Saturday, November 22, 2014

Dictionary - Cyber Security

Commonly used terms in the cyber security



Term
Definition
Access Points
Access Points or Wireless Access Points are communication devices on wireless local area networks (WLANs). Access points act as a central transmitter and receiver of wireless radio signals.

ACK
Acknowledge the receipt of a packet.

Active Directory Database
Active Directory is a special-purpose database — it is not a registry replacement. The directory is designed to handle a large number of read and search operations and a significantly smaller number of changes and updates. Active Directory data is hierarchical, replicated, and extensible. Because it is replicated, therefore do not store dynamic data, such as corporate stock prices or CPU performance. If your data is machine-specific, store the data in the registry. Typical examples of data stored in the directory include printer queue data, user contact data, and network/computer configuration data.
The Active Directory Database is normally divided into several section. As a basic principle, these sections are called Partitions or Naming Contexts .
There are three different types of standard partitions: Schema, Configuration, Domain Name Context.

Advance Persistent Threat
An advanced persistent threat is a network attack in which an unauthorized person gains access to a network and stays there undetected for a long period of time. An advanced persistent threat (APT) is a set of stealthy and continuous hacking processes, often orchestrated by human(s) targeting a specific entity. The advanced process signifies sophisticated techniques using malware to exploit vulnerabilities in systems.

AES
Advanced Encryption Standard is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001

AJAX Endpoints
AJAX endpoint is a module dedicated for general AJAX use.

Amap
Amap is a tool for determining what application is listening on a given port.

Anomaly Detection
Anomaly detection (or outlier detection) is the identification of items, events or observations which do not conform to an expected pattern or other items in a dataset. Anomaly means something that deviates from what is standard, normal, or expected.

Attack Vector

An attack vector is a path or means by which a hacker (or cracker) can gain access to a computer or network server in order to deliver a payload or malicious outcome.

 

Batch Files
In DOS, OS/2, and Windows, a batch file is a type of script file, a text file containing a series of commands to be executed by the command line interpreter. Instead of typing the same commands over and over, you can simply double-click the batch file.

Banner Grabbing
Banner Grabbing or OS fingerprinting is the method to determine the running OS on a remote target system.This is of two types: Active and Passive.

BEA web logic
BEA Weblogic now Oracle WebLogic Server is a J2EE Application Server. It is used to host webpages from simple types to secured webpages. It consists lot of built-in containers, options etc.. which is used to achieve this. It is where all our JSP's, Servlets, EJB's etc.. are deployed. Advanced concepts like load balancing, clustering etc.. are also supported by weblogic.

Botnet
A botnet is a collection of Internet-connected programs communicating with other similar programs in order to perform tasks. This can be as mundane as keeping control of an Internet Relay Chat (IRC) channel, or it could be used to send spam email or participate in distributed denial-of-service attacks.

BSSID
BSSID( basic service set identification) is  the MAC address of access point, One access point can have many SSID profiles.

CGI
Common Gateway Interface (CGI) is a standard method used to generate dynamic content on WebPages and web applications. CGI, when implemented on a web server, provides an interface between the Web server and programs that generate the web content. These programs are known as CGI scripts or simply CGIs; they are usually written in a scripting language, but can be written in any programming language.

CGI Scanner
Automated security program that searches for well-known vulnerabilities in web servers and off-the-shelf web application software. Often CGI Scanners are not very “stateful” in their analysis and only test a series HTTP requests against known CGI strings.
Checksum
A checksum or hash sum is a small-size datum from an arbitrary block of digital data for the purpose of detecting errors which may have been introduced during its transmission or storage. It is usually applied to an installation file after it is received from the download server.

Cipher
In cryptography, a cipher (or cypher) is an algorithm for performing encryption or decryption—a series of well-defined steps that can be followed as a procedure. An alternative, less common term is encipherment. To encipher or encode is to convert information from plain text into cipher or code.

Click Jacking
Click jacking (User Interface redress attack, UI redress attack, UI redressing) is a malicious technique of tricking a web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous  web pages. It is a browser security. A click jack takes the form of embedded code or a script that can execute without the user's knowledge, such as clicking on button that appears to perform another function. The term "click jacking" was coined by Jeremiah Grossman and Robert Hansen in 2008.

Client Validation
In the Client Side Validation you can provide a better user experience by responding quickly at the browser level. When you perform a Client Side Validation, all the user inputs validated in the user's browser itself. Client Side validation does not require a round trip to the server, so the network traffic which will help your server perform better. This type of validation is done on the browser side using script languages such as JavaScript, VBScript or HTML5 attributes.
For example, if the user enter an invalid email format, you can show an error message immediately before the user move to the next field, so the user can correct every field before they submit the form. Mostly the Client Side Validation depends on the JavaScript Language, so if users turn JavaScript off, it can easily bypass and submit dangerous input to the server . So the Client Side Validation cannot protect your application from malicious attacks on your server resources and databases.

Collision Domains
A collision domain is a section of a network where data packets can collide with one another when being sent on a shared medium or through repeaters, particularly when using early versions of Ethernet. A network collision occurs when more than one device attempts to send a packet on a network segment at the same time.

Configuration Partition

This part of the Active Directory Database contains important information about the structure of the Active Directory forest itself. E.g. AD sites and their site links are determined here. Other systems, like e.g. Exchange or PKI store information about their configuration .
Cookie Snooping
Cookie snooping is when an attacker finds a cookie, is able to decode it. Cookie Snooping Attacker decodes user credentials: Attacker can log on as user and gain access to unauthorized information.

Cross site Request Forgery
Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF (sometimes pronounced sea-surf ) or XSRF, is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts. CSRF is an attack which forces an end user to execute unwanted actions on a web application in which he/she is currently authenticated. With a little help of social engineering (like sending a link via email/chat), an attacker may trick the users of a web application into executing actions of the attacker's choosing. If the targeted end user is a normal user, a successful CSRF attack can compromise sensitive data. If the targeted end user is the administrator account, this type of attack can compromise the entire web application.

Cross Site Scripting
Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.
An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page.

Cryptanalysis

Cryptanalysis refers to the study of ciphers, ciphertext, or cryptosystems (that is, to secret code systems) with a view to finding weaknesses in them that will permit retrieval of the plaintext from the ciphertext, without necessarily knowing the key or the algorithm.

 

Cryptovirology
Cryptovirology is a field that studies how to use cryptography to design powerful malicious software. The field was born with the observation that public key cryptography can be used to break the symmetry between what a malware analyst sees regarding malware and what the malware creator sees. The former sees a public key in the malware whereas the latter sees the public key as well as the corresponding private key since the malware designer created the key pair for the attack. The public key allows the malware to perform trapdoor one-way operations on the victim's computer that only the malware creator can undo.
The first attack that was identified in the field is called "cryptoviral extortion". In this attack a virus, worm or trojan hybrid encrypts the victim's files and the victim must pay the malware author to receive the needed session key (which is encrypted under the malware creator's public key that is contained in the malware). The victim needs the session key if the files are needed and there are no backups of them.

DALnet IRC Network
DALnet is an Internet Relay Chat (IRC) network that is populated by a stable population of around 14,000 users in about 7,000 channels, with 33 servers making up the network. DALnet is accessible by connecting with an IRC client to an active DALnet server on ports 6660 through 6669, and 7000. SSL users can connect on port 6697.
Difference between Network and Peer to Peer (p2p) sharing
A peer-to-peer network has no central server. Each workstation on the network shares its files equally with the others. There’s no central storage or authentication of users. Conversely, there are separate dedicated servers and clients in a client/server network. Through client workstations, users can access most files, which are generally stored on the server. The server will determine which users can access the files on the network.

Peer-to-peer networks should be installed in homes or in very small businesses where employees interact regularly. They are inexpensive to set up (comparatively speaking); however, they offer almost no security. On the other hand, client/server networks can become as big as you need them to be. Some support millions of users and offer elaborate security measures. As you can imagine, client/server networks can become very expensive.

Direct Sequence Spread Spectrum
In telecommunications, direct-sequence spread spectrum (DSSS) is a modulation technique. As with other spread spectrum technologies, the transmitted signal takes up more bandwidth than the information signal that modulates the carrier or broadcast frequency.

Directory Enumeration
Forced browsing is an attack where the aim is to enumerate and access resources that are not referenced by the application, but are still accessible. An attacker can use Brute Force techniques to search for unlinked contents in the domain directory, such as temporary directories and files, and old backup and configuration files. These resources may store sensitive information about web applications and operational systems, such as source code, credentials, internal network addressing, and so on, thus being considered a valuable resource for intruders.
This attack is performed manually when the application index directories and pages are based on number generation or predictable values, or using automated tools for common files and directory names.
This attack is also known as Predictable Resource Location, File Enumeration, Directory Enumeration, and Resource Enumeration.

Directory Traversals
Directory traversal is an HTTP exploit which allows attackers to access restricted directories and execute commands outside of the web server’s root directory.

DMZ
In computer security, a DMZ or demilitarized zone (sometimes referred to as a perimeter network) is a physical or logical sub network that contains and exposes an organization's external-facing services to a larger and untrusted network, usually the Internet.
DNS
Short for Domain Name System (or Service or Server), an Internet service that translates domain names into IP addresses

DOM
Document Object Model (DOM) is a cross-platform and language-independent convention for representing and interacting with objects in HTML, XHTML and XML documents. The nodes of every document are organized in a tree structure, called the DOM tree.

Domain Name Context
The 'normal' objects of a domain are stored here, e.g: User, contacts, groups, printer objects, organizational units et.

Dumpster Diving
Dumpster diving  is the process of looking into the organization's trash for discarded sensitive information.

Enumeration
Enumeration is a computing activity in which usernames and info on groups, shares, and services of network computers are retrieved. It should not be confused with network mapping, which only retrieves information about which servers are connected to a specific network and what operating system run on them.
Network Enumeration is the discovery of hosts/devices on a network, they tend to use overt discovery protocols such as ICMP and SNMP to gather information, they may also scan various ports on remote hosts for looking for well known services in an attempt to further identify the function of a remote host. The next stage of enumeration is to fingerprint the operating system of the remote host.

Exploits
An exploit is a piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic.

False Positive
The term false positive is used when antivirus/ spyware/ security scanner wrongly classifies an innocuous file as a virus or vulnerability. The incorrect detection may be due to heuristics or to an incorrect virus signature in a database.

File Enumeration
A file/parameter enumeration attack is a combination of Forceful browsing and  Parameter Tampering used to access parts of the application which are not normally exposed to the public, such as an old version, "disabled" components and new components which are under development. File/parameter enumeration is a common technique used to search for suspicious files and parameter values in order to detect their existence or validity. Using this technique, it is possible to map additional parts of the application, which are not normally exposed to the public.

FIN
Finish- there will be no more transmissions.
Firewall
Firewall is a network security system that controls the incoming and outgoing network traffic based on applied rule set. A firewall establishes a barrier between a trusted, secure internal network and another network (e.g., the Internet) that is assumed not to be secure and trusted.

Form Grabber
A form grabber is a type of malware that captures data such as IDs and passwords from browser forms. The target of a form grabber is the user’s Internet banking information. A form grabber is a type of malware that captures private information, like usernames and passwords, directly from a Web browser form or page. It gains access to a victim’s computer much like a Trojan horse or even a Web browser add-on or toolbar. Once it runs on an infected machine, the form grabber records information entered into the form based on the form creator's specifications. The form data is then stored and later transmitted to a specific server.

Frequency Hoping Spread
Frequency-hopping spread spectrum (FHSS) is a method of transmitting radio signals by rapidly switching a carrier among many frequency channels, using a pseudorandom sequence known to both transmitter and receiver.

Greasmonkey
Greasemonkey is a Mozilla Firefox Extension that allows users to install scripts that make on-the-fly changes to web page content after or before the page is loaded in the browser (also known as augmented browsing). The changes made to the web pages are executed every time the page is viewed, making them effectively permanent for the user running the script.
Greasemonkey can be used for customizing page appearance, adding new functions to web pages (for example, embedding price comparisons within shopping sites), fixing rendering bugs, combining data from multiple web pages, and numerous other purposes.
Hactivism
Hacktivism is an act of promoting a political agenda by hacking, specially by defacing or disabling the websites. Hactivism is motivated by revenge, politcal or social reasons, ideology, vandalism etc. Person who odes these things known as Hacktivist.
Hash Injection
Pass the hash is a hacking technique that allows an attacker to authenticate to a remote server/service by using the underlying NTLM and/or LanMan hash of a user's password, instead of requiring the associated plaintext password as is normally the case.
After an attacker obtains a valid user name and user password hashes values (somehow, using different methods and tools), they are then able to use that information to authenticate to a remote server/service using LM or NTLM authentication without the need brute-force the hashes to obtain the cleartext password (as it was required before this technique was published). The attack exploits an implementation weakness in the authentication protocol in that the password hashes are not salted, and therefore remain static from session to session until the password is next changed.This technique can be performed against any server/service accepting LM or NTLM authentication, whether it is running on a machine with Windows, Unix, or any other operating system.
Honeypots
Honeypot is a trap set to detect, deflect, or, in some manner, counteract attempts at unauthorized use of information systems.
Hop
In telecommunication, a hop is a portion of a signal's journey from source to receiver.
HTML Injection
Hypertext Markup Language (HTML) injection, also sometimes referred to as virtual defacement, is an attack on a user made possible by an injection vulnerability in a web application. When an application does not properly handle user supplied data, an attacker can supply valid HTML, typically via a parameter value, and inject their own content into the page.
This attack is typically used in conjunction with some form of social engineering, as the attack is exploiting a code-based vulnerability and a user's trust.

ICMP
Internet Control Message Protocol (ICMP) is one of the main protocols of the Internet Protocol Suite. It is used by network devices, like routers, to send error messages indicating, for example, that a requested service is not available or that a host or router could not be reached.


ICMP Scanning
ICMP scanning or ping sweep is the process of sending an ICMP request or ping to all hosts on the network to determine which one is up.

IDS
Intrusion Detection System is a device or software application that monitors network or system activities for malicious activities or policy violations and produces reports to a management station.
IEEE 802.11
IEEE 802.11 is a set of media access control (MAC) and physical layer (PHY) specifications for implementing WLAN computer communication in the 2.4, 3.6, 5 and 60GHz frequency bands.
IP Fragmentation
IP fragmentation is the process of breaking up a single Internet Protocol (IP) datagram into multiple packets of smaller size.
IPS
Intrusion Prevention System- also known as intrusion detection and prevention systems (IDPS), are network security appliances that monitor network and/or system activities for malicious activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it.
ISN
Initial Sequence Number
ISM Band
The industrial, scientific and medical (ISM) radio bands are radio bands(portions of the radio spectrum) reserved internationally for the use of radio frequency(RF) energy for industrial, scientific and medical purposes other than telecommunications.
ISP
An Internet service provider (ISP) is an organization that provides services for accessing, using, or participating in the Internet.

Kerberos
Kerberos /ˈkɛərbərəs/ is a computer network authentication protocol which works on the basis of 'tickets' to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner.

LDAP
Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network.
LM Hash
LM hash, LanMan hash, or LAN Manager hash is a compromised password hashing function that was the primary hash that Microsoft LAN Manager and Microsoft Windows versions prior to Windows NT used to store user passwords.
Malvertising
Malvertising (from "malicious advertising") is the use of online advertising to spread malware. Malvertising involves injecting malicious or malware laden advertisements into legitimate online advertising networks and webpages.

Metasploits
The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. The Metasploit Project is well known for its anti-forensic and evasion tools, some of which are built into the Metasploit Framework
MIC`
Message Integrity Check (MIC), is a security improvement for WEP encryption found on wireless networks. The check helps network administrators avoid attacks that focus on using the bit-flip technique on encrypted network data packets. Unlike the older ICV (Integrity Check Value) method, MIC is able to protect both the data payload and header of the respective network packet.
MITM Vulnerability
The man-in-the-middle attack (often abbreviated MITM, MitM, MIM, MiM, MITMA) in cryptography and is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. The attacker must be able to intercept all messages going between the two victims and inject new ones, which is straightforward in many circumstances (for example, an attacker within reception range of an unencrypted wi-fi access point, can insert himself as a man-in-the-middle).

NetBIOS
NetBIOS is an acronym for Network Basic Input/Output System. It provides services related to the session layer of the OSI model allowing applications on separate computers to communicate over a local area network. As strictly an API, NetBIOS is not a networking protocol.

NetCat
Netcat is a computer networking service for reading from and writing to network connections using TCP or UDP.

Network Hijacking
Hijacking is a type of network security attack in which the attacker takes control of a communication.

Obscurity
A thing that is unclear or difficult to understand. In security engineering, security through obscurity is the use of secrecy of design or implementation to provide security. Security through obscurity is discouraged and not recommended by standards bodies.

Orthogonal Frequency

Orthogonal frequency-division multiplexing (OFDM) is a method of encoding digital data on multiple carrier frequencies. Orthogonal frequency-division multiplexing (OFDM) is a method of digital modulation in which a signal is split into several narrowband channels at different frequencies.

Paranoid Policy
In Paranoid Policy everything is forbidden
Paros Proxy
Testing tool for  security and vulnerability testing. Paros can be used to spider/crawl the entire website, and then execute canned vulnerability scanner tests. But Paros goes beyond that, it comes with a built in utility that can proxy traffic. This Paros Proxy utility can be used to tamper or manipulate any http or https traffic on the fly. This makes some of the more interesting security types of testing. It will help you isolate potential area's of security concern and then manual attempt to perform the type of testing you desire.
Paros also comes with a built in Session ID analyzer. It will display a graph of all the types of Session ID's it has been presented with using a multiple threaded session initiator. You then can determine if the graph appears random enough for the Session ID.
Path Traversal
A Path Traversal attack aims to access files and directories that are stored outside the web root folder. By browsing the application, the attacker looks for absolute links to files stored on the web server. By manipulating variables that reference files with “dot-dot-slash (../)” sequences and its variations, it may be possible to access arbitrary files and directories stored on file system, including application source code, configuration and critical system files, limited by system operational access control. The attacker uses “../” sequences to move up to root directory, thus permitting navigation through the file system.
This attack can be executed with an external malicious code injected on the path, like Resource Injection attack. To perform this attack it’s not necessary to use a specific tool; attackers typically use a spider/crawler to detect all URLs available.
This attack is also known as “dot-dot-slash”, “directory traversal”, “directory climbing” and “backtracking”.

Payloads
In computer security, payload refers to the part of malware which performs a malicious action.

Permissive Policy
In Permissive Policy, majority of Internet Traffic is accepted but several known attacks or dangerous serves are blocked.

PMK
Pairwise Master Key
PU
Port Unreachable
PSH
Push-send buffered data immediately.
Probe Packets
The probe packet is a TCP segment for the connection with no data.
Promiscuous Policy
In Promiscuous Policy, there is no restriction on Internet Access.
Prudent Policy
Prudent Policy starts with services blocked. Administrator enables necessary and safe services individually.

TKIP
Temporal Key Integrity Protocol
PTK
Pairwise Transient Key
Rainbow
A rainbow table is a precomputed table for reversing cryptographic hash functions, usually for cracking password hashes. Tables are usually used in recovering a plaintext password up to a certain length consisting of a limited set of characters.
RC4
In cryptography, RC4 (also known as ARC4 or ARCFOUR) is the most widely used software stream cipher and is used in popular protocols such as Transport Layer Security (TLS) (to protect Internet traffic) and WEP (to secure wireless networks).
RST
Reset- Resets a connection
Reverse bytes order increments

Reverse DNS Lookup

Schema Configuration
The design of the Active Directory database is determined in the schema, i.e. definitions of object classes (e.g. user, contact, group etc.) and their attributes (e.g. displayName, streetAddress, mailNickName etc.). These definitions can be customized for additional tasks: The so-called schema extension.

Server side validation
In the Server Side Validation, the input submitted by the user is being sent to the server and validated using one of server side scripting languages such as ASP.Net, PHP etc. After the validation process on the Server Side, the feedback is sent back to the client by a new dynamically generated web page. It is better to validate user input on Server Side because you can protect against the malicious users, who can easily bypass your Client Side scripting language and submit dangerous input to the server.
Session Fixation
Session Fixation is an attack that permits an attacker to hijack a valid user session. The attack explores a limitation in the way the web application manages the session ID, more specifically the vulnerable web application. When authenticating a user, it doesn’t assign a new session ID, making it possible to use an existent session ID. The attack consists of obtaining a valid session ID (e.g. by connecting to the application), inducing a user to authenticate himself with that session ID, and then hijacking the user-validated session by the knowledge of the used session ID. The attacker has to provide a legitimate Web application session ID and try to make the victim's browser use it.
The session fixation attack is a class of session Hijacking, which steals the established session between the client and the Web Server after the user logs in. Instead, the Session Fixation attack fixes an established session on the victim's browser, so the attack starts before the user logs in. here are several techniques to execute the attack; it depends on how the Web application deals with session tokens. Below are some of the most common techniques:
• Session token in the URL argument: The Session ID is sent to the victim in a hyperlink and the victim accesses the site through the malicious URL.
• Session token in a hidden form field: In this method, the victim must be tricked to authenticate in the target Web Server, using a login form developed for the attacker. The form could be hosted in the evil web server or directly in html formatted e-mail.
• Session ID in a cookie: client-side script
Most browsers support the execution of client-side scripting. In this case, the aggressor could use attacks of code injection as the XSS (Cross-site scripting) attack to insert a malicious code in the hyperlink sent to the victim and fix a Session ID in its cookie. Using the function document.cookie, the browser which executes the command becomes capable of fixing values inside of the cookie that it will use to keep a session between the client and the Web Application.
o <META> tag
<META> tag also is considered a code injection attack, however, different from the XSS attack where undesirable scripts can be disabled, or the execution can be denied. The attack using this method becomes much more efficient because it's impossible to disable the processing of these tags in the browsers.
o HTTP header response
This method explores the server response to fix the Session ID in the victim's browser. Including the parameter Set-Cookie in the HTTP header response, the attacker is able to insert the value of Session ID in the cookie and sends it to the victim's browser.

Session Hijacking
In computer science, session hijacking, sometimes also known as cookie hijacking is the exploitation of a valid computer session—sometimes also called a session key—to gain unauthorized access to information or services in a computer system.
SML
Standard ML (SML) is a general-purpose, modular, functional programming language with compile-time type checking and type inference.
Spearphishing
Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. Attackers use tactics like sender impersonation and anti virus evasion techniques.

Smurf Attacks

 

SSID
Service Set Identifier (SSID) - a series of 0 to 32octets. It is used as a unique identifier for a wireless LAN. Since this identifier must often be entered into devices manually by a human user, it is often a human-readable string and thus commonly called the "network name
Steganography
Steganography is the process of hiding the data behind images or sound files.
Subterfuge
Deceit used in order to achieve one's goal
SYN
Synchronize- initiates a connection between hosts
Tunneling

TSR
In computers, a terminate and stay resident program (TSR) is a computer program that uses a system call in DOS operating system to return control of the computer to the operating system, as though the program has quit, but stays resident in computer memory so it can be reactivated by a hardware or software interrupt. This technique partially overcame DOS operating systems' limitation of executing only one program, or task, at a time. TSR is unique to DOS and not used in Windows. Some terminate and stay resident programs were utility programs that a computer user might call up several times a day, while working in another program, using a hotkey.
UDDI
Universal Description, Discovery and Integration (UDDI) is a directory service where businesses can register and search for Web services. It is a platform independent , extensible markup language (XML)-based registry by which businesses worldwide can list themselves on the Internet, and a mechanism to register and locate web service applications. UDDI is an open industry initiative, sponsored by the Organization for the Advancement of Structured Information Standards (OASIS), for enabling businesses to publish service listings and discover each other, and to define how the services or software applications interact over the Internet.
URG
Urgent- Data contained in the packed should be processed immediately.
Web scarab
WebScarab is a framework for analyzing applications that communicate using the HTTP and HTTPS protocols. It is written in Java, and is thus portable to many platforms. WebScarab has several modes of operation, implemented by a number of plugins. In its most common usage, WebScarab operates as an intercepting proxy, allowing the operator to review and modify requests created by the browser before they are sent to the server, and to review and modify responses returned from the server before they are received by the browser. WebScarab is able to intercept both HTTP and HTTPS communication. The operator can also review the conversations (requests and responses) that have passed through WebScarab.
Web Server Banner
In the context of Computer Networking, Banner Grabbing is an enumeration technique used to glean information about computer systems on a network and the services running its open ports. Administrators can use this to take inventory of the systems and services on their network.. An intruder however can use banner grabbing in order to find network hosts that are running versions of applications and operating systems with known exploits.
Some examples of service ports used for banner grabbing are those used by Hyper Text Transfer Protocol (HTTP), File Transfer Protocol (FTP), and Simple Mail Transfer Protocol (SMTP); ports 80, 21, and 25 respectively. Tools commonly used to perform banner grabbing are Telnet, which is included with most operating systems, and Netcat
For example one could establish a connection to a target host running a web service with netcat, then send a bad html request in order to get information about the service on the host.

WEP
Wired Equivalent Privacy (WEP) is a security algorithm for IEEE 802.11 wireless networks. Introduced as part of the original 802.11 standard ratified in September 1999, its intention was to provide data confidentiality comparable to that of a traditional wired network.

WinVNC
WinVNC is a VNC server that will allow you to view your Windows desktop from any VNC viewer

WPA
Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2) are two security protocols and security certification programs developed by the Wi-Fi Alliance to secure wireless computer networks.

WSDL
WSDL stands for Web Services Description Language. WSDL is a language for describing web services and how to access them. WSDL is written in XML

XPATH
XPath, the XML Path Language, is a query language for selecting nodes from an XML document. In addition, XPath may be used to compute values (e.g strings, numbers, or Boolean values) from the content of an XML document. XPath was defined by the World Wide Web Consortium(W3C).

XST
A Cross-Site Tracing (XST) attack involves the use of Cross Site Scripting (XSS) and the TRACE or TRACK HTTP methods. "TRACE allows the client to see what is being received at the other end of the request chain and use that data for testing or diagnostic information.", the TRACK method works in the same way but is specific to Microsoft's IIS web server. XST could be used as a method to steal user's cookies via Cross Site Scripting (XSS)even if the cookie has the "Httponly" flag set and/or exposes the user's Authorization header.

Zero Day Attack
A zero-day (or zero-hour or day zero) attack or threat is an attack that exploits a previously unknown vulnerability in a computer application or operating system, one that developers have not had time to address and patch.

Zombie
A 'bot' is a type of malware which allows an attacker to gain complete control over the affected computer. Computers that are infected with a 'bot' are generally referred to as 'zombies'. There are literally tens of thousands of computers on the Internet which are infected with some type of 'bot' and don't even realize it. Attackers are able to access lists of 'zombie' PC's and activate them to help execute DoS attacks against Web sites, host phishing attack Web sites or send out thousands of spam email messages. Should anyone trace the attack back to its source, they will find an unwitting victim rather than the true attacker.

Email Security

Your organization security is at substantial risk if you have not implemented email security policy. Daily we all receive emails which con...