Common Vulnerabilities and Exposures (CVE®) is a list of common identifiers for publicly known cyber security vulnerabilities. Use of CVE Identifiers, or "CVE IDs," which are assigned by CVE Numbering Authorities (CNAs) from around the world, ensures confidence among parties when used to discuss or share information about a unique software or firmware vulnerability, provides a baseline for tool evaluation, and enables data exchange for cybersecurity automation.
A crawler is a program or script used for automatically obtaining information from World Wide Web.
XSS is a type of web security vulnerability used by attackers to steal user information. Using the vulnerability, attackers inject malicious code into web pages. The code is executed to steal user information when users browse the web pages.
Cross-site request forgery is another common web attack. Attackers forge data for targets to access. If the browsers of the targets maintain the authentication sessions with the destination sites, the targets unknowingly send requests forged by attackers to the destination sites when accessing the attacker-forged pages or URLs.
See Domain Name
Domain names refer to the names that are registered to domain name registrars by individuals or organizations, such as enterprises, governments, or non-governmental organizations. Domain names serve as the network addresses for the communication between enterprises or organizations on the Internet. Each domain name corresponds to an IP address.
Users' identity and other relevant information are verified.
Local File Inclusion is the process of including files on a server through the web browser. This vulnerability occurs when a page include is not properly sanitized, and allows directory traversal characters to be injected.
The payload is the portion of the malware which performs malicious action
See prove of concept
A segment of code or program that proves the existence of a vulnerability
Attackers attack or control communication devices by remote calling.
A scanner is a program that automatically detects security weaknesses in local or remote hosts. It can discover vulnerabilities and provide scanning results quickly and accurately.
SQL injection is a common web attack. Attackers inject SQL statements into query character strings of background databases to deceive servers into executing the malicious SQL statements. Then, attackers can obtain sensitive information, add users, export files, or even gain the highest permissions on the databases or even the systems.
See SQL Injection
VSS is a security detection service designed for web applications.
A vulnerability is a defect of hardware, software, or protocol in specific implementation or system security policy. Such a defect enables an attacker to access or sabotage a system without being authorized.
Web 2.0 basically refers to the transition from static HTML Web pages to a dynamic Web that is more organized and based on serving Web applications.
WAF is a protection service designed for web applications. It detects and blocks threats such as SQL injection and XSS attacks to mitigate the risk of service interruption, data theft, or data tampering of web applications.
An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, port scanning from the perspective of the machine where the parser is located, and other system impacts.