Help Center > > Glossary


    • C
      Common Vulnerabilities and Exposures

      Common Vulnerabilities and Exposures (CVE®) is a list of common identifiers for publicly known cyber security vulnerabilities. Use of CVE Identifiers, or "CVE IDs," which are assigned by CVE Numbering Authorities (CNAs) from around the world, ensures confidence among parties when used to discuss or share information about a unique software or firmware vulnerability, provides a baseline for tool evaluation, and enables data exchange for cybersecurity automation.


      A crawler is a program or script used for automatically obtaining information from World Wide Web.

      Cross Site Script

      XSS is a type of web security vulnerability used by attackers to steal user information. Using the vulnerability, attackers inject malicious code into web pages. The code is executed to steal user information when users browse the web pages.

      cross-site request forgery

      Cross-site request forgery is another common web attack. Attackers forge data for targets to access. If the browsers of the targets maintain the authentication sessions with the destination sites, the targets unknowingly send requests forged by attackers to the destination sites when accessing the attacker-forged pages or URLs.


      See cross-site request forgery


      See Common Vulnerabilities and Exposures


      • D

        See Domain Name

        Domain Name

        Domain names refer to the names that are registered to domain name registrars by individuals or organizations, such as enterprises, governments, or non-governmental organizations. Domain names serve as the network addresses for the communication between enterprises or organizations on the Internet. Each domain name corresponds to an IP address.

        Domain Verification

        Users' identity and other relevant information are verified.


        • L

          See Local File Includsion

          Local File Includsion

          Local File Inclusion is the process of including files on a server through the web browser. This vulnerability occurs when a page include is not properly sanitized, and allows directory traversal characters to be injected.


          • P

            The payload is the portion of the malware which performs malicious action


            See prove of concept

            prove of concept

            A segment of code or program that proves the existence of a vulnerability


            • R

              See Remote Code Execution

              Remote Code Execution

              Attackers attack or control communication devices by remote calling.


              • S

                A scanner is a program that automatically detects security weaknesses in local or remote hosts. It can discover vulnerabilities and provide scanning results quickly and accurately.

                SQL Injection

                SQL injection is a common web attack. Attackers inject SQL statements into query character strings of background databases to deceive servers into executing the malicious SQL statements. Then, attackers can obtain sensitive information, add users, export files, or even gain the highest permissions on the databases or even the systems.


                See SQL Injection


                • V

                  See Vulnerability Scan Service


                  See Vulnerablity

                  Vulnerability Scan Service

                  VSS is a security detection service designed for web applications.


                  A vulnerability is a defect of hardware, software, or protocol in specific implementation or system security policy. Such a defect enables an attacker to access or sabotage a system without being authorized.


                  • W

                    See Web Application Firewall

                    Web 2.0

                    Web 2.0 basically refers to the transition from static HTML Web pages to a dynamic Web that is more organized and based on serving Web applications.

                    Web Application Firewall

                    WAF is a protection service designed for web applications. It detects and blocks threats such as SQL injection and XSS attacks to mitigate the risk of service interruption, data theft, or data tampering of web applications.


                    • X
                      XML External Entity attack

                      An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, port scanning from the perspective of the machine where the parser is located, and other system impacts.


                      See Cross Site Script

                      XXE attack

                      See XML External Entity attack


                      • Z

                        A 0-day vulnerability refers to a vulnerability that is exploited immediately upon discovery. Plainly speaking, malicious programs are already available when a vulnerability is discovered and its patch developed. 0-day attacks are abrupt and destructive.