Home » RESOURCES » Glossary » P-S

P-S

A-C | D-H | I-O | P-S | T-Z

P

  • Parameter tampering Hacking technique to modify or add contents to template fields transiting through the browser. It takes benefit of distributed architectures. Hackers visualise and modify hidden fields in templates
  • Patch Code added to an existing program in order to correct a real or potential flaw in a program in use
  • Pattern matching Technique to select data using a filter. More precisely, in application security, check of standard compliance (for instance conformity with RFC791 for HTTP protocol)
  • Perl script Script written in Perl language. Perl means Practical Extraction and Report Language and is optimised for data processing. A script is a short program written in an interpreted language
  • PCI Standards Payment Card Industry Data Security Standards are a set of 12 requirements that an online company accepting card payments has to abide by. For instance, build a secure network, protect cardholder data, maintain a security policy. Abstact of PCI DSS, requirement 6.6 : 'Ensure that all web-facing applications are protected against known attacks by applying either of the following methods: (1) Having all custom application code reviewed for common vulnerabilities by an organization that specializes in application security, (2) Installing an application layer firewall in front of web-facing applications. Note: This method is considered a best practice until June 30, 2008, after which it becomes a requirement.' BinarySEC protects internal developments. In addition, it is an application-layer firewall which protects against known AND unknown attacks on a website
  • Phishing Illegal action combining an unsollicited e mail (spam) and an illegal web site (or a simple page) with the same 'look and feel' as a legitimate site. The purpose is to prompt the user to leave confidential data such as personal info or bank account details
  • Pharming Exploitation of a DNS server vulnerability to redirect an internet user from one website to another without being aware of this redirection
  • PHP - PHP Hypertext Processor PHP is the most popular language to create web sites. PHP is an interpreted language and is executed on server side (just like CGI or ASP scripts, ...) contrary to scripts executed on client side (a Javascript or a Java applet executes on your computer ...). It is usually associated with Apache and Mysql database. BinarySEC is an active supporter of PHP Project
  • Phreaking - telephone hacking Phreaking is an illegal use of telephone network. Its most common purpose is to remain anonymous
  • Port A unique 'entry gate' on a machine. In reality, it is a memory space dedicated to exchange between 2 computers for a specific application - for instance, port 80 for HTTP flows. A port has a number between 1 and 65535. The tandem IP address + port (called socket) represents the unique address identifying the service on the machine
  • Positive security model Security principle consisting of accepting ONLY what is explictly allowed
  • Post - method One of the HTTP protocol methods consisting of sending data to the program located at a specified URL
  • Proxy server Server which purpose is to relay different requests and maintain a cache of answers. Its main functionalities are : caching, request logging, local network security, filtering and anonymity

R

  • Reverse engineering Action of 'dissecting' something in order to understand how it works. Hackers often use this approach to find vulnerabilities to exploit
  • Risk Probability that a danger comes true and causes damages. As for web applications, it deals with exploitation of one or more flaws by a threatening element using an attack method (hacks, virus, tactless employee, social engineering, etc.) and its impact on targeted data. Risk = likelyhood for an incident to occur x incident seriousness
  • Rootkit Program giving a hacker a fraudulous access -sometimes for a long time- to a computer system. A rootkit needs a vulnerable machine to be installed

S

  • Sarbanes-Oxley US Law dedicated to reinforce top management responsibilities as regards with internal audit area and information circulation including public information. It has a clear impact on data protection and information flows control. For the company, it implies stricter rules in computer and data security
  • Scam Swindle that uses e-mailing to attempt to extort money to internet users. The criminals make users 'dream' that they will receive a percentage of a big money transaction
  • Scanning Thorough connection attempt for instance on a full IP address range. A common scan is port scanning when all possible ports are tested to check if the port is open
  • Script language Programming language created to shorten traditional development process of edition > compilation > link edition > execution. For web technologies, most common script languages are : PHP, ASP, Python, Perl, Ruby, Javascript, VBScript. Depending on the language, they are either interpreted on the server or on the client browser
  • Script kiddie Young computer 'addict' capable to run a handful of scripts that may give him unauthorised access to a system
  • Scripting language cf. Script
  • Secure Socket Layer - SSL cf. SSL
  • S-HTTP cf. HTTPS
  • SMIME - Secure Multi-purpose Internet Mail Extensions S/MIME is an e-mail encryption protocol based on RSA assymetric crytography. S/MIME ensures authentication and confidentiality
  • Soap - Simple Object Access Protocol Protocol dedicated to transmit messages between remote objects. Transfer usually takes place via HTTP protocol
  • Social engineering Art of manipulating persons in order to bypass security measures and tools. The purpose is to obtain confidential information from users through phone, e-mail, snail mail or direct contact and secondly use these data to gain illegal access
  • Spam Unsollicited e-mail massively sent
  • Spim Unsollicited message received via an instant messaging service
  • Spyware Software that uses an internet connection without the permission of its owner, in order to 'listen' to confidential data and transmit them to third parties
  • SQL injection A SQL injection is a technique to exploit a web application security vulnerability, injecting an SQL request which was not validated or expected by the system and can compromise its security. SQL stands for Structured Query Language, the most common language to build a database and send requests to it. BinarySEC stops these very common and efficient attacks
  • SSL -Secure Socket Layer Protocol based on certificates use, enabling to secure exchange between a server and a web client. SSL enables e-merchants (among other actors) to have a secured dialog with their customers for payments or confidential data exchange. It uses an encryption system with public / private key algorithm. All exchanges between the server and the customer are encrypted. This system is transparent for the end-user
  • Stealth Represents a behaviour based on 'discretion'. The hacker will attempt to limit or take time between each intrusion attempt in order not to be detected by security tools which could automately block access