Common acronyms in IT Security industry explained. Terms like OWASP, XSS, SQLI vulnerability, RCE and CSRF and more. These are keywords in network security that are mostly used.
2. TheSmartScanner.com
OWASP
A nonprofit foundation that works to improve the security of software
The OWASP Top 10 is one their popular projects.
Open Web Application Security Project
3. TheSmartScanner.com
XSS
It stands for Cross-Site Scripting
An X is used instead of the C to prevent confusion with Cascading Style Sheets
(CSS)
Cross Site Scripting
4. TheSmartScanner.com
SQLI
An attack where the SQL commands used in an application are manipulated by
attacker
SQLI is a dangerous and common vulnerability
SQL Injection
5. TheSmartScanner.com
RCE
It can occur anywhere from routers to online shops.
By exploiting RCE, an attacker can execute commands (usually OS commands)
on the target system
Remote Command Execution
6. TheSmartScanner.com
DoS
A famous security acronym at the news
DoS is a type of attack that makes the target service unavailable
Attackers usually perform DoS attacks by sending enormous traffic to the
target
Denial of Service
7. TheSmartScanner.com
DDos
A DoS attack from many different sources
This type of DoS typically runs using zombie botnets
Distributed Denial of Service
8. TheSmartScanner.com
CSRF
Pronounce Sea Surf
AKA XSRF
An attack where the attacker sends a request on behalf of a victim user
without her knowledge
Attackers exploit CSRF to do actions using the victim's permission
For example, a hacker can create an admin user for himself using a CSRF
attack
Cross-Site Request Forgery
9. TheSmartScanner.com
XXE
A kind of attack against an application that parses XML input
In this attack, the vulnerable application processes a reference to an external
entity in the provided XML
The XXE is a dangerous attack that can lead to information disclosure or
denial of service attacks
XML External Entity
10. TheSmartScanner.com
SSRF
An attack that the attacker can abuse functionality on the server to read or
update internal resources
Server-Side Request Forgery
11. TheSmartScanner.com
SSI
A type of security attack that exploits the Service-side Includes features of a
web server
The Server-side includes are tags in HTML files
The web server executes these tags to add dynamic contents to the page
before sending it to the user
Server-Side Includes Injection
12. TheSmartScanner.com
RFI
Occurs when the web application downloads and executes a remote file
This remote file is usually controlled by an attacker and is passed as a request
parameter
Remote File Inclusion
13. TheSmartScanner.com
LFI
Similar to a remote file inclusion vulnerability, but only local files on the
server can be included for execution
It does not mean the LFI is less dangerous than RFI
Local File Inclusion
14. TheSmartScanner.com
LFD
Similar to LFI
The difference is that the local file is only opened and sent back to the user
The contents of file is not executed
Local File Download or Disclosure
15. TheSmartScanner.com
IDOR
It is a vulnerability that occurs when a reference to an internal object, such
as a file or directory, is retrieved from user-supplied input
If no proper authorization is implemented, an attacker can abuse this
reference to access every object
Insecure Direct Object Reference
16. TheSmartScanner.com
CVE
A system that provides a mechanism for referencing publicly known security
vulnerabilities
Common Vulnerabilities and Exposures