GMAIL General Web Application Security Terms | Security Learner's Blog

Thursday, 20 March 2014

General Web Application Security Terms

Application Security Manager (ASM)

A web application firewall from F5 Networks that integrates with WhiteHat Security Sentinel's vulnerability management service. Sentinel users can update the security policy on a per-vulnerability basis to mitigate the risk of its exploitation while the vulnerability is being addressed in the Web application code.


The process of verifying identity, ownership, and/or authorization.


Malicious code inserted into a program for the purposes of providing the author covert access to machines running the program.

Base 64

A method for encoding binary data into printable ASCII strings. Every byte of output maps to six bits of input (minus possible padding bytes).


When performing Input validation, the set of items that —if matched — result in the input being considered invalid. If no invalid items are found, the result is valid.

IP Address

A unique address assigned to a networked device, including computers, and servers.


Data added to a message that is not part of the message. For example, some block cipher modes require messages to be padded to a length that is evenly divisible by the block length of the cipher — i.e., the number of bytes that the cipher processes at once.


A set of rules employed by a Web application firewall that detect and block attempts to exploit a vulnerability in a Web application. All HTTP requests are assessed for strings that contain vulnerable parameters. Policy rules need to be maintained periodically.

Root User

A user with unlimited access to all operations on a computer.

Read Access

The ability to view the names of files in a directory, but not any other information such as file type, size, and so on.)

Web Application Firewall (WAF)

A device or software module that applies a set of policy rules to incoming traffic to block potential attacks on a Web application. Also known as a WAF.


When performing input validation, the set of items that, if matched, results in the input being accepted as valid. If there is no match to the whitelist, then the input is considered invalid. That is, a whitelist uses a ‘default deny’ policy.

Write Access

The ability to create, delete, change permissions, or rename files.


I am Fida Hussain,a computer student from Pakistan. Right from the day one I was introduced to computers,I had a passion for Hacking and Information security. So,I started this blog in 2012 to share my views and ideas with the world.


Post a Comment


Security Learner's Blog

Designed by Fida Hussain
This content is DMCA Protected.Copying or reproducing of procedure is prohibited.Do Not Copy!!