Common acronyms in IT Security industry explained. Terms like OWASP, XSS, SQLI vulnerability, RCE and CSRF and more. These are keywords in network security that are mostly used.

1. TheSmartScanner.com
Security Acronyms
Glossary
Most Used Acronyms in Cyber Security Industry

2. TheSmartScanner.com
OWASP
 A nonprofit foundation that works to improve the security of software
 The OWASP Top 10 is one their popular projects.
Open Web Application Security Project

3. TheSmartScanner.com
XSS
 It stands for Cross-Site Scripting
 An X is used instead of the C to prevent confusion with Cascading Style Sheets
(CSS)
Cross Site Scripting

4. TheSmartScanner.com
SQLI
 An attack where the SQL commands used in an application are manipulated by
attacker
 SQLI is a dangerous and common vulnerability
SQL Injection

5. TheSmartScanner.com
RCE
 It can occur anywhere from routers to online shops.
 By exploiting RCE, an attacker can execute commands (usually OS commands)
on the target system
Remote Command Execution

6. TheSmartScanner.com
DoS
 A famous security acronym at the news
 DoS is a type of attack that makes the target service unavailable
 Attackers usually perform DoS attacks by sending enormous traffic to the
target
Denial of Service

7. TheSmartScanner.com
DDos
 A DoS attack from many different sources
 This type of DoS typically runs using zombie botnets
Distributed Denial of Service

8. TheSmartScanner.com
CSRF
 Pronounce Sea Surf
 AKA XSRF
 An attack where the attacker sends a request on behalf of a victim user
without her knowledge
 Attackers exploit CSRF to do actions using the victim's permission
 For example, a hacker can create an admin user for himself using a CSRF
attack
Cross-Site Request Forgery

9. TheSmartScanner.com
XXE
 A kind of attack against an application that parses XML input
 In this attack, the vulnerable application processes a reference to an external
entity in the provided XML
 The XXE is a dangerous attack that can lead to information disclosure or
denial of service attacks
XML External Entity

10. TheSmartScanner.com
SSRF
 An attack that the attacker can abuse functionality on the server to read or
update internal resources
Server-Side Request Forgery

11. TheSmartScanner.com
SSI
 A type of security attack that exploits the Service-side Includes features of a
web server
 The Server-side includes are tags in HTML files
 The web server executes these tags to add dynamic contents to the page
before sending it to the user
Server-Side Includes Injection

12. TheSmartScanner.com
RFI
 Occurs when the web application downloads and executes a remote file
 This remote file is usually controlled by an attacker and is passed as a request
parameter
Remote File Inclusion

13. TheSmartScanner.com
LFI
 Similar to a remote file inclusion vulnerability, but only local files on the
server can be included for execution
 It does not mean the LFI is less dangerous than RFI
Local File Inclusion

14. TheSmartScanner.com
LFD
 Similar to LFI
 The difference is that the local file is only opened and sent back to the user
 The contents of file is not executed
Local File Download or Disclosure

15. TheSmartScanner.com
IDOR
 It is a vulnerability that occurs when a reference to an internal object, such
as a file or directory, is retrieved from user-supplied input
 If no proper authorization is implemented, an attacker can abuse this
reference to access every object
Insecure Direct Object Reference

16. TheSmartScanner.com
CVE
 A system that provides a mechanism for referencing publicly known security
vulnerabilities
Common Vulnerabilities and Exposures

17. TheSmartScanner.com
CWE
 A category system for hardware and software weaknesses and vulnerabilities
Common Weakness Enumeration

18. TheSmartScanner.com
SmartScanner
Test your Web Application For Security Issues
https://www.TheSmartScanner.com
Thank You