Active Man-In-The-Middle

Active man-in-the-middle (MitM) is an attack method that allows an intruder to access sensitive information by intercepting and altering communications between the user of a public network and any requested website. Avoiding logging in to sensitive sites from public locations can protect the user from conventional man-in-the-middle attacks. However, in an active MitM attack, the perpetrator manipulates communications in such a way that they can steal information for sites accessed at other times. The attacker can then use that information for identity theft or other types of fraud.

Application Security

Application security is the use of software, hardware, and procedural methods to protect applications from external threats. Security measures built into applications and a sound application security routine minimize the likelihood that hackers will be able to manipulate applications and access, steal, modify, or delete sensitive data. Once an afterthought in software design, security is becoming an increasingly important concern during development as applications become more frequently accessible over networks and are, as a result, vulnerable to a wide variety of threats

Bot Worms

Bot worms are scripted with the intent to transform infected computers into zombies (bots). It then infects other computers to establish an army often referred to as a botnet or robot network. Botnet is essentially a vehicle for distributing spam, viruses, Trojans and other types of malware. While bot worms were initially known for exploiting vulnerabilities in the Windows operating systems, these attacks have recently targeted other platforms. Bot worms have also been known to attack certain applications, including anti-virus software.

CGI Scanner

Common Gateway Interface (CGI) Scanner is an Automated security program that searches for well-known vulnerabilities in web servers and off-the-shelf web application software. Often CGI Scanners are not very stateful in their analysis and only test a series HTTP requests against known CGI strings.

Clipboard Hijacking

Clipboard hijacking is an exploit in which the attacker gains control of the victim's clipboard and replaces its contents with their own data, such as a link to a malicious Web site. The attack makes it impossible for users to copy anything else to the clipboard until they either close the browser or reboot the machine. Aside from the nuisance factor, the danger is that a user might inadvertently paste the inserted content into their browser or into online content, exposing themselves or others to malicious code.


Conficker, also known as Downup, Downadup and Kido, is a computer worm targeting the Microsoft Windows operating system that was first detected in November 2008. It uses flaws in Windows software and Dictionary attacks on administrator passwords to co-opt machines and link them into a virtual computer that can be commanded remotely by its authors. Conficker has since spread rapidly into what is now believed to be the largest computer worm infection since the 2003 SQL Slammer, with more than seven million government, business and home computers in over 200 countries now under its control.

Cross-Site Request Forgery

Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF ("sea-surf") or XSRF, is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts. Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user's browser.

Data Masking

Data masking is the process of data obfuscation, data de-identification, data depersonalization, data scrubbing, data scrambling. The purpose is to protect the actual data while having a functional substitute for occasions when the real data is not required. It ensures that sensitive data is replaced with realistic but not real data and that the protection of sensitive information from a multitude of threats posed both outside and inside the organization’s perimeter. The goal is that sensitive customer information is not available outside of the authorized environment.

Encryption Key Management

Encryption key management is the administration of tasks involved with protecting, storing, backing up and organizing encryption keys. High-profile data losses and regulatory compliance requirements have spurred a dramatic increase in the use of encryption in the enterprise. The problem is that a single enterprise might use several dozen different and possibly incompatible encryption tools, resulting in thousands of encryption keys -- each of which must be securely stored, adequately protected and reliably retrievable.

Application Firewall

Application firewall is a form of firewall which controls input, output, and/or access from, to, or by an application or service. It operates by monitoring and potentially blocking the input, output, or system service calls which do not meet the configured policy of the firewall. The application firewall is typically built to monitor one or more specific applications or services (such as a web or database service), unlike a stateful network firewall which can provide some access controls for nearly any kind of network traffic. There are two primary categories of application firewalls, network-based application firewalls and host-based application firewalls.


BitLocker is a full disk encryption feature included with the Ultimate and Enterprise editions of Microsoft's Windows Vista and Windows 7 desktop operating systems, as well as the Windows Server 2008 and Windows Server 2008 R2 server platforms. It is designed to protect data by providing encryption for entire volumes. By default it uses the AES encryption algorithm in CBC mode with a 128 bit key, combined with the Elephant diffuser for additional disk encryption specific security not provided by AES.

Bug Convergence

Bug convergence is a milestone in the stabilizing phase of a project life cycle. It is a point at which the new bug rate (found during an application testing) drops below the bug resolution rate. At this point, the rate of bugs resolved exceeds the rate of new bugs found during application testing. Therefore, the actual number of active bugs decreases as the number of bugs resolved increases. After bug convergence, it is important that the number of bugs decreases until zero bug bounce (another milestone).


Clickjacking (also known as user-interface or UI redressing and IFRAME overlay) is a malicious technique of tricking Web users into revealing confidential information or taking control of their computer while clicking on seemingly innocuous Web pages. A vulnerability across a variety of browsers and platforms, a clickjacking takes the form of embedded code or script that can execute without the user's knowledge, such as clicking on a button that appears to perform another function.

Common Weakness Enumeration

Common Weakness Enumeration (CWE) is a universal online dictionary of weaknesses that have been found in computer software. The dictionary is maintained by the MITRE Corporation and can be accessed free on a worldwide basis. The purpose of CWE is to facilitate the effective use of tools that can identify, find and resolve bugs, vulnerabilities and exposures in computer software before the programs are publicly distributed or sold.

Content Spoofing

Content spoofing is a type of exploit used by a malicious hackers to present a faked or modified Web site to the user as if it were legitimate. The intent is, typically, to defraud victims (as in phishing) although sometimes the purpose is simply to misrepresent an organization or an individual. Content spoofing often exploits an established trust relationship between a computer user and an organization.

Cross-Site Tracing

Cross-site tracing (XST) is a network security vulnerability exploiting the HTTP TRACE method. XST scripts exploit ActiveX, Flash, Java or any other controls that allow executing an HTTP TRACE request. The HTTP TRACE response includes all the HTTP headers including authentication data and HTTP cookie contents, which are then available to the script. In combination with cross domain access flaws in web browsers, the exploit is able to collect the cached credentials of any web site, including those utilizing SSL.


Eavesdropping is a term used to describe the process of listening, monitoring, and/or examining someone without their permission and/or knowledge. It also means to listen secretly to the private conversation of others. For example, a user could eavesdrop on someone's e-mail or chat conversation.

FFIEC Compliance

Federal Financial Institutions Examination Council (FFIEC) Compliance is conformance to a set of standards for online banking issued in October 2005 by the Federal Financial Institutions Examination Council (FFIEC). The standards require multifactor authentication (MFA) because single-factor authentication (SFA) has proven inadequate against the tactics of increasingly sophisticated hackers, particularly on the Internet. In MFA, more than one form of authentication is implemented to verify the legitimacy of a transaction. In contrast, SFA involves only a user ID and password.