Security Testing and QA Definitions

  • A

    auditor

    In Web advertising, this usually means a third-party company that audits the number of visitors to or impression sent from a Web site during some time period.

  • C

    CGI scanner

    A CGI (common gateway interface) scanner is a program that searches for known vulnerabilities in Web servers and application programs by testing HTTP requests against known CGI strings... (Continued)

  • code review

    Code review is a phase in the computer program development process in which the authors of code, peer reviewers, and perhaps quality assurance reviewers get together to review code, line by line... (Continued)

  • command injection

    Command injection is the insertion of HTML code into dynamically generated output by a malevolent hacker (also known as a cracker) seeking unauthorized access to data or network resources...

  • content spoofing

    Content spoofing is a type of exploit used by a malicious hackers to present a faked or modified Web site to the user as if it were legitimate.

  • countermeasure

    A countermeasure is an action, process, device, or system that can prevent, or mitigate the effects of, threats to a computer, server or network.

  • cross-site scripting (XSS)

    Cross-site scripting (XSS) is a security exploit which is carried out on Web applications that accept input, but do not properly separate data and executable code before the input is delivered back to a user’s browser.

  • cross-site tracing (XST)

    Cross-site tracing (XST) is a sophisticated form of cross-site scripting (XSS) that can bypass security countermeasures already put in place to protect against XSS... (Continued)

  • cryptography

    Cryptography is a method of storing and transmitting data in a particular form so that only those for whom it is intended can read and process it. The term is most often associated with scrambling plaintext (ordinary text, sometimes referred to as cleartext) into ciphertext (a process called encryption), then back again (known as decryption).

  • D

    dynamic analysis

    Dynamic analysis is the testing and evaluation of a program based on execution with selected data... (Continued)

  • F

    functional specification

    A functional specification (or sometimes functional specifications) is a formal document used to describe in detail for software developers a product's intended capabilities, appearance, and interactions with users.

  • H

    Higgins Trust Framework (HTF)

    The Higgins Trust Framework (HTF) is an API (application program interface) that allows end users to store identity information in locations of their choice and share portions of that information anonymously with online vendors and service providers in a controlled manner... (Continued)

  • I

    integer overflow

    Integer overflow is the result of trying to place into computer memory an integer (whole number) that is too large for the integer data type in a given system.

  • L

    LDAP injection

    LDAP injection is a specific form of attack that can be employed to compromise Web sites that construct LDAP (Lightweight Directory Access Protocol) statements from data provided by users... (Continued)

  • M

    mock object

    In object-oriented programming, a mock object is a simulated object that mimics the behavior of the smallest testable parts of an application in controlled ways.

-ADS BY GOOGLE

SearchMicroservices

TheServerSide.com

SearchCloudApplications

SearchAWS

SearchBusinessAnalytics

SearchFinancialApplications

SearchHealthIT

DevOpsAgenda

Close