© Elena Kichigina/Shutterstock
Note: Page numbers followed by f and t indicate figures and tables, respectively
2G networks, 340
5G service types, 343–344, 343t
5G signaling, 344
6LoWPAN, 354
A
abandoned shopping cart, 322
abuse of functionality, 169
acceptance stage, 239
accepting user input, 141–143, 228–233
access control, 243
access control measures, 217–218
access privilege policies, 254
access security, 341
account lockout policy, 170–171, 171t
actions, 354
active/active forwarding, 345
add-on apps, 203
address change fraud, 212
address spoofing, 134
Advanced Encryption Standard (AES), 95, 242
advanced NTFS settings, 186, 188t
adware, 122
agile software development methodology, 311–315
AIaaS. Artificial Intelligence as a Service
Americans with Disabilities Act Standards for Accessible Design, 299
America OnLine (AOL), 15
Annualized Loss Expectancy (ALE), 104, 104f
Annualized Rate of Occurrence (ARO), 104
anti-automation attacks, 189–190
Anti-Money Laundering (AML), 304
antisocial defense, 51
antivirus software, 221
Apple IIGS, 17
application and coding security, 105
application assessment, 89
application development, 390–392, 390t
application hardening, 185, 262
application layer security, 341
application misconfiguration, 185
application programming interface (API), 204–206
application security, 214
application server, 30
Archie search engine, 16
architecture, 207
artifacts, 313
Artificial Intelligence as a Service (AIaaS), 37
asset control, 46
asset identification, 97
asset protection, 47
“As We May Think”, 14
ATMs. automatic teller machines
attack vector, 49
authentication, 236, 238, 249, 342, 351
authentication failure, 72–73, 151–153
authentication method, 159
authentication policies, 253
authorization, 191
authorization risks, 351
automatic attendants, 367
automatic directory listing, 185
automatic teller machines (ATMs), 51
automobile data collection, 355
average time on site, 139
B
backdoor attacks, 118
Backup as a Service (BaaS), 37
backups and archives, 393
baiting, 50
black hat hackers, 116
blacklisting, 229
blended threat malware, 54
blocking email threats, 366–367
blog sites, 24
bootloader, 121
broadcast range, 342
broken access control, 70, 144–145, 145f
broken links, 321
Brute force, 118
brute force attack, 73, 169–170
buffer overflow, 84, 84f, 171–173
bulletin-board services (BBS), 15
Business Email Compromise (BEC), 366
business-to-business (B2B) modes, 78
business-to-consumer (B2C) modes, 78
Byte Information Exchange (BIX), 15
C
CaaS. Cloud as a Service
California Privacy Rights Act (CPRA), 296
“call-to-action” (CTA), 329, 329f, 329t
CAPTCHA (Completely Automated Public Turing Test to Tell Computers and Humans Apart), 190, 190f
Cardholder Data Environment (CDE), 216
CEO fraud, 366
CERN (Conseil Européen pour la Recherche Nucléaire), 17, 18
change management, 328
Children’s Online Privacy Protection Act (COPPA), 299
client privacy agreement, 126
client/server computing, 18, 30–31
client-side validation, 228–229
closures, 61
Cloud as a Service (CaaS), 38
cloud security posture management (CSPM), 215
cloud service provider (CSP), 35, 35f, 86, 215
cloud workload protection platform (CWPP), 215
code quality risks, 351
code tampering risks, 351
coding errors, 251t–252t
Common Gateway Interface (CGI), 29, 30f, 231–232, 259–261
common vulnerabilities, 83
Common Vulnerabilities and Exposures (CVE), 87, 286
Common Vulnerability Scoring System (CVSS), 286
communication privacy and security, 361
Communications Act, 299
Community Emergency Response Team (CERT) program, 256
compiler warnings, 256
Completely Automated Public Turing Test to Tell Computers and Humans Apart (CAPTCHA), 190, 190f, 304
compliance risk, 56
CompuServe, 15
Computer Fraud and Abuse Act (CFAA), 299
computers and computing, 6–7, 7t
Computer Science Network (CSNET), 11
configuration, 263
configuration errors, 60
consumer-to-business (C2B) modes, 78, 79f
consumer-to-consumer (C2C) modes, 78–79
contact us forms, 143
content adaptation, 373
content delivery network (CDN), 204
content optimization, 28
content spoofing, 173
continuous integration/continuous deployment (CI/CD) pipeline, 153
cookie encryption, 324
cookie management policy, 297–298
cookies on multiple browsers, 323–324
cookies testing, 322–324, 323f, 324f
corporate espionage, 117
corrupt cookies, 323
Counter Terrorist Financing (CTF), 304
cracker, 115
credential/session prediction, 173–174
credential stuffing, 72
credit card information, 170
creeper, 120
cross-site request forgery (CSRF), 160, 174
cross-site scripting (XSS) attack, 160, 174
cryptanalytic software, 146
cryptographic failures, 70–71, 145–146
cryptographic knowledge, 263
cryptography, 145
cryptography risks, 351
crystal, 314
current threat identification, 69–74
customer-focused services, 80
customer support forms, 143
cybercriminals, 49
D
daily scrum, 313
daily tasks for Web developers, 397–398
damaged access control, 87
damaged authentication, 87
DARPA (Defense Advanced Research Projects Agency), 7
data analysis, 354
database access, 219
database administrators, 384–389
database administrator vs. designer, 387–388
database career path, 387f
database management tasks, 388–389
database security, 385
database security training and certification, 389
database vulnerabilities, 386–387
data confidentiality policy, 254–255
Data Encryption Standard (DES), 242
data handling, 301
data in transit security, 341, 361
data tampering, 249
data transfer speeds, 342
data validation, 263
debit cards, 212
decentralized Web, 26
deception, 91
deep web, 396
default/unchanged passwords, 60
defect vulnerabilities, 54
Defense Advanced Research Projects Agency (DARPA), 7
defense against DoS, 377
Defense-in-depth (DiD), 155
delivery, 373
demilitarized zones (DMZ), 219, 219f, 248
denial of service (DoS) attack, 118, 174–175
dependencies, 149
deployment stage, 239
designing stage, 238
Desktop as a Service (DaaS), 38
development environments, 308
development processes, 233–235
development team, 312
dictionaries, 24
Diffie-Hellman, 159
Digital Enhanced Cordless Telecommunications (DECT), 340
Digital Equipment Corporation (DEC), 120
directory indexing, 87, 88f, 185
directory portals, 29
directory traversal, 87
disable cookies, 323
disclosure of confidential data, 254
disruption, 91
distributed DoS attack, 119
DNS attacks, 134
documentation testing, 327–328
document control, 377
Domain Name System (DNS), 10, 132–134, 269
DoS attacks, 134
driver’s license number fraud, 212
dumpster diving, 50
duplication, 258
Dynamic application scanner tools (DAST), 237
dynamic SQL, 259
Dynamic Systems Development Method (DSDM), 314
E
early E-commerce, 79
early internet, 15–17, 15f, 16f
electronic-commerce (e-commerce), 78
Electronic Communications Privacy Act (ECPA), 299, 360
electronic mail (email), 10
Elk Cloner, 120
email blocking, 128
email filters, 366
email links, 321
email notifications, 368
email protocols, 13
email tracking, 128
email vulnerabilities, 365–366
encapsulation, 107
encrypt data transmission, 221
encrypt HTML code, 257
encryption algorithms, 342
encryption protocols, 261
end of life, 237
endpoint device communication, 351–353
end-user vulnerabilities, 124
Energy Sciences Network (ESnet), 11
ENQUIRE system, 17
enumeration, 269
error-band SQLi, 83
error messaging, 262
error tracing, 158
escalated privilege malware, 54
escalate privilege level, 280–281, 282
evasion malware, 54
evil twin, 65
executive sponsor, 316
exploitation, 81
exploit malware, 54
exposure factor (EF), 103
exposures, 60
Extensible HyperText Markup Language—Mobile Profile (XHTML-MP), 327
Extensible Markup Language (XML), 167
external security, 166
extraneous functionality risk, 351
Extreme programming (XP), 314
F
Feature-driven development (FDD), 315
Federal Trade Commission (FTC) Act, 299
file corruptors, 52
File Retrieval and Editing System (FRES), 15
file system permissions, 185–186, 186t
File Transfer Protocol (FTP), 13, 269
filtering systems, 189
financial motivations, 117
fingerprinting attack, 175, 269
firmware, 122
footprinting, 134
Fprint, 175
front-end, 166
FTP (File Transfer Protocol), 10
G
General Data Protection Regulation (GDPR), 56, 213, 295–296
general privacy laws, 294–295, 294t, 295t
general system maintenance, 393
Genie, 15
global positioning system (GPS), 339
Google Analytics tool, 139, 139f, 140f
Gopher system, 16
government-sponsored threat actors, 49
Gramm-Leach-Bliley Act (GLBA), 299
graphic design, 166
grey hat hackers, 116
groupware, 16
H
hardware vulnerabilities, 123
harm, 119
hashing algorithms, 242
hash injection, 118
Health Insurance Portability and Accountability Act (HIPAA), 56, 299
health monitoring, 355
hobbyists, 116
honey trap, 50
host assessment, 89
host-based security mechanisms, 235
HTML/CSS validation testing, 324–325, 325f
HTML secure coding standards and techniques, 257–258
HTTP-only cookies, 63
HTTP request smuggling, 177
HTTP request splitting, 177
HTTP response, 177
HTTP Strict Transport Security (HSTS), 146
HTTrack Website Copier, 277
human vulnerabilities, 45
hybrid brute force attack, 73
hybrid client, 31
hybrid cloud, 36
Hypertext Editing System (HES), 15
Hypertext Markup Language (HTML), 18, 230–231
Hypertext Transfer Protocol (HTTP), 13, 18, 269
Hypertext Transfer Protocol Secure (HTTPS), 240
hypervisor, 34
I
IBM PC/AT, 17
identification failures, 151–153
IEEE 802.11ah, 354
IM mitigation techniques, 371
impact scale, 102
impersonation, 182
implementation stage, 238
imposters, 368
IM threats, 371
in-band SQLi, 83
incident response, 254
ineffective login credential recovery, 73
information security, 209, 210t, 213–215
information security standards, 210–211
Infrastructure as a Service (IaaS), 37
infrastructure security, 214
inherited permissions, 187
initial discovery on targeted website, 269–274
injection attack, 71, 147, 178
input data validity, 322
input handling, 186
input, process, and output model, 6, 6f
input validation, 236, 238, 249–250, 256, 258, 260
insecure design, 147
insider risk, 56
instant messaging (IM) chat, 348, 371
integrity algorithm, 159
intelligent power outlets, 355
Interface Message Processor (IMP), 8
interference band SQLi, 83
internal link, 321
Internet Corporation of Assigned Names and Numbers (ICANN), 131
Internet Engineering Task Force (IETF), 91
Internet Key Exchange (IKE), 159
Internet Message Access Protocol (IMAP), 178
Internet of Things (IoT), 343, 353–355
internet privacy issues, 363
Internet Protocol (IP), 10, 269
Internet Protocol Security (IPSec), 107, 159
internetwork, 9
intrusion detection systems (IDSs), 248
IPO (Input, Process, and Output) model, 6, 6f
IS-IS (Intermediate System to Intermediate System) Protocol, 10
IT managers, 383
J
JavaScript Object Notation (JSON), 167
K
Kernel mode, 122
keylogger, 53
keyword filtering, 128
“Known Exploited Vulnerabilities Catalog” website, 44, 44f
Know Your Business (KYB) verification, 303
Know Your Customer (KYC) verification, 303
L
lawful basis, 300
laws, 208
layered security, 257
layered security strategies, 235–237
Layer 2 Tunneling Protocol (L2TP), 107
LDAP injection, 178
Lean software development (LSD), 315
least privilege, 257
leave/bounce rate, 139
legal disclaimer, 128
legal requirements compliance, 297–298
Li-Fi, 354
Lightweight Directory Access Protocol (LDAP), 178
limited open-source software, 23
line mode browser, 19–20, 19f, 20f
link bonding, 345
link building, 28
links testing, 321
local data, 361
logging and log management, 222–223
logical security, 97
logon credentials, 170
long-term recommendations, 287
luring attacks, 249
M
MAC address filtering, 66
Macintosh II, 17
mail command injection, 178
mail server, 30
malicious code, 170
malware, 52, 85, 119–122, 121t, 366
malware threats, 123
man-in-the-middle (MitM) attack, 118, 250
map APIs, 206
market segmentation, 142
maturing network, 11
mean time to failure (MTTF), 318
mean time to recovery (MTTR), 318
Media Access Control (MAC), 271
memory mode, 122
Merriam-Webster.com, 4
message archiving, 128
message priority, 128
messaging/chat, 352
messaging, social networking sites, 369
Microsoft Internet Information Services (IIS), 277
Microsoft Security Development Lifecycle (Microsoft SDL), 234
missing data, 322
missing/omitted links, 321
mitigate vulnerabilities, 252–256
mitigating risk, web applications, 215
mitigating voicemail risks, 368
mitigating weaknesses, 194
mitigating web application vulnerabilities, best practices, 262–263
mitigating web attacks, 193–194
mitigating website security flaws, 326–327
mitigation strategies, 104
MMS vs. SMS, 373
mobile devices, 327
mobile Email, 348
monitor HTML code, 258
multi-factor authentication (MFA), 151, 152f, 166
Multimedia Messaging Service (MMS), 349, 372
multimedia messaging service encapsulation protocol, 373
multiple points of presence (MPOP), 370
N
NASA Science Internet (NSI), 11
NASA Science Network (NSN), 11
National Aeronautics and Space Administration (NASA), 7
National Institute for Science and Technology (NIST), 91, 98
National Institute of Systems Technology (NIST), 36
National Vulnerability Database (NVD), 165
native application, 203
natural vulnerability, 48
NCSA Mosaic browser, 20
Nessus vulnerability, 273–274, 273f
network, 354
network administration tasks, 393
network administration training and certification, 394
network administrators, 383
network architecture, 175
Network as a Service (NaaS), 38
network assessment, 89
network blueprints, 219
network homogeneity, 54
network security features, 345–346
network shares, 122
Next Generation Mobile Networks (NGMN), 342
nexus, 17
The Nines, 94
NIST SP 800-160 Vol. 1, 234
Nmap/Network mapper, 271–272, 272f
no backup plan, 47
no contact, 126
noninteractive sites, 23
nonsecure code, 250–252, 251–252t
norms, 208
O
observer, 316
official app stores, 202
online privacy and security, 362–363
online risks and threats, 129
online surveys, 143
“oN-Line System”, 14
open doors, 54
Open Mobile Alliance (OMA), 327
Open Systems Interconnection (OSI) Reference Model, 10
Open Web Application Security Project (OWASP), 69, 69f, 143, 165
operating system fingerprint, 272
operational compliance, 299–301
organizational agendas, 117
OS commanding, 180
outbound link, 321
out-of-the-box (OOB), 147
output handling, 188
Over-the-Top (OTT), 365
OWASP Application Security Verification Standard (ASVS), 235
OWASP top 10 mobile risks, 350–351
OWASP top 10 threats, 143–157, 156–157t
ownership, 48
P
packet switching, 8
page layout, 166
password attacks, 118
password based key derivation function (PBKDF), 146
password recovery, 191
passwords, 220
path traversal attack, 180
Payment Card Industry Data Security Standard (PCI DSS), 56, 210–212, 216–218, 217t, 301–302
payment processing compliance, 301–303
Payment Services Directive (PSD2), 302
peer-to-peer (P2P) sharing networks, 122
persistent cookies, 62, 63, 323
personal agenda, 117
personal attacks, 124
personal computers (PCs), 17
personally identifiable information (PII), 45
pervasive computing, 26
phase II SA negotiation, 159
phase I SA negotiation, 159
phishing, 366
phishing attack, 50
physical intrusion, 65
physical security, 97, 261, 353, 376
physical security vulnerabilities, 124
Platform as a Service (PaaS), 37
Point-to-Point Tunneling Protocol (PPTP), 107
polymorphic viruses, 53
potentially unwanted programs (PUPs), 119
predictable resource location, 181
presence and availability, 369–371
pretexting, 50
Printf, 175
privacy policy, 297
Private Branch Exchange (PBX), 376
private cloud, 36
private data, 361
private data privacy, 59
process validation, 191
product backlog, 313
product life cycles, 148
product owner, 312
programming training and certification, 392
progressive web applications (PWA), 204
project manager/facilitator, 316
protect stored PII data, 220–221
protocol, 11
proxy server, 31
public cloud, 36
public data, 361
Q
qualitative analysis, 101
qualitative assessment, 101–103, 102t, 103t
quality assurance techniques, 257
quantitative analysis, 101
R
radio access technology (RAT), 342
radio frequency identification (RFID), 354
ransomware, 52, 54–55, 94–95, 122, 366
Rapid application development (RAD), 315
Read-Only Web, 22
real-time communication, 364–365
Real-time Transport Control Protocol (RTCP), 378
Real-time Transport Protocol (RTP), 378
recommendations section, 286–287
recorder, 316
records of consent, 298
recovery time objective (RTO), 318
redirection, 85
references, 24
releasing website to world, 328–332
remote code execution (RCE), 88
remote file inclusion (RFI), 88, 181
remote management, 377
remote management capabilities, 376
REpresentational State Transfer (REST), 167
request, 18
Request for Comments (RFC), 229–230
resource theft, 117
response, 18
restrict physical access, 222
return policy, 126
reverse brute force attack, 73
reverse engineering risk, 351
revision-level tracking, 261
risk assessment, 56–57, 101, 223
risk assessment matrix (RAM), 101–103, 102t, 103t
risks, 114
S
same-site cookies, 63
sanctions screening, 304
Sandbox security, 259
sanitization, 187
Sarbanes-Oxley Act (SOX), 56
scrum master, 312
search engine optimization (SEO), 27–28, 324, 325f
secure access, 107
secure application development, 234–235
secure coding best practices, 256–257
secure coding standard, 257
secure cookies, 63
Secure Sockets Layer (SSL), 146, 241–243, 241f, 260
secure software development life cycle (SSDLC), 234
securing unified communications, 377
security assessment, 268–269, 274–279, 286, 288–289
security assessment report, 283–287
security association (SA), 159
security audits, 148
security configuration, 86, 341
security information review, 394–395
security logging and failures, 154–155, 154f
security logging and monitoring, 74
security measures, 300
security misconfigurations, 147–149
security requirements within SDLC, 237–239
security settings misconfiguration, 88
security threats, 91–92, 385–386
security, Web developers, 396
Semantic Web, 24
sensors, 354
server misconfiguration, 192–193
server-side include (SSI) injection, 29, 179
server-side rendering (SSR), 204, 205f
Server-Side Request Forgery (SSRF), 155
server-side validation, 229
service delivery models, 37–38
service deployment models, 36–37
service-level agreement (SLA), 94, 130
session fixation attack, 182–183, 183f
session hijacking, 250
Session Initiation Protocol (SIP), 377
session management, 249–250, 378
session replay, 250
session setup, 378
Short Message Service (SMS), 339, 348, 372
short-term recommendations, 287
shoulder surfing, 51
signup forms, 143
simple brute force attack, 73
Simple Mail Transfer Protocol (SMTP), 178, 269
Simple Network Management Protocol (SNMP), 275
Simple Object Access Protocol (SOAP), 167, 183
Single Loss Expectancy (SLE), 103
single page application (SPA), 204
SIP best practices, 379
SIP features and essentials, 377–378
SIP user agents (UA), 378–379, 378f, 379f
site usage, 139
SMS/Text Messaging, 348–349, 349f, 352
SMS threats, 372
SOAP array abuse, 183
social computing, 26
social engineering, 49–51, 365
social media APIs, 206
social networking, 24
software and data integrity failures, 153–154
Software as a Service (SaaS), 37, 198
Software Assurance Maturity Model (SAMM), 235
software configuration management (SCM), 261
Software-defined networking (SDN), 345
software development life cycle (SDLC), 233–234, 233f
software development methodologies, 308–309
software updates and fixes, 393
software vulnerabilities, 123
Space Physics Analysis Network (SPAN), 11
spam, 366
spear phishing, 366
sponsored/cyberwarfare motivations, 117
sponsored hackers, 116
spoofing, 365
sprint, 313
sprint backlog, 313
sprint demo, 313
Sprintf, 175
sprint planning, 313
SQL database access secure coding, 259–261
SQL Database Back-End, 232–233
SQL injection (SQLi), 83–84, 179, 282–283
standard sets of values, 322, 322f
state data privacy and protection laws, 56
state-sponsored threat actors, 49
static application scanning tools (SAST), 236
static site generation (SSG), 204
static website content, 23
static Web sites, 22
store-and-forward communication, 363–364
STRIDE threat model, 92–93, 92t, 93t
Strong Customer Authentication (SCA), 302
structured query language (SQL), 281–283
summary of findings, 285
suspicious domain name, 125, 125f
symbiotic computing, 26
System Development Life Cycle (SDLC), 309–311, 310f
system failures, 393
system hardening, 262
T
tablets, 339
tax compliance, 303
technical advisor, 316
technological security of devices, 352
telephone and private branch exchange communications, 376–379
telephone number fraud, 212
Telnet (Teletype network), 10
termination, 18
terms and conditions, 298
testing stage, 239
test inside and out, 288
theft, 363
thick client, 31
thin client, 31
think outside the box, 288–289
third-party APIs, 206
third-party cookies, 64
third-party risk, 56
thread, 354
threat action, 90
threat agent, 90
threat assessment, 238
threat consequence, 90
threat mitigation, 238
threats, 43, 43f, 48–55, 90, 97, 114, 160, 365–376
Third Generation Partnership Project (3GPP), 342
top-level domain (TLD), 132, 133f, 133t
tracking, 363
Transmission Control Protocol (TCP), 10, 271
Transmission Control Protocol/Internet Protocol (TCP/IP), 11–13
Transport Layer Protection, 192
Transport Layer Security (TLS), 192, 241, 260
triple DES (3DES), 242
Trojan horse, 53
trojans, 121
trust icons and logos, 126
turing tests, 304
The Twillo API, 206
U
ubiquitous computing, 26
ultra-low emission (ULE), 354
unauthorized disclosure, 91
unauthorized file sharing, 66
unencrypted data-at-rest, 387
unencrypted data-in-transit, 387
Unified Communications as a Service (UaaS), 38
Uniform Resource Identifier (URI), 206
unintended download, 54
union-band SQLi, 83
Universal Document Identifier (UDI), 18
UNIX/Linux, 270
unofficial app stores, 203
unpatched database systems, 386
unsanitized inputs, 386
unsecure communications, 158–159
unsecure indexing, 189
unsolicited email, 366
unused database elements, 386
update and patch systems, 222
URL redirector abuses, 180
U.S. Computer Emergency Readiness Team (US-CERT), 165
user agent client (UAC), 378
user agent server (UAS), 378
user and group privileges, 386
user availability, 378
user capabilities, 378
User Datagram Protocol (UDP), 13
user experience (UX), 320
user-generated encyclopedias, 24
user location, 378
user mode, 122
user stories, 313
U.S. Federal Bureau of Investigation’s (FBI), 82
U.S. Federal Trade Commission (FTC), 368
usurpation, 91
V
validate URLs, 258
velocity, 313
verify vulnerabilities, 326
Veronica search engine, 16
Video-conferencing as a Service (VaaS), 38
Video Privacy Protection Act, 299
virtualization, 31–34, 32f, 33f
virtual machine manager (VMM), 33
virtual machines, 34
virtual memory, 32
virtual private network (VPN), 107
virtual server, 31
visitor location, 138
visitor navigation, 139
visitor sources, 138
visitors overview, 139
visitor type, 138
visits, 139
VMware Virtual Platform, 32
voice, 352
voicemail threats, 367
VoIP communications, 375
VoIP implementation, 376
VoIP planning, 375
vulnerability, 43–46, 43f, 81–83, 89–90, 96–97, 123–129, 160, 164–165, 274–279, 279–281, 281–283, 326, 350–351, 365–366, 386–387
vulnerability assessment, 89–90, 285–286
vulnerability management, 217, 236
vulnerability preparation, 283–287
vulnerability scans, 223
W
WAN optimization, 345
waterfall model, 233–234, 233f, 309–311
watering hole attack, 51
weak passwords, 46
weak security design, 71
Web app architecture, 204
Web application, 164–167, 198–206, 199f, 203, 243–244, 244t
Web application benefits, 201
Web application disadvantages, 201–202
Web application function, 199–201, 200f, 201f
web application security areas, 165–167
Web Application Security Consortium (WASC), 165
Web application vulnerabilities, 164–165, 248–252
Web-based Real-Time Communications (WebRTC), 364
Web crawling, 332
Web design and administration, 395–399
Web developer, 395
Web developers training and certification, 398–399
Web-enabled application, 86–89
web hosting, 129
webmaster, 395
web risks, 160
web server, 31
Web server application, 274, 276
web server front-end, 274
web server version, 175
Web Services Description Language (WSDL), 167
Website designer, 395
Website diagnostics, 329–330, 330f
Website feedback forms, 143
Website launch, 329
Website legal requirements, 296–297, 297f
Website vulnerability, 268–269, 288–289
white hat hackers, 116
whitelist approach, 187
whitelisting, 229
Whois (Private or Public), 131–132
Wi-Fi Protected Access (WPA), 67
Windows, 270
Wired Equivalency Protection (WEP), 66
Wireless Access Protocol (WAP), 327
wireless endpoint communication, 346–350
wireless network vulnerabilities, 65–68
wireless risks, 66
Worldwide Interoperability for Microwave Access (WiMAX), 340
World Wide Web (WWW), 17–22, 22–30
WPA, version 2 (WPA2), 67
WPA, version 3 (WPA3), 67
X
Xanadu, 14
XML entity expansion, 184
XML external entities, 184
XML injection, 184
XML Path (XPath) language, 179
XPath injection attacks, 179
XQuery injection, 180
Z
zero-day malware, 54
ZigBee, 354
Z-Wave, 354
18.223.195.97