policy evaluation and production identification

Cybersecurity Terminology C-D

Here are some Key Terms. Please give an examples of each.

Key Terms

Cache — Storing the response to a particular operation in temporary high-speed storage is to serve other incoming requests better. eg. you can store a database request in a cache till it is updated to reduce calling the database again for the same query.

Cipher — Cryptographic algorithm for encrypting and decrypting data.

Code Injection — Injecting malicious code into a system by exploiting a bug or vulnerability.

Cross-Site Scripting — Executing a script on the client-side through a legitimate website. This can be prevented if the website sanitizes user input.

Compliance — A set of rules defined by the government or other authorities on how to protect your customer’s data. Common ones include HIPAA, PCI-DSS, and FISMA.

Dictionary Attack — Attacking a system with a pre-defined list of usernames and passwords. eg. admin/admin is a common username/password combination used by amateur sysadmins.

Dumpster Diving — Looking into a company’s trash cans for useful information.

Denial of Service & Distributed Denial of Service — Exhausting a server’s resources by sending too many requests is Denial of Service. If a botnet is used to do the same, its called Distributed Denial of Service.

DevSecOps — Combination of development and operations by considering security as a key ingredient from the initial system design.

Directory Traversal — Vulnerability that lets attackers list al the files and folders within a server. This can include system configuration and password files.

Domain Name System (DNS) — Helps convert domain names into server IP addresses. eg. Google.com -> 216.58.200.142

DNS Spoofing — Trikcnig a system’s DNS to point to a malicious server. eg. when you enter ‘facebook.com’, you might be redirected to the attacker’s website that looks like Facebook.