Questions tagged [terminology]

For questions about names of attacks, vulnerabilities, concepts, etc.

Terminology is the study of terms and their use. This tag can be used for questions about the science of terms, as in particular subject.

For example:

  • Is the injection in a NoSQL database architecture also called SQL injection?

More information about terminology can be found here: https://en.wikipedia.org/wiki/Terminology

254 questions
168
votes
4 answers

What does it mean to "burn a zero-day"?

I noticed a comment on this answer where another user said ...but it requires risking burning a 0day, which people are not always all that willing to do. I did an Internet Search for the phrase "burning a 0day" (and similar permutations like 0…
YetAnotherRandomUser
  • 2,290
  • 2
  • 14
  • 20
82
votes
5 answers

What exactly is CTF and how can I as programmer prepare for a CTF with beginner-friendly people?

I reached out to an old friend of mine who was a terrific programmer back in my school days and he invited me to attend one of the CTF events with his university group. This group seems very beginner friendly and open to everyone, but I still fear…
MansNotHot
  • 823
  • 1
  • 7
  • 9
41
votes
3 answers

What is the meaning of Triage in Cybersec world?

I searched Google about this term, but the definitions that I found was related to the medical world, and nothing related to IT. I think that is some kind of procedure of documenting something maybe? Note that I heard this word for the first time in…
victor26567
  • 503
  • 4
  • 6
39
votes
3 answers

What is an SNI Hole?

Earlier today, Lone Learner asked Why is there no certificate error while visiting google.net although it presents a certificate issued to google.com? The accepted answer explains that the issue was caused by an SNI Hole. You've fallen into a "SNI…
Stevoisiak
  • 1,515
  • 1
  • 11
  • 27
33
votes
3 answers

What does "in-house hash function" mean?

In security news, I faced a new term related to hash functions: it is reported that the "in-house hash function" used in IOTA platform is broken (i.e. Curl-P hash function). You can find the complete paper introducing the vulnerability here. But I…
Questioner
  • 1,277
  • 2
  • 10
  • 14
31
votes
6 answers

What is the difference between a penetration test and a vulnerability assessment?

What is the difference between a penetration test and a vulnerability assessment? Why would you choose one over the other? What deliverables would you expect to receive and how would you rate the quality of them?
Sim
  • 1,227
  • 1
  • 13
  • 21
30
votes
6 answers

Difference between Privilege and Permission

I am a little confused on the contextual differences between permission and privilege from computer security perspective.Though I have read the definition of both the terms but it will be nice if someone can give me some practical example e.g. User…
Ali Ahmad
  • 4,784
  • 8
  • 35
  • 61
29
votes
3 answers

What is the difference between Exploit and Payload?

In computer security, we know that weak points in software are called vulnerabilities (if related to security). And once the vulnerability is found, theoretically it requires a piece of code as proof of concept (this is called an exploit). In this…
Akam
  • 1,327
  • 3
  • 14
  • 23
28
votes
3 answers

Secure Configuration of Ciphers/MACs/Kex available in SSH

Following on the heels of the previously posted question here, Taxonomy of Ciphers/MACs/Kex available in SSH?, I need some help to obtain the following design goals: Disable any 96-bit HMAC Algorithms. Disable any MD5-based HMAC Algorithms. Disable…
John
  • 1,009
  • 3
  • 11
  • 16
27
votes
6 answers

What do you call the entity seeking to be authenticated?

What do you call an entity seeking to be authenticated? Is there a single word or short phrase for it? What would you name a variable that represented the party asking to be authenticated?
ahoffer
  • 373
  • 3
  • 6
24
votes
4 answers

Why define CIA in security like this?

As we know CIA of the demand for security means: Confidentiality Integrity Availability I don't understand why define the "Integrity" and "Availability`, If we make a plaintext Confidentiality, the Integrity is a whole plaintext, this is the…
244boy
  • 935
  • 2
  • 6
  • 8
24
votes
2 answers

Why is it called cross-site scripting? (XSS)

Why is Cross-site scripting called Cross-site scripting? The term implies to me (a non-native English speaker) that there is some other web site involved that attacks your web site, but most of the time this is not the case, is it? (Hell, it doesn't…
oals
  • 349
  • 2
  • 4
24
votes
3 answers

What is a rootkit?

As a followup to "Tripwire - Is It Security Theater", I'm looking to get a better idea of what a rootkit is. To be more clear: What is a kernel module? What at high-level is the flow for how it's loaded, and why/what memory is of value? Do linux…
blunders
  • 5,052
  • 4
  • 28
  • 45
20
votes
6 answers

Correct terminology when describing password security to layman

I am writing a page for our website which describes the measures we take to keep our customer's information secure. On this page one section describes how we keep their passwords secure. We are using Secure Password Storage v2.0 which is an…
JCB
  • 311
  • 2
  • 5
18
votes
6 answers

What is the distinguishing point between a script kiddie and a hacker?

When I think of a script kiddie I think of someone who might barely research a tool then point it at a website - things like the recent question about LOIC come to mind when I think of that. A hacker (either black/white/grey), I imagine, is much…
cutrightjm
  • 1,714
  • 4
  • 18
  • 31
1
2 3
16 17