Glossary
Welcome to the course Glossary!
Here you will be able to find all the major terms used in our course and their definitions.
Navigate
by clicking the letters or use the search bar to look for a specific term.
| Term | Meaning | Lesson |
|---|---|---|
| A | ||
| A Key Pair | A private key and public key. Used in asymmetric encryption. |
2.1 7.3 |
| Alice, Bob & Eve | Side A of a correspondence, side B of a correspondence & the eavesdropper. | 2.1 |
| Anti-virus | Software designed to detect and destroy computer viruses. | 9.2 |
| Arp (address-resolution protocol) poisoning | Is a technique by which an attacker sends (spoofed) Address Resolution Protocol (ARP) messages onto a local area network. Generally, the aim is to associate the attacker's MAC address with the IP address of another host, such as the default gateway, causing any traffic meant for that IP address to be sent to the attacker instead. | 6.2 |
| ARPANET (Advanced Research Projects Agency Network) | An early packet-switching network and the first network to implement the TCP/IP protocol suite. | 9.1 |
| ASCII Table | Abbreviated from American Standard Code for Information Interchange, is a character encoding standard for electronic communication. | 2.3 |
| Asymmetric Encryption | A form of encryption where keys come in pairs. What one key encrypts, only the other can decrypt. It is called asymmetric encryption because the communicating parties, Alice and Bob, have asymmetric roles: one side can only encrypt, while only the other side can decrypt. |
2.3 7.3 |
| “ATBASH” Cipher | An ancient Biblical monoalphabetic substitution cipher originally used to encrypt the Hebrew alphabet. | 2.1 |
| Authenticator | The means used to confirm the identity of a user, that is, to perform digital authentication. | 4.3 |
| B | ||
| Backdoor Malware | A malware type that negates normal authentication procedures to access a system. As a result, remote access is granted to resources within an application, such as databases and file servers, giving perpetrators the ability to remotely issue system commands and update malware. | 9.1 |
| Base (g) | A prime number used in the DH key exchange. \(g\) is a chosen together with \(p\) (the modulus) so that if \(g\) is raised to all the powers between \(1\) and \(p-1\) and the resulting values are computed modulo \(p\), then they equall all the numbers between \(1\) and \(p-1\). Once chose, \(g\) (and its counterpart \(p\)) are public and universal. | 7.2 |
| Biometric Authentication | A security process that relies on the unique biological characteristics of an individual to verify that he is who is says he is. | 4.4 |
| Birthday Paradox | The counterintuitively high probability that in a set of randomly chosen people at least two will have the same birthday. | 3.2 |
| Block Cipher | A method of encrypting text (to produce ciphertext) in which a cryptographic key and algorithm are applied to a block of data (for example, 64 contiguous bits) at once as a group rather than to one bit at a time. | 2.4 |
| Brute Force Attack (Cipher) | Trying all the decryption possibilities until the ciphertext is successfully decrypted. | 2.2 |
| Brute Force Attack (Hash) | Trying all the possibilities for the origin until the given hash value is successfully produced. | 3.2 |
| Buffer | A region of a physical memory storage used to temporarily store data while it is being moved from one place to another. | 5.2 |
| Buffer Overflow | A vulnerability where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory. | 1.2 |
| C | ||
| Cache | A hardware or software mechanism that keeps the most frequently or recently used data readily availble for faster access. | 1.4 |
| Canary | Values that are placed between a buffer and control data on the stack to monitor buffer overflows. | 5.3 |
| Ciphertext | Encrypted plaintext. | 2.1 |
| Client | A desktop computer or workstation that is capable of obtaining information and applications from a server. | 8.1 |
| Code Injection Attack | A vulnerability where input is embedded, or "injected", into code, that is then executed as-is. | 1.2 |
| Collision | Two different digital objects that have the same hash value. | 3.2 |
| Collision Resistance (Collision Resistant) | An algorithm for which it is very time consuming to find collisions. | 3.2 |
| Cookies | Is a small piece of data sent from a website and stored on the user's computer by the user's web browser while the user is browsing. | 8.1 |
| Core War | A 1984 programming game created by D. G. Jones and A. K. Dewdney in which two or more battle programs (called "warriors") compete for control of a virtual computer. These battle programs are written in an abstract assembly language called Redcode. | 9.1 |
| Creeper | An experimental computer program written by Bob Thomas at BBN in 1971. Its original iteration was designed to move between DEC PDP-10 mainframe computers running the TENEX operating system using the ARPANET, with a later version by Ray Tomlinson designed to copy itself between computers rather than simply move. | 9.1 |
| Cryptographic Primitive | A cryptographic capability, or mechanism, that can be used by itself, and can also be used as a building block in a larger context. | 2.1 |
| Cryptography | Traditionally defined as the art of designing , analyzing and breaking ciphers. Modern cryptography also includes data integrity, digital signatures, secure communication protocols, and more | 2.1 |
| CSRF (Cross-Site Request Forgery) | Is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. | 8.3 |
| CSRF Token | Is a unique, secret, unpredictable value that is generated by the server-side application and transmitted to the client in such a way that it is included in a subsequent HTTP request made by the client. | 8.3 |
| CSS (Cascading StyleSheets) | Is a style sheet language used for describing the presentation of a document written in a markup language like HTML. | 8.1 |
| Cyber Warfare | The use of technology to attack a nation, causing comparable harm to actual warfare. | 1.3 |
| D | ||
| Data Link Layer | See Layer 2 | 6.1 |
| Data Theft | Stealing user's data or their ability to access their data (ransomware). | 9.1 |
| DDoS (Distributed Denial of Service) | DDoS attack is an attack method in which multiple clients flood a server with requests leading to it not being able to serve legitimate requests, or even crashing. Often, this sort of attack is put forth by hackers commandeering a computer zombie army: thousands of internet connected devices the hacker can call on at will. | 1.3 |
| DoS (Denial of Service) | Attacking servers in order to make them inaccessible to others, compromising availability. | 1.3 |
| DEP (Data Execution Prevention) | A security feature in computer operating systems which prevents memory from being both executable and writable. | 5.3 |
| DES (Data Encryption Standard) | A standardized civilian symmetric-key algorithm for the encryption of electronic data. | 2.1 |
| Design Vulnerability | A flaw in the way a system is designed; most commonly, an unconsidered usage. Also known as a logical vulnerability. | 1.2 |
| Dictionary Attack | An attempted illegal entry to a computer system that uses a list (dictionary) of common words as possible passwords. | 4.2 |
| Diffie Hellman Key Exchange | A two step procedure used by two parties in order to produce a shared secret key. The procedure was invented by Whitfield Diffie, Martin Hellman and Ralph Merkle. The procedure's security guarantees rest on the hardness of computing discrete logs. | 7.2 |
| Diffie Hellman Key Exchange Protocol | A method of securely exchanging cryptographic keys over a public channel. | 7.2 |
| Digital Signatures | A cryptographic primitive used to guarante the integrity of transmited messages. | 7.4 |
| Discrete Log | The mathematical operation of extracting the exponent from a given exponentiated number. When the exponentiated number was computed modulo some number, computing discrete logs becomes a hard problem. The security of the DH key exchange relies on the hardness of computing discrete logs. | 7.2 |
| DNS (Domain Name System) | A hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network that convert between names like tau.ac.il to IP addresses like 132.66.11.1 | 6.5 |
| DNS Poisoning | A type of attack that exploits vulnerabilities in the domain name system (DNS) to divert Internet traffic away from legitimate servers and towards fake ones. | 6.5 |
| Dynamic Signatures | Signing program behaviour, rather than form, by various heuristics. | 9.2 |
| E | ||
| End-to-End Encryption | A system of communication where only the communicating users can read the messages. In principle, it prevents potential eavesdroppers – including telecom providers, Internet providers, and even the provider of the communication service – from being able to access the cryptographic keys needed to decrypt the conversation. | 6.2 |
| Enigma | A German encryption device used in World War II to protect military communication. | 2.1 |
| Ethernet | A technology connecting computers together over wires in a local area network or LAN. | 6.1 |
| EV (Extended Verification) | Is a certificate that proves the legal entity of the owner and is signed by a Certificate Authority key. | 8.5 |
| Evil Maid Attack | An attack on an unattended device, in which an attacker with physical access alters it in some undetectable way so that they can later access the device, or the data on it. | 4.2 |
| Exploit | Leveraging a vulnerability to violate a system's security policy. | 1.3 |
| F | ||
| 2-Factor Authentication | A security process in which the user provides two different authentication factors to verify themselves to better protect both the user's credentials and the resources the user can access. | 4.1 |
| File Authentication (Authenticity) | Making sure that a copy of some digital object is identical to the original. | 3.1 |
| Firewall | A network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. | 6.7 |
| Firewall Policy | Defines how an organization's firewalls should handle inbound and outbound network traffic for specific IP addresses and address ranges, protocols, applications, and content types based on the organization's information security policies. | 6.7 |
| Forgery | Modifying a digital object and presenting it as the original. | 3.1 |
| Fraud Rate | The percentage of times an invalid user is accepted by the system. | 4.4 |
| Frequency Analysis | The study of letters or groups of letters contained in a ciphertext in an attempt to partially reveal the message. | 2.2 |
| H | ||
| Hacktivists | People that hack to advance their political agenda. | 1.3 |
| Hash Function | An algorithm that takes a digital object and produces a fingerprint that is resistant to forgery. | 3.1 |
| Hash Value (Fingerprint) | The result of a hash function (a short sequence that captures the "essence" of a digital object). | 3.1 |
| Headers | In a data packet sent via the Internet, the data (payload) are preceded by header information such as the sender's and the recipient's IP addresses, the protocol governing the format of the payload and several other formats. | 6.1 |
| HMAC (RFC 2104) | A standard MAC design for mixing the secret key \(k\) and a message \(M\) into a hash function \(H\), that does not have integration vulnerabilities like a vulnerability to length extension attacks. HMAC works well with any underlying cryptographic hash function. | 7.5 |
| HTML (HyperText Markup Language) | Is the standard markup language for documents designed to be displayed in a web browser. | 8.1 |
| HTTP (HyperText Transfer Protocol) | An application protocol for distributed, collaborative, hypermedia information systems. | 8.1 |
| HTTPS (secure HTTP) | Is an extension of the Hypertext Transfer Protocol (HTTP). It is used for secure communication over a computer network, and is widely used on the Internet. | 8.5 |
| Hybrid Digital Signatures | A digital signature scheme that operates on hashed messages (hence the hybridness). | 7.4 |
| HyperText | A software system that links topics on the screen to related information and graphics, which are typically accessed by a point-and-click method. | 8.1 |
| I | ||
| Identity Theft | Hijacking systems to impersonate users. | 9.1 |
| Implementation Vulnerability | A flaw in the way a system system is implemented; most commonly, a programming mistake. Also known as a technical vulnerability. | 1.2 |
| IMSI (International Mobile Subscriber Identity) Catcher | A telephone eavesdropping device used for intercepting mobile phone traffic and tracking location data of mobile phone users. | 4.3 |
| Information Disclosure | Extracting sensitive information that shouldn't be available otherwise, compromising data confidentiality. | 1.3 |
| Information Disclosure Vulnerability | When an application fails to properly protect sensitive and confidential information from parties that are not supposed to have access to the subject matter in normal circumstances. | 1.3 |
| Initialization Vector (IV) | An arbitrary value that can be used along with a secret key for data encryption. This value is changed between messages to ensure that similar messages encrypted by the same key produce different ciphertexts. | 2.3 |
| Insult Rate | The percentage of times a valid user is rejected by the system. | 4.4 |
| Integration Vulnerability | A vulnerability where components are insecurely combined. | 1.2 |
| Internet Protocol (IP) | The Internet Protocol (IP) is the principal communications protocol in the Internet protocol suite for relaying datagrams (message packets) across network boundaries. Its routing function enables internetworking, and essentially establishes the Internet. | 6.1 |
| IP Address | A numerical label assigned to each device connected to a computer network that uses the Internet Protocol for communication. | 6.1 |
| IP Address Spoofing | Is the creation of Internet Protocol (IP) packets with a false source IP address, for the purpose of impersonating another computing system. | 6.3 |
| IP Spoofing | Is the creation of Internet Protocol (IP) packets with a false source IP address, for the purpose of impersonating another computing system. | 6.3 |
| ISO (International Organization for Standardization) | ISO is an international standard-setting body composed of representatives from various national standards organizations. | 6.1 |
| J | ||
| JS (JavaScript) | Is a high-level, just-in-time compiled, object-oriented programming language that conforms to the ECMAScript specification. JavaScript has curly-bracket syntax, dynamic typing, prototype-based object-orientation, and first-class functions. | 8.1 |
| K | ||
| Kerckhoff’s Principle | Kerckhoffs's Principle, stated by Auguste Kerckhoffs in the late 19th century, states a fundamental requirement of any secure cryptosystem. It states that algorithms for cryptography that use the same cryptographic keys for both encryption of plaintext and decryption of ciphertext. | 2.5 |
| Key Distribution Problem | The problem of secretly exchainging a key inorder to establish a secure communication channel. This problem is accentuated in the context of the interent, where communicating parties can't easily meet. | 7.1 |
| Key Logging | The action of recording (logging) the keystrokes of a keyboard, typically covertly, so that person using the keyboard is unaware that what they type is being monitored. | 4.2 |
| L | ||
| Local Area Network | A local area network (LAN) is a computer network that interconnects computers within a limited area such as a residence, school, laboratory, university campus or office building. Ethernet and Wi-Fi are the two most common technologies in use for local area networks. | 6.1 |
| Layer 1 | The layer responsible for the transmission and reception of unstructured raw data between a device and a physical transmission medium. | 6.1 |
| Layer 2 | Provides node-to-node data transfer — a link between two directly connected nodes. It detects and possibly corrects errors that may occur in the physical layer. It defines the protocol to establish and terminate a connection between two physically connected devices. It also defines the protocol for flow control between them. | 6.1 |
| Layer 3 | Provides the functional and procedural means of transferring variable length data sequences (called packets) from one node to another connected in "different networks". | 6.1 |
| Layer 4 | Layer 4 refers to the fourth layer of the Open Systems Interconnection (OSI) Model, known as the transport layer. It provides the transparent transmission or transfer of data between end systems or (processes within hosts) and is responsible for end-to-end error recovery, as well as flow control. | 6.1 |
| libc (C Standard Library) | The standard library for the C programming language, as specified in the ISO C standard. | 5.4 |
| M | ||
| MAC (Medium Access Control) address | A MAC address is a unique identifier assigned to a network interface controller (NIC) for use as a network address in communications within a LAN. | 6.1 |
| MAC (Medium Access Control) Layer | See Layer 2 | 6.1 |
| MD5 (Message Digest 5) | An influential and popular hash function from 1991 by Ron Rivest (no longer secure). | 3.3 |
| Meltdown | A logical vulnerability on the hardware level, allowing rogue processes to read memory they aren't authorized to access. | 1.4 |
| Metamorphic Code | Code that when run outputs a logically equivalent version of its own code under some interpretation. | 9.2 |
| MitM (Man in the Middle) Attack | Is an attack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other. | 6.2 |
| Mode of Operation | An algorithm that uses a block cipher with a fixed block size to encrypt messages of arbitrary length. | 2.4 |
| Modulus \({(p)}\) | A prime number used in the DH key exchange, usually a large prime number. \(p\) is a chosen together with \(g\) (the base) so that if \(g\) is raised to all the powers between \(1\) and \(p-1\) and the resulting values are computed modulo \(p\), then they equall all the numbers between \(1\) and \(p-1\). Once chosen, \(p\) (and its base \(g\)) are public and universal. | 7.2 |
| Morris Worm | One of the first computer worms distributed via the Internet, and the first to gain significant mainstream media attention. It also resulted in the first felony conviction in the US under the 1986 Computer Fraud and Abuse Act. | 9.1 |
| N | ||
| Network Address Translation | A method of remapping one IP address space into another by modifying network address information in the IP header of packets while they are in transit across a traffic routing device. | 6.6 |
| NIC (Network Interface Card) | A computer hardware component that connects a computer to a computer network. | 6.1 |
| Network Layer | Provides the functional and procedural means of transferring variable length data sequences (called packets) from one node to another connected in "different networks". | 6.1 |
| Non-Resident Malware | A variant of computer related malicious software that exists exclusively as a computer memory-based artifact, e.g. in RAM. It does not write any part of its activity to the computer's hard drive. | 9.1 |
| O | ||
| One Time Pad | An encryption technique that cannot be cracked, but requires the use of a one-time pre-shared key the same size as, or longer than, the message being sent. | 2.3 |
| One Way Function | A function that is easy to compute (i.e. given an input, find its output), but hard to invert (i.e. given an output, find an input that produces it). | 3.2 |
| Operation Vulnerability | A flaw in the way the users interact with the system. Also known as social engineering: the psychological manipulation of people into performing actions or divulging confidential information. | 1.2 |
| P | ||
| Packets | A formatted unit of data carried by a packet-switched network. A packet consists of control information and user data, which is also known as the payload. | 6.1 |
| Pass-The-Hash Attack | A hacking technique that allows an attacker to authenticate to a remote server or service by using the underlying hash of a user's password, instead of requiring the associated plaintext password as is normally the case. | 4.2 |
| Phi (φ) | Used in RSA encryption, \(φ = {(p-1)}·{(q-1)}\) | 7.3 |
| Physical Layer | See Layer 1 | 6.1 |
| Plaintext | Ordinary readable text before being encrypted into ciphertext or after being decrypted. | 2.1 |
| Polymorphic Code | Code that uses a polymorphic engine to mutate while keeping the original algorithm intact. That is, the code changes itself each time it runs, but the function of the code (its semantics) will not change at all. | 9.2 |
| POST | Is a request method supported by HTTP used by the World Wide Web. By design, the POST request method requests that a web server accepts the data enclosed in the body of the request message, most likely for storing it. | 8.1 |
| Prime Factorization | The procedure of finding the prime factors of a composite number | 7.3 |
| Private Exponent \({(d)}\) | Used in RSA encryption, the number d solves the equation \(e·d = 1 {(mod φ)}\). | 7.3 |
| Privilege Escalation | Elevating permission from those of a regular user to those of an “admin” or “root”, compromising privilege separation. | 1.3 |
| Project Zero | A team of security analysts at Google tasked with finding and patching zero-day vulnerabilities before they can be exploited by hackers. | 1.3 |
| Promiscuous Mode | Is a mode for a wired network interface controller (NIC) or wireless network interface controller (WNIC) that causes the controller to pass all traffic it receives to the central processing unit (CPU) rather than passing only the frames that the controller is specifically programmed to receive. This mode is normally used for packet sniffing that takes place on a router or on a computer connected to a wired network or one being part of a wireless LAN. | 6.2 |
| Pseudo-Random Generator (PRG) | A deterministic procedure that maps a random seed to a longer pseudorandom string such that no statistical test can distinguish between the output of the generator and the uniform distribution. | 2.3 |
| Public Exponent \({(e)}\) | An arbitrary number \(e\) - that does not have common factors with \(φ\). Used in RSA encryption. | 7.3 |
| Public-Key Encryption | (Asymmetric cryptography) A cryptographic system that uses a key pair: a public key, which is disseminated widely, and a private key, which is known only to the party that produced the key pair. The public key is used for encryption and the private key is used for decryption. The concept of public key cryptography was first introduce in Diffie and Hellman's 1976 seminal paper. A concret construction was introduced in 1977 by the RSA team. | 7.3 |
| Public Modulus \({(n)}\) | Used in RSA encryption, the public modulus \(n\) is the product of 2 large, random, prime numbers called \(p\) and \(q\). | 7.3 |
| Q | ||
| Quine | A computer program which takes no input and produces a copy of its own source code as its only output. | 9.1 |
| R | ||
| Reaper | The first anti-virus software. It was created by Ray Tomlinson to move across the ARPANET and delete the self-replicating Creeper worm. | 9.1 |
| Referer header | Is a request-type header that identifies the address of the previous web page, which is linked to the current web page or resource being requested. | 8.3 |
| Remote Code Execution | Executing code on the victim's machine, letting the attacker do virtually anything. | 1.3 |
| Replay Attack | A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. | 4.2 |
| Request | The message from the client to the server. | 8.1 |
| Request-Response Architecture | A message exchange pattern in which a requestor sends a request message to a replier system which receives and processes the request, ultimately returning a message in response. | 8.1 |
| Resident Malware | A variant of computer related malicious software that hides and stores itself on the computer's hard drive. | 9.1 |
| Resistance to Forgery (Resistant to Forgery, Forgery Resistance) | An algorithm for which it is very time consuming to produce a forgery. | 3.1 |
| Resource | Anything that can be obtained from the World Wide Web. Some examples are web pages, e-mail, information from databases, and web services. | 8.1 |
| Resource Theft | Theft of processing power. | 9.1 |
| Response Body | The description of the response. | 8.1 |
| Response Description | Indicate whether a specific HTTP request has been successfully completed. Responses are grouped in five classes: Informational responses (100–199), Successful responses (200–299), Redirects (300–399), Client errors (400–499) and Server errors (500–599). | 8.1 |
| Response Status Code | After receiving and interpreting a request message, a server responds with a response. | 8.1 |
| Return Statement (Return Address) | A return statement causes execution to leave the current subroutine and resume at the point in the code immediately after the instruction which called the subroutine, known as its return address. | 5.3 |
| Root CAs (Root Certificate Authorities) | Is a Certificate Authority that owns one or more trusted roots. That means that they have roots in the trust stores of the major browsers. Intermediate CAs or Sub CAs are Certificate Authorities that issue off an intermediate root. | 8.5 |
| Rootkit | A collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the existence of other software. | 9.2 |
| RSA (Rivest–Shamir–Adleman) | One of the first public-key cryptosystems. its widely used for secure data transmission. | 7.3 |
| RSA Decryption | \(M = C^d {(\mod n)}\). | 7.3 |
| RSA Encryption | A user of RSA creates and then publishes a public key based on two large prime numbers, along with an auxiliary value. The prime numbers must be kept secret. Anyone can use the public key to encrypt a message, but only someone with knowledge of the private key can decrypt the message. The encryption formula is \(C = M^e {(\mod n)}\). | 7.3 |
| S | ||
| Salt | Random data that is used as an additional input to a one-way function that "hashes" data, a password or passphrase. | 4.2 |
| Self-Replicating Automata (Universal Constructor) | An abstract machine which, when run, would replicate itself. In his design, the machine consists of three parts: a 'blueprint' for itself, a mechanism that can read any blueprint and construct the machine (sans blueprint) specified by that blueprint, and a 'copy machine' that can make copies of any blueprint. | 9.1 |
| Server | A computer or computer program which manages access to a centralized resource or service in a network. | 8.1 |
| Server Identity Verification | The procedure of making sure that the server on the other side is who he says he is and not a fake or a man in the middle. |
4.2 7.1 |
| Seven-Layer OSI Model (Open Systems Interconnection Model) | A conceptual model that characterizes and standardizes the communication functions of a telecommunication or computing system without regard to its underlying internal structure and technology. | 6.1 |
| SHA1 (Secure Hash Algorithm 1) | A popular hash function from 1995 by the NSA (no longer secure). | 3.3 |
| SHA2 (Secure Hash Algorithm 2) | A popular hash function from 2001 by the NSA (secure). | 3.3 |
| SHA3 (Secure Hash Algorithm 3) | Another hash function, developed in 2015 to have a fresh alternative to MD5/SHA1/SHA2, which are an evolution of the same design (secure). | 3.3 |
| Side-Channel Attack | An attack based on byproducts of the system, such as the time it takes the system to run or the sounds emitted by the CPU. | 1.4 |
| Sigma (σ) | The letter used to denote an RSA signature, calculated by \(σ = M ^ d {(mod n)}\). | 7.4 |
| Signing Algorithm | An algorithm for signing digital objects. | 7.4 |
| Sniffer | A computer software or hardware that can intercept and log traffic passing over a digital network. | 6.1 |
| Social Engineering | The psychological manipulation of people into performing actions or divulging confidential information. | 1.2 |
| Something You Are Authentication | An authentication scheme based on unique biometric characteristics of the user, like fingerprints or iris scans. | 4.1 |
| Something You Have Authentication | An authentication scheme based on a secret only the user has, like a phone. | 4.1 |
| Something You Know Authentication | An authentication scheme based on a secret only the user knows, like a password. | 4.1 |
| SOP (Same Origin Policy) | Is a critical security mechanism that restricts how a document or script loaded from one origin can interact with a resource from another origin. It helps isolate potentially malicious documents, reducing possible attacks. | 8.3 |
| Source Address Spoofing | Is the creation of Internet Protocol (IP) packets with a false source IP address, for the purpose of impersonating another computing system. | 6.3 |
| Speculative Execution | An optimization technique where a computer system performs some task ahead of time, "speculating" that its result will be needed. Speculative execution is instrumental in exploiting the Meltdown vulnerability. | 1.4 |
| SQL (Structured Query Language) | Is a domain-specific language used in programming and designed for managing data held in a relational database management system, or for stream processing in a relational data stream management system. | 8.2 |
| SQL Injection | Is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution. | 8.2 |
| Stack Overflow | Overwriting the function's return address. Occurs if the call stack pointer exceeds the stack bound. | 5.3 |
| Static Signatures | A signatures that looks at static characteristics of the malware, such as strings, code snippets or their hashes. | 9.2 |
| Steganography | A method of hiding secret data, by embedding it into an audio, video, image or text file. | 9.2 |
| Stream Cipher | A method of encrypting text in which a cryptographic key and algorithm are applied to each binary digit in a data stream, one bit at a time. | 2.3 |
| Substitution Cipher | A method of encrypting by which units of plaintext are replaced with ciphertext, according to a fixed system. | 2.1 |
| Symmetric Cipher | Algorithms for cryptography that use the same cryptographic keys for both encryption of plaintext and decryption of ciphertext. | 2.1 |
| T | ||
| TCP Port Number (source port, destination port) | A communication endpoint address. | 6.4 |
| TCP Sequence Numbers | TCP sequence numbers are values assigned to each packet by the TCP protocol. Sequence numbers are assigned sequentialy and therfore allow for the synchronization and reliability of internet communication. | 6.4 |
| Three-Way Handshake | A synchronization sequence that does: first, the client picks an initial sequence number and sends it to the server (so the server knows what numbers to expect). In the second message, the server acknowledges the client’s sequence number, and sends the client its own initial sequence number. And in the 3rd message he client acknowledges the server’s sequence number. | 6.4 |
| TLS (Transport Layer Security)/SSL (Secure Sockets Layer) Protocols | TLS and SSL are cryptographic protocols designed to provide communications security over a computer network. The connection is private (or secure) because symmetric cryptography is used to encrypt the data transmitted. | 8.5 |
| TCP (Transmission Control Protocol) | Is one of the main protocols in the Internet's transport layer. TCP provides reliable, ordered, and error-checked delivery of a stream of octets (bytes) between applications running on hosts communicating via an IP network. Major internet applications such as the World Wide Web, email, remote administration, and file transfer rely on TCP. | 6.1 |
| Transport Layer | See Layer 4 | 6.1 |
| Trojan Horse | Any malware which misleads users of its true intent. The term is derived from the Ancient Greek story of the deceptive Trojan Horse that led to the fall of the city of Troy. | 9.1 |
| U | ||
| Unix | A family of multitasking, multiuser computer operating systems that derive from the original AT&T Unix, development starting in the 1970s at the Bell Labs research center by Ken Thompson, Dennis Ritchie, and others. | 5.2 |
| URI (Uniform Resource Identifier) | A string of characters that unambiguously identifies a particular resource. | 8.1 |
| URL (Uniform Resource Locator) | A reference to a web resource that specifies its location on a computer network and a mechanism for retrieving it. | 8.1 |
| UDP (User Datagram Protocol) | Is one of the main protocols in the Internet's transport layer. It is a simple message-oriented transport layer protocol that is documented in RFC 768. | 6.1 |
| V | ||
| Variable Overflow | 5.2 | |
| Verify Algorithm | An algorithm for verifying the authenticity of digital signatures. | 7.4 |
| Vulnerability | A flaw in a system’s design, implementation or operation, that can be exploited to violate the system's security policy. | 1.2 |
| Virus | A type of computer program that, when executed, replicates itself by modifying other computer programs and inserting its own code into them. | 9.1 |
| W | ||
| WEP (Wired Equivalent Privacy) | A security algorithm for IEEE 802.11 wireless networks. | 2.3 |
| WiFi | A technology connecting computers together wirelessly in a local area network or LAN, using radio transmission technology. | 6.1 |
| Worm | A standalone malware computer program that replicates itself in order to spread to other computers. | 9.1 |
| WWW (World Wide Web) | An information system where documents and other web resources are identified by Uniform Resource Locators (URLs), which may be interlinked by hypertext, and are accessible over the Internet. | 8.1 |
| X | ||
| XOR | A boolean operator working on two variables that has the value of one if one but not both of the variables has a value of one. | 2.3 |
| XSS (Cross-Site Scripting) | Is a type of computer security vulnerability typically found in web applications. It enables attackers to inject client-side scripts into web pages viewed by other users. It may be used by attackers to bypass access controls such as the same-origin policy. | 8.4 |