An API is a set of encapsulated functions and data that are made available to an application. Sometimes called a code library.

The first of 17 logical groupings, or planes, of characters in Unicode. The Basic Multilingual Plane contains most of the characters commonly used today.

A testing method that tests the functionality of a program without reference to the internal workings of the system.

A block of memory that temporarily holds data, such as application variables.

A challenge-response test designed to filter out automated Web site requests. A CAPTCHA typically consists of an image with distorted alphanumeric characters. A human can distinguish the characters without too much difficulty, but to a computer the image would be unrecognizable.

A set of characters enclosed within square brackets.

Someone who breaks into a computer or network with malicious intent.

A semi-open-source license that allows for some retention of copyright. It is administered by Creative Commons, a nonprofit corporation. More information can be had at http://creativecommons.org.

A type of attack whereby the hacker overwhelms system resources with meaningless data in order to make network resources, servers, or applications run slowly or crash altogether. Common implementations of this type of attack involve sending millions of ping requests at a server within a short amount of time or filling a server’s available storage space with junk files so that applications cannot write legitimate files.

A protected network that sits between the Internet and the corporate network.

To strip special meaning from a character, making it a literal representation of itself and nothing else.

In security terms, the number of open ports on a server. Also refers to the number of ways in which a server is vulnerable to attack.

The current official version of an application. The Generally Available Release is production-ready and has usually been through at least two rounds of testing.

Anyone who digs into the guts of a system (whether it’s a server, an application, or the cable box) to see how it works and to improve upon it.

The act of making an application more secure and impervious to attack.

A collection of dynamically allocated variables.

A technique that allows arbitrary data or code to be inserted into a server or application. The most common types of injection attacks are SQL injection and code injection.

A GUI workbench for developing code.

A software- or hardware-based solution that detects and logs inappropriate, incorrect, or anomalous activity.

Optical character recognition. A process that allows computers to convert images of text (such as a scanned page) into editable plain text.

A block of data sent over a network.

An easy-to-remember phrase that is more secure than a password because it is generally longer.

A standard length of time during which passwords are allowed to remain viable. If you require users to change their passwords every six months, you have a six-month password retention policy.

Perl Compatible Regular Expressions library. It is used in numerous programming languages and tools including PHP.

The PHP Extension and Application Repository.

A network troubleshooting utility that sends a single packet to a specified IP address.

A very large number of ping requests sent in a short amount of time, intended to overwhelm the network or server.

A set of operating system interface standards based on UNIX.

See regular expression.

A set of pattern-matching rules encoded in a specific syntax.

A program designed to take full control of a server.

Randomly generated data added to an encryption algorithm to increase its effectiveness.

A security mechanism for safely running programs. It is often used to execute untested code, or untrusted programs from unverified third parties, suppliers, and untrusted users. Also, a development area, commonly a small network or a test machine, where developers can test Web sites and Web site operations safely.

A derogatory term used for an inexperienced malicious hacker who uses programs developed by others to attack computer systems and deface Web sites. It is generally assumed that script kiddies are kids who lack the ability to write sophisticated hacking programs on their own, and that their objective is to try to impress their friends or gain credit in underground hacker communities.

Program code that keeps jumping from one place to another in the program without any apparent organization.

A type of attack whereby the hacker exploits weak validation to execute arbitrary SQL code against the application’s database.

An abstract data type and data structure based on the principle of Last In First Out (LIFO).

Having no information about what occurred previously.

Several of the predefined variables in PHP are available universally, in all scopes, throughout the life cycle of a PHP script. This makes them a step beyond global, or superglobal. The PHP superglobals are:

A 16-bit character set capable of encoding all known characters and used as a worldwide character-encoding standard.

An encoding form of Unicode that supports ASCII for backward compatibility and covers the characters for most languages in the world. See Unicode.

Source code analysis.