Web Security Terms and Jargon

Categories: Internet Security | Posted on Sep 21, 2016

When you start to learn about online and digital security, you come across all sorts of technical jargon. Attempting to understand all that technical jargon can leave you with a headache. Some of the websites dealing with web security, while extremely important, can be difficult for most people to understand. Don’t worry – you are not alone!

You may feel that the easiest solution is to click away and figure out that you will deal with any security issues as they happen. Well, this is not the right approach at all. What if something happens and you do not have the knowledge to deal with it?

This ongoing series of articles will help simplify some of these terms so that you can look into this topic more deeply.

URI
Uniform Resource Identifier is the address of your website, or the portion that shows up in the browser bar. When someone enters the first part of the address the search engines start their search. This address is then appended with additional information to deepen the search into any website.

It is the code that is added to the URI that is important when it comes to web security. You can add all kinds of elements to the main address, including links to images, elements and frames. If a hacker can override these and add things to your HTML code, you have no idea where your site might point to. Or more importantly what it might show to a visitor, parts or files of your website that you do not want exposed.

Next we will look at the types of attacks your site might experience:

  • SQL Injection – This is when an SQL command is sent to your Database server via the URI or through a form field.
  • Cross Site Scripting or XSS – this is one of the most common forms of attacks. The hacker uses a JavaScript code and embeds it into a document. This is done by adding a new field to the end of your URI.
  • Path Traversal – this is a function that you do not want to allow on your server. It would allow people to find and access all your folders on your server. You can imagine what they would do if they had this type of access.
  • Cross Site Request Forgery – the best way to describe this is by allowing information to be sent into your database. This is done by forms. Potentially it can allow any form of attacker to get access to private information such as payment and banking details.
  • Remote File Inclusion or RFI – this happens when a flaw in your website allows a hacker to add a code from another server to run on your server.
  • Phishing – this is a method that fools people into entering personal information into a bad website.
  • Clickjacking – this uses CSS and inline frames and gets people to click something without them realizing what or where they are clicking too.

This at least gives you a better understanding of some of those terms that you may have seen when reading about web security.

Leave a Comment

Your email address will not be published. Required fields are marked *

WordPress Anti-Spam by WP-SpamShield