As the online threat landscape continues to evolve, so too does the language we use to describe it. To support a safer internet for everyone, we’ve compiled this glossary. Based on our research, this is today’s most relevant terminology in website security.
Adware: Often in the form of browser pop-ups or unclosable windows, adware displays advertisements which then generate revenue for the attacker
AntiVirus (Website): A website security system designed to detect and destroy malware that infects websites.
Attack Vector: An attack sequence that the hacker or black hat takes to gain access to a website before exploiting it with malware.
Backdoor: A program that allows unauthorized remote access to a website, often used to reinfect a site after the initial attack.
Black Hat: An attack or attacker that leverages technology with malicious intentions, commonly referred to as a hacker.
Blacklist: The process of listing dangerous/hacked websites and and wanrs users from browsers, search engines, and desktop antivirus programs.
Bot/Botnets: An automated program used for malicious activity online. A single bot infecting a website might use that site’s resources for phishing or defacements. A group of bots, or a botnet, combine resources for larger attacks, such as distributed denial of service (DDoS).
Brute Force: The automated process of guessing website passwords until a match is found.
Bug: An error or flaw in an application that produces a vulnerability.
Conditional Malware: An attack that changes behavior based on the type of website traffic, e.g. browser, device type, etc.
Content Delivery Network (CDN): A website performance system that uses a global network of servers that quickly serve a cached version of your website content.
Cross-Site Request Forgery (CSRF): An attack where a logged-in website user clicks a malicious message that runs unauthorized commands on the website.
Crypto (Currency): A digital currency built with cryptographic protocols that make transactions secure and difficult to fake.
Cookies: A small file that websites store on a computer in order to recognize and track visitors.
Defacement: An attack that changes the appearance of the website, usually including images and messages on the home page.
Defense In Depth: The principle of adding multiple security features to a website to reduce the overall risk of a compromise. See: Layered Defenses
Denial of Service (DoS): An attack where the attacker denies service from a website by tying up its resources.
Detection: The process of scanning and monitoring a website’s source code and database for malware and security issues.
Distributed Denial of Service (DDoS): An attack that takes down a website by blocking it with fake traffic sent from many (distributed) compromised computers.
DREAD Score: A website security threat level for classifying vulnerabilities — Damage, Reproducibility, Exploitability, Affected users, and Discoverability.
Encryption: The process of encoding data in transit so only authorized users can access it, while unauthorized users cannot.
Exploit Kit: An attack tool made by hackers that automatically finds security holes in applications, like websites, and use them to spread malware.
Firewall (Website): A website security system that monitors and controls traffic coming to your website via a network of servers placed in the middle.
Forensics: The process of identifying who attacked a website and how they did it.
Gray Hat: The term “grey hat”, alternatively spelled as “greyhat” or “gray hat”, refers to a computer hacker or computer security expert who may sometimes violate laws or typical ethical standards, but does not have the malicious intent typical of a black hat hacker.
Hacker: An advanced computer user whose knowledge and expertise facilitates activities outside the norm, such as protecting or exploiting online properties.
Hacktivism: Implementing a hack in order to further political goals.
Hardening: The process of securing a website to reduce its overall vulnerability, known as the attack surface.
Heuristics: The process of detecting behavioral patterns in complex website malware to identify new threats and highly conditional malware.
HTTP(S)/SSL/TLS: Components of a web address that signify data will be encrypted.
Incremental Backups: The process of backing up only new files that have changed since the last successful backup in order to save space.
Integrity Check: The process of comparing current website files against a known good version of the files to identify potential compromises.
Intrusion Detection System (IDS): An online application that monitors a web property for hacks or other unwanted activity.
Layered Defenses: The principle of combining multiple security controls to protect a website against a specific category of attack. See: Defense in Depth.
Least Privileged Access: The principle of granting permissions only to users who really need access, and only for as long as they require it.
Local File Inclusion (LFI): An attack on vulnerable user-supplied input fields, allowing an attacker to execute code from a malicious file that is already on the server.
Mailer (PHP): An attack using a malicious PHP file on the server used to send spam emails using your website resources.
Malicious Redirect: An attack that automatically sends visitors from the infected page to another location.
Malware: Software designed to perform unauthorized or illegal activity once installed on compromised hardware or applications.
Malvertising: An attack used to infect websites that serve ads by serving malicious ads through a vulnerability in the advertising network.
Man-in-the-Middle: A hack where data between two parties is intercepted by an unauthorized user (the man in the middle).
Metadata: Data intended for web browsers which describes the content on an online property, literally “data about data.”
Multi-Factor Authentication: See Two-Factor Authentication.
Obfuscation: The process of encrypting code to keep the contents hidden but still executable, generally used to hide malware or proprietary code.
Password Manager: A secure application that automatically populates login credentials, letting users employ more secure usernames and passwords.
Payload: A website security compromise involving a specific piece of malicious code that delivers a harmful action.
Pharma Hack: An attack involving manipulation of SEO factors on the infected website to produce pharmaceutical ads, keywords, links, and metadata.
Phishing (or spear phishing): An attack using fake content that baits unsuspecting users to enter personal information and credentials.
Privilege Escalation: An attack that uses a vulnerability to gain elevated access privileges that should not be granted.
Ransomware: A type of malware that blocks access to an online property until ransom is paid to the attacker.
Reconnaissance: An attack sequence where the attacker gathers target websites and information about them before the vulnerability identification phase.
Remediation: A website security system or service that removes all malware, backdoors, phishing, malvertising, and any infection from the website.
Remote Code Execution: An attack on vulnerable code that allows the attacker to gain complete remote access to the target computer or website.
Remote File Inclusion (RFI): An attack on vulnerable user-supplied input fields, allowing an attacker to upload or execute remote malicious files on the website server.
Reverse Proxy: A website security system that sends traffic to a server to filter and pass only clean traffic to the protected website. See: Content Delivery Network
Remote Scan: The process of scanning website source code as a visitor would see it, without any access to the backend environment. See: Server Side Scan
Root Access: The level of permission that allows access to all files and systems making up an online property.
Salting: An additional layer of password security during the process of hashing which adds a unique component to a password.
Search Engine Poisoning (SEP): An attack that changes the Title and Description metadata on infected websites to show spam keywords in search results pages.
Security Posture: The principle of website security awareness and vigilance to maintain strong defenses and an understanding of the risks.
SEO Spam: An attack that infects websites with spam keywords and links to try to trick the search engines into ranking malicious content with a higher result.
Server-Side Scan: The process of scanning a website from the backend environment to assess each line of source code. See: Remote Scan
Social engineering: The use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.
Spoofing: An attack that cloaks itself by pretending to come from a false source, such as an email address, IP addresses, referrer, user-agent string.
Spyware: Malware that gathers information about a user, and then transmits that information to another unauthorized user.
SQL Injection: An attack where the attacker enters malicious code inside text input boxes on the website which sends attack sequences to the website server.
Trojan: Malware that disguises its purpose as legitimate, but then delivers a malicious payload upon execution.
Two-Factor Authentication (2FA): The principle of adding a layer of authentication after your password, usually from a code generator app. Also called Multi-Factor Authentication.
Unauthorized Access: Any access to an online property that does not pass through established security protocols.
URL Injection: An attack where a hacker creates additional pages on an online property. When visited, these pages execute an attack, such as redirecting visitors.
VPN: An acronym for “virtual private network,” which extends across a public network and allows users to access data as if they were in a secure environment.
Virtual Patching: The process of securing vulnerabilities through a third-party application or software, rather than from the original provider.
Virus: A malicious program that, when injected into an online property, replicates itself by hacking files and applications in order to add its own code.
Vulnerability (Software): A website security risk involving a flaw in the code running on your website that an attacker to gain unauthorized access.
WAF: An acronym for “web application firewall,” a third-party security measure that monitors and blocks malicious traffic to the online property it protects.
Website Malware: A website security compromise that infects the website with malicious code designed to execute harmful actions.
White Hat: A hacker whose knowledge and expertise lets them identify vulnerabilities and attacks in order to advance the practice of security.
Cross-Site Scripting (XSS): An attack using a vulnerability that allows an attacker to inject malicious scripts into a page, which is then used to attack website visitors.
Zero-Day: A software vulnerability that has not been disclosed to the public yet, meaning no patch is available to secure against it.
Clear and accurate communication is crucial for mitigating threats. It ensures resources are allocated correctly and all parties work toward a common goal. We hope this glossary enables your own communication as you build success online. Sign up to our website security blog and keep learning!