Tags
A tag is a keyword or label that categorizes your question with other, similar questions.
Encryption is the process of transforming plaintext using a cipher to make it unreadable to anyone except those possessing the key.
SSL (Secure Sockets Layer) and/or TLS (Transport Layer Security)
the process of establishing the authenticity of a person or other entity. Not to be confused with authorization - defining access rights to resources.
Specific to the security of passwords: hashing, entropy, cracking, resets, lockouts, etc.
An application that is accessed over a network such as the Internet or an intranet using a browser.
Security of network infrastructure and network traffic. For questions about security of network equipment, topology, protocols, traffic, administration, and configuration. Related tags: [packet], [firewall], [network-scanners], [network-access-control].
A piece of data used in public key cryptography (specifically public key infrastructures) that contains identifying information (i.e. email address or web address), a hash of a public key, and a digital signature that authenticates the data in the certificate. For questions specifically about [x509], [certificate-authority], or [public-key-infrastructure], please use those tags.
Malware is any software application which subverts the will of the legitimate owner of a computer, by means of force or subterfuge, with or without personal or monetary gain on the part of the creator.
Cryptography is the practice and study of logical means used to achieve information confidentiality, integrity and authenticity. It covers, among other things, encryption (making some data unreadable except for those who know a given secret element, called a key), data hashing (in particular for password storage) and digital signatures (provable integrity and authenticity with non-repudiation).
A hash algorithm is a function which takes a variable size input and produces a fixed size output. The algorithm tries to make it difficult to predict the output for a given input, find two inputs with the same output, or reconstruct the input from the output.
Related to security concerns specific to the Microsoft Windows operating system itself. For security of applications that happen to be running on Windows, please use [appsec]. For the X Window System, please use [x11].
Securing Linux systems and applications; understanding Linux security features.
The attribute of a system that prevents the release of data to unauthorized individuals.
The ability or expectation of an individual or group to reveal information about themselves selectively or not at all.
Related to email protocols, clients, servers, content, and message format.
A web browser is an application which uses HTTP and related protocols to retrieve HTML and XML data from servers. As the web has become a critical source of information and communication, web browsers have become a critical component in information request, transfer and management.
Security aspects concerning code written in the programming language PHP which is often used for web applications.
Cross-Site Scripting: An attack method that involves injection of code or markup into a webpage. There are three major types of XSS: Reflected XSS, Stored XSS (aka persistent XSS) and DOM-based XSS (aka client side XSS).
Security for 802.11 wireless networks.
Definition: HTTP - the Hypertext Transfer Protocol - provides a standard for Web browsers and servers to communicate. The definition of HTTP is a technical specification of a network protocol that software must implement.
HTTP is an application layer network protocol built on top of TCP. HTTP clients (such as Web browsers) and servers communicate via HTTP request and response messages. The three main HTTP message types are GET, POST, and HEAD.
Questions tagged [Android] should focus on security of the operating system itself, or of Android-specific apps. Questions about Android that are not directly security-related should be asked at android.stackexchange.com.
The common name for the language used primarily for scripting in web browsers. It is not related to the Java language. Standardized as ECMAScript, its dialects/implementations include JavaScript and JScript.
This tag is applied to questions related to various VPN types such as PPTP or IPSec.
A man-in-the-middle attack (MiTM) is an attack against a communication protocol where the attacker relays and modifies messages in transit. The parties believe they are talking to each other directly, but in fact both are talking to each other via the attacker in the middle.
A public-key infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates. In cryptography, a PKI is an arrangement that binds public keys with respective user identities by means of a certificate authority (CA). There are three main categories of PKI: Web / SSL certs, corporate networks, and Government ID / ePassport.
The functions performed by the person or processes responsible for security of passwords on a given system.
The data, tools, and procedures which, when applied to a specific vulnerability, predictably violate the security design of a system.
An attempt to penetrate a system's security in an effort to evaluate the protections in place.
A Certificate Authority is the collection of hardware, software, and people responsible for issuing certificates in a hierarchical PKI. CAs may be public, as in SSL / TLS and government IDs, or private, as in corporate infrastructures. The primary responsibility of a public CA is to verify the identity of an applicant before issuing them a certificate.
OpenSSL is an open-source implementation of basic cryptographic primitives, X.509 certificate utilities, and SSL and TLS protocols.
An attempt to exploit a weakness in a system, either for nefarious or research reasons. Questions with this tag should be about designing, carrying out, or defending against the attack itself, rather than about the underlying weakness.
SSH (Secure shell) is a protocol for secure communication between computers to execute remote commands, transfer data and tunnel TCP connections.
Concerned with software or hardware firewalls
Security in mobile devices. Issues concerning regular cellphones, smartphones, tablet computers and other portable information devices all fit into this category. If your question is specific to one of the following, use it instead: [phone], [smartphone], [iphone], [ios], [windows-phone], [android].
A weakness or flaw in computer software and hardware which allows an attacker to take advantage of (exploit) a targeted system.
A computer virus is a program or piece of code that tends to be malicious and is loaded onto your computer without your knowledge and runs against your wishes.
Application security - Specific to security concerns for an application that are independent from the underlying operating system, or surrounding infrastructure. Pertains to the design / architecture, source code, patching and maintenance cycle, or deployment and configuration of this software.