DevSecOps Definitions

  • A

    access control list (ACL)

    An access control list (ACL) is a table that tells a computer operating system which access rights each user has to a particular system object, such as a file directory or individual file.

  • application firewall

    An application firewall is an enhanced firewall that limits access by applications to the operating system (OS) of a computer... (Continued)

  • application security

    Application security is the use of software, hardware, and procedural methods to protect applications from external threats. Once an afterthought in software design, security is becoming an increasingly important concern during development as applications become more frequently accessible over networks and are, as a result, vulnerable to a wide variety of threats.

  • authorization

    Authorization is the process of giving someone permission to do or have something.

  • B

    bug

    In computer technology, a bug is a coding error in a computer program.

  • C

    CGI scanner

    A CGI (common gateway interface) scanner is a program that searches for known vulnerabilities in Web servers and application programs by testing HTTP requests against known CGI strings... (Continued)

  • code review

    Code review is a phase in the computer program development process in which the authors of code, peer reviewers, and perhaps quality assurance reviewers get together to review code, line by line... (Continued)

  • command injection

    Command injection is the insertion of HTML code into dynamically generated output by a malevolent hacker (also known as a cracker) seeking unauthorized access to data or network resources...

  • cross-site request forgery (XSRF or CSRF)

    Cross-site request forgery (XSRF or CSRF) is a method of attacking a Web site in which an intruder masquerades as a legitimate and trusted user... (Continued)

  • cross-site tracing (XST)

    Cross-site tracing (XST) is a sophisticated form of cross-site scripting (XSS) that can bypass security countermeasures already put in place to protect against XSS... (Continued)

  • D

    dynamic analysis

    Dynamic analysis is the testing and evaluation of a program based on execution with selected data... (Continued)

  • H

    Higgins Trust Framework (HTF)

    The Higgins Trust Framework (HTF) is an API (application program interface) that allows end users to store identity information in locations of their choice and share portions of that information anonymously with online vendors and service providers in a controlled manner... (Continued)

  • I

    integer overflow

    Integer overflow is the result of trying to place into computer memory an integer (whole number) that is too large for the integer data type in a given system.

  • L

    LDAP injection

    LDAP injection is a type of security exploit that is used to compromise the authentication process used by some websites. Websites that construct Lightweight Directory Access Protocol (LDAP) statements from data provided by users are vulnerable to this type of attack.

  • O

    obfuscation (obfu)

    Obfuscation, in general, describes a practice that is used to intentionally make something more difficult to understand. In a programming context, it means to make code harder to understand or read.

-ADS BY GOOGLE

SearchCloudComputing

SearchAppArchitecture

SearchITOperations

SearchAWS

Close