious actors can remain undetected in target infrastructure for an extended period. A big part of the application security(appsec) program is devoted to reducing the attack surface in several ways, including security testing, defense-in-depth, and remediation of discovered vulnerabilities.
What is the Attack Vector?
The attack vector describes the way an attacker can trigger or reach the vulnerability during a product. Secunia Research classifies the attack vector as “Local system,” “From local network,”or” From remote.”
Local system describes vulnerabilities where the attacker is required to be an area user on the system to trigger the vulnerability.
From Local Network
A vulnerability count is added to every Secunia Advisory to point the number of vulnerabilities covered by the Secunia Advisory. Using this count for statistical purposes is more accurate than counting CVE identifiers. Using vulnerability counts is, however, also not ideal as this is often assigned per advisory. This suggests that one advisory may cover multiple products, but multiple advisories can also cover similar vulnerabilities within the same code-base shared across different applications and even different vendors.
From remote describes other vulnerabilities where the attacker isn’t required to possess access to the system or an area network to take advantage of the vulnerability. This category covers services that are acceptable to be exposed and reachable to the web (e.g., HTTP, HTTPS, SMTP). It also includes client applications used on the web and specific vulnerabilities where it’s reasonable to assume that a security-conscious user is often tricked into performing specific actions.
What is Application Security?
Application security involves implementing various defenses within all software and services used within a corporation against a good range of threats. It requires designing secure application architectures, writing secure code, implementing strong data input validation, threat modeling, etc. to attenuate the likelihood of any unauthorized access or modification of application resources.
Application Security’s goal is to guard an organization’s critical data from external threats employing a three-part strategy: to spot, fix, and stop security vulnerabilities of software. The underlying idea of Application Security, often shortened as AppSec, also has three definitive elements:
- Reduce attack surface and minimize risk throughout the SDLC and in existing applications
- Prevent new risks being introduced into the software
- Ensure compliance with any applicable regulations and standards
What is Identity Management and Data Security?
Identity management includes frameworks, processes, and activities that enable authentication and authorization of legitimate individuals to information systems within a corporation. Data security involves implementing strong information storage mechanisms that make sure the integrity of knowledge at rest and in transit.
What is Network Security?
Network security involves implementing both hardware and software mechanisms to guard the network and infrastructure from unauthorized access, disruptions, and misuse. Effective network security helps protect organizational assets against multiple external and internal threats.
What is Mobile Security?
Mobile security refers to protecting both organizational and private information stored on mobile devices like cell phones and tablets from various threats like Malware, unauthorized access, device loss or theft, improper usage.
What is Cloud Security?
Cloud security relates to designing secure cloud architectures and applications for an organization using various cloud service providers like AWS, Google, Azure, Rackspace, etc. “Capable” architecture and environment configuration ensure protection against various threats.
What are Disaster recovery and business continuity planning (DR&BC)?
DR&BC deals with processes, monitoring, alerts, and plans that help organizations steel oneself against keeping business-critical systems online during and after any disaster, also as resuming lost operations and systems after an event.
What is Authentication?
The verification mechanism or process used for entry into an application, also as answering your security questions so as to reset a password. Authentication is performed when requiring usernames and robust passwords to login on a site and restricting different sections on a site to certain sorts of users. Password strength and storage requirements, how your application manages sessions, and therefore the use of authentication protocols like FIDO and OAuth fall into the authentication umbrella.
What is Authorization?
The process of authorizing a user determines whether or not a selected user has the acceptable privileges to access specific resources. Once authentication is successful, i.e. a user has logged into a banking site, authorization processes must determine which areas of the appliance should be accessible to the present specific user.
Who is CISO – Chief Information Security Officer?
The CISO is liable for keeping an enterprise’s data and knowledge assets secure, and for keeping the organization compliant for applicable regulations around securing information.
What is Internet of Things (IoT)?
The network of everyday physical devices which are virtually connected online and exchange data between one another, allowing deeper integration between the physical and online worlds.
Dependent on the cloud, IoT has exploded within a previous couple of years thanks to the rapid adoption of mobile devices and applications, also as less valuable benefits the cloud provides for businesses with data to store and process.
What is Secure SDLC, or s-SDLC?
The SDLC is comprised of specific phases within a development process during which software is planned, designed, tested and deployed. A Secure SDLC may be a Life Cycle that embeds security processes and testing into each of its phases, which are typically divided into analysis and style, development, testing and implementation, and, eventually, deployment.
Fitting security activities into each area, while it can pose a challenge in fixing and ‘perfecting’, pays off quickly thanks to the quantity of your time and money saved by building security into the appliance and fixing bugs as soon as they arise.
What is Continuous Integration Security?
Continuous Integration (CI) may be a growing movement and a development practice requiring programmers to merge or integrate, their code multiple times each day with the common code repository. The most idea behind CI is to scale back the prices, time, and issues associated with the appliance build process by finding issues and fixing them as soon as possible during development. Automated build management tools, like build repositories, are heavily utilized in organizations deploying CI techniques.
Continuous integration has exploded in popularity within the development world, and intrinsically has posed serious opportunities also as an array of brand-new threats in how security is integrated and embedded within a corporation employing agile methods. By integrating security tools and processes into the CI SDLC, security activities are often administered at an equivalent pace then as not to burden the speedy CI environment. What is RASP, or Runtime Application Self-Protection?
An AppSec tool designed to protect an application in its running state, responding to suspicious activity by verifying that it is malicious and, if so, blocking it. RASP technologies, while relatively new to the industry, pose a significant advantage to WAF solutions by ‘listening in’ to how data is being processed in critical areas of an application, allowing an application using RASP to monitor it in real-time.
What is SAST, or Static Application Security Testing?
SAST analyzes application code for security vulnerabilities, reporting issues during development in order that system fixed before release. SAST tools are ready to integrate to CI/CD with moving parts throughout the event process, from the developer’s IDE (Integrated Development Environment) to tools used for build management and bug tracking, making it easier for security bugs to be treated more like quality bugs.
What is DAST – Dynamic Application Security Testing?
Also referred to as black-box testing, DAST analyzes the appliance in its’ running state, both pre-production and through an operation. Because DAST requires the code to be compiled, it can only happen at the newest stages of the build process. DAST tools are often great at finding vulnerabilities in an app’s live state, but fixing them is often costly in terms of your time and money, so it is best utilized in conjunction with other testing tools, including SAST, RASP, and WAF (all discussed later).
What is Vulnerability Management?
Vulnerability management may be a pro-active approach to managing network security by reducing the likelihood that flaws in code or design compromise the safety of an endpoint or network.
What is Pen Testing, or Penetration Testing?
A sort of manual security testing whose goal is to work out if an application is vulnerable to attack, and if so, which areas got to be fixed or hardened. Pen Testers will often use automated tools to assist them to attempt to force an entry into a system, very similar to the hackers they’re trying to mimic, but with the many different that pen testers are asked to try to do so.
What is False Negative alert?
An alert that ought to have happened, but didn’t, most ordinarily in regard to security testing. The risks of false negatives include a false sense of security also because of the incontrovertible fact that vulnerabilities that did not trigger the alarm go unmitigated.
What is False Positive alert?
An alert where an expected or allowed behavior or action is triggered as malicious or insecure. The many danger of false positives involves drowning out actual, legitimate alerts when rules aren’t correctly set.
What is Social engineering?
Social engineering is an attack vector that relies heavily on human interaction and sometimes involves manipulating people into breaking normal security procedures and best practices to realize access to systems, networks, or physical locations or for gain.
What is OWASP Top 10 list?
A list of the riskiest and most dangerous application security vulnerabilities, managed by the Open Web Application Security Project (OWASP) and widely adopted and discussed by the AppSec community and security industry at large.
The aim of the OWASP Top 10 is to boost awareness among organizations around the world about the potential risks of specific web application vulnerabilities and work towards getting more attention focused on application security.
What is Vulnerability?
Programmatic functions holding critical data in an insecure way. They’re holes which will allow malicious actor in, who can then siphon out any data discovered while inside the appliance. Caused by insecure code, vulnerabilities pose significant risks to organizations.
What is Zero-day Vulnerability?
A zero-day vulnerability, also referred to as zero-day, maybe a flaw within the software, hardware, or firmware that’s unknown to the party or parties liable for patching or fixing the flaw.
What is Exploit?
Malicious code that takes advantage of vulnerabilities to infect a computer or perform other harmful actions.
What is CVE – Common Vulnerabilities & Exposures?
The CVE, maintained by MITRE, maybe a dictionary of security vulnerabilities getting to provide one standard set of names for all known InfoSec issues. As against vulnerability databases, just like the National Vulnerability Database or the Open Source Vulnerability Database, CVE only offers a brief description of every vulnerability, providing references for further reading. Its purpose is to link the databases to every other and offer more of a springboard.
What is CWE – Common Weakness Enumeration?
A formal list of the foremost critical vulnerabilities found in software, targeted towards both developers and security professionals. Community developed and, just like the CVE, maintained by MITRE, the CWE is supposed to assist set the quality for terminology around security weaknesses and as a measure for tools and teams working to seek out and fix the weaknesses.
What is Client-Side Scripting?
Benefits include unloading a number of the burdens on your application’s server resources and reducing your bandwidth, while hazards include various security issues thanks to how various web browsers actually execute the scripts – including and particularly Cross-Site Scripting.
What is Server-Side Scripting?
Code is executed on the server before the info is shipped to the user’s browser, unlike client-side scripting where the code is often executed within the user’s browser itself. Server-side scripting uses PHP, Java, and C# mostly to write down code that runs on the server. A severe application to server-side scripting is with search engines, also as most general page displays.
What is Buffer Overflow?
One of OWASP’s Top 10 vulnerabilities, buffer overflows, leave exploitation, which will occur when more data is written to the block of memory than it can hold. The attack can change the application’s flow and allowing an overwrite of memory. If successful, a buffer overflow will allow the attacker to regulate, crash, or modify the method for his or her advantage.
What is SQL Injection, or SQLi?
A method of attacking websites by changing SQL statements by manipulation of the application’s input. SQL vulnerabilities arise when data from a user isn’t adequately filtered or sanitized, and remains became an SQL statement.
As the favorite risk on OWASP’s Top 10 of 2013, SQLi can pose significant threats to organizations, thanks to the possible exposure of knowledge that would be released through an SQLi attack, alongside the attacks pure nature. Proper mitigation, including whitelisting and sanitizing input, are highly recommended to discourage attacks caused by SQLi.
What is XSS, Cross-Site Scripting?
An injection attack, XSS occurs when a malicious client-side script is injected into sites that otherwise are trustworthy. XSS vulnerabilities are often found on around 70% of web apps, and around 95% of these might be used for malicious drive-by attacks.
XSS attacks cash in of the very fact that the user’s browser doesn’t know which scripts are unsafe, allowing the malicious script access to sensitive information stored on the client-side.
What is Malware?
Malware may be a program designed to realize access to computer systems, generally for the advantage of some third party, without the user’s permission. Malware includes computer viruses, worms, Trojan horses, ransomware, spyware, and other malicious programs.
What is Malware on Mobile Apps?
Mobile devices are susceptible to malware attacks a bit, like other computing hardware. Attackers may embed Malware in app downloads, mobile websites or phishing e-mails and text messages. Once compromised, a mobile device can give the malicious actor access to non-public information, location data, financial accounts, and more.
What kind of Malware exist?
A Virus may be a malicious executable code attached to a different executable file. The virus spreads when an infected file is passed from system to system. Viruses are often harmless or they will modify or delete data. Opening a file can trigger an epidemic. Once a program virus is active, it’ll infect other programs on the pc.
Worms replicate themselves on the system, attaching themselves to different files and searching for pathways between computers, like network that shares common file storage areas. Worms usually hamper networks. An epidemic needs a number program to run but worms can travel by themselves. After a worm affects a number, it’s ready to spread very quickly over the network.
Its purpose is to steal private information from a computing system for a 3rd party. Spyware collects information and sends it to the hacker.
A computer virus is Malware that carries out malicious operations under the looks of the desired operation like playing a web game. A computer virus varies from an epidemic because the Trojan binds itself to non-executable files, like image files, audio files.
A slag code may be a computer virus that uses a trigger to activate the malicious code. The slag code remains non-functioning until that trigger event happens. Once triggered, a slag code implements a malicious code that causes harm to a computer. Cybersecurity specialists recently discovered logic bombs that attack and destroy the hardware components during a workstation or server including the cooling fans, hard drives, and power supplies. The slag code overdrives these devices until they overheat or fail.
Ransomware grasps a computing system or the info it contains until the victim makes a payment. Ransomware encrypts data on the pc with a key which is unknown to the user. The user has got to pay a ransom (price) to the criminals to retrieve data. Once the quantity is paid the victim can resume using his/her system.
A backdoor bypasses the standard authentication wont to access a system. The backdoor aims to grant the cybercriminals future access to the system, albeit the organization fixes the first vulnerability wont to attack the system.
A rootkit modifies the OS to form a backdoor. Attackers then use the backdoor to access the pc distantly. Most rootkits cash in of software vulnerabilities to switch system files.
Keylogger records everything the user types on a keyboard to get passwords and other sensitive information and send them to the malicious actor.