A+

A-Plus (A+) is the name of a process, developed by the Computing Technology Industry Association (CompTIA), a large trade group, that certifies individuals for knowledge about and competency in installing, maintaining, customizing, and operating personal computers. The examination is in two parts, the first covering computer hardware and software in general and the second covering a specific operating system, such as Windows 98. The exam is administered by Drake Parametric and there is a fee. A number of companies provide in-house or self-taught preparation for the exam.

AAAA Resource Record

AAAA resource record is a record that stores a single IPv6 address. It's called four "a"s because IPv6 128-bit addresses are four times as large as IPv4's 32-bit addresses. AAAA record empowers you to redirect hostnames to an IP address of your host's if your network uses IPv6.

Airborne Internet

Airborne Internet n. is a proposed network in which all nodes would be located in aircraft. The network is intended for use in aviation communications, navigation, and surveillance (CNS) and would also be useful to businesses, private Internet users, and government agencies, especially the military. In time of war, for example, an airborne network might enable military planes to operate without the need for a communications infrastructure on the ground. Such a network could also allow civilian planes to continually monitor each other's positions and flight paths.

Application Security

Application security is the use of software, hardware, and procedural methods to protect applications from external threats. Security measures built into applications and a sound application security routine minimize the likelihood that hackers will be able to manipulate applications and access, steal, modify, or delete sensitive data. Once an afterthought in software design, security is becoming an increasingly important concern during development as applications become more frequently accessible over networks and are, as a result, vulnerable to a wide variety of threats

Bot Worms

Bot worms are scripted with the intent to transform infected computers into zombies (bots). It then infects other computers to establish an army often referred to as a botnet or robot network. Botnet is essentially a vehicle for distributing spam, viruses, Trojans and other types of malware. While bot worms were initially known for exploiting vulnerabilities in the Windows operating systems, these attacks have recently targeted other platforms. Bot worms have also been known to attack certain applications, including anti-virus software.

CGI Scanner

Common Gateway Interface (CGI) Scanner is an Automated security program that searches for well-known vulnerabilities in web servers and off-the-shelf web application software. Often CGI Scanners are not very stateful in their analysis and only test a series HTTP requests against known CGI strings.

Clipboard Hijacking

Clipboard hijacking is an exploit in which the attacker gains control of the victim's clipboard and replaces its contents with their own data, such as a link to a malicious Web site. The attack makes it impossible for users to copy anything else to the clipboard until they either close the browser or reboot the machine. Aside from the nuisance factor, the danger is that a user might inadvertently paste the inserted content into their browser or into online content, exposing themselves or others to malicious code.

Conficker

Conficker, also known as Downup, Downadup and Kido, is a computer worm targeting the Microsoft Windows operating system that was first detected in November 2008. It uses flaws in Windows software and Dictionary attacks on administrator passwords to co-opt machines and link them into a virtual computer that can be commanded remotely by its authors. Conficker has since spread rapidly into what is now believed to be the largest computer worm infection since the 2003 SQL Slammer, with more than seven million government, business and home computers in over 200 countries now under its control.

Cracker

Cracker n. One who breaks security on a system. Coined by hackers in defense against journalistic misuse of the term "hacker." The term "cracker" reflects a strong revulsion at the theft and vandalism perpetrated by cracking rings. There is far less overlap between hackerdom and crackerdom than most would suspect.

AAA

Authentication, authorization, and accounting (AAA) is a term for a framework for intelligently controlling access to computer resources, enforcing policies, auditing usage, and providing the information necessary to bill for services. These combined processes are considered important for effective network management and security.

Active Man-In-The-Middle

Active man-in-the-middle (MitM) is an attack method that allows an intruder to access sensitive information by intercepting and altering communications between the user of a public network and any requested website. Avoiding logging in to sensitive sites from public locations can protect the user from conventional man-in-the-middle attacks. However, in an active MitM attack, the perpetrator manipulates communications in such a way that they can steal information for sites accessed at other times. The attacker can then use that information for identity theft or other types of fraud.

Application Firewall

Application firewall is a form of firewall which controls input, output, and/or access from, to, or by an application or service. It operates by monitoring and potentially blocking the input, output, or system service calls which do not meet the configured policy of the firewall. The application firewall is typically built to monitor one or more specific applications or services (such as a web or database service), unlike a stateful network firewall which can provide some access controls for nearly any kind of network traffic. There are two primary categories of application firewalls, network-based application firewalls and host-based application firewalls.

BitLocker

BitLocker is a full disk encryption feature included with the Ultimate and Enterprise editions of Microsoft's Windows Vista and Windows 7 desktop operating systems, as well as the Windows Server 2008 and Windows Server 2008 R2 server platforms. It is designed to protect data by providing encryption for entire volumes. By default it uses the AES encryption algorithm in CBC mode with a 128 bit key, combined with the Elephant diffuser for additional disk encryption specific security not provided by AES.

Bug Convergence

Bug convergence is a milestone in the stabilizing phase of a project life cycle. It is a point at which the new bug rate (found during an application testing) drops below the bug resolution rate. At this point, the rate of bugs resolved exceeds the rate of new bugs found during application testing. Therefore, the actual number of active bugs decreases as the number of bugs resolved increases. After bug convergence, it is important that the number of bugs decreases until zero bug bounce (another milestone).

Clickjacking

Clickjacking (also known as user-interface or UI redressing and IFRAME overlay) is a malicious technique of tricking Web users into revealing confidential information or taking control of their computer while clicking on seemingly innocuous Web pages. A vulnerability across a variety of browsers and platforms, a clickjacking takes the form of embedded code or script that can execute without the user's knowledge, such as clicking on a button that appears to perform another function.

Common Weakness Enumeration

Common Weakness Enumeration (CWE) is a universal online dictionary of weaknesses that have been found in computer software. The dictionary is maintained by the MITRE Corporation and can be accessed free on a worldwide basis. The purpose of CWE is to facilitate the effective use of tools that can identify, find and resolve bugs, vulnerabilities and exposures in computer software before the programs are publicly distributed or sold.

Content Spoofing

Content spoofing is a type of exploit used by a malicious hackers to present a faked or modified Web site to the user as if it were legitimate. The intent is, typically, to defraud victims (as in phishing) although sometimes the purpose is simply to misrepresent an organization or an individual. Content spoofing often exploits an established trust relationship between a computer user and an organization.

Cross-Site Request Forgery

Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF ("sea-surf") or XSRF, is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts. Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user's browser.