10.1. Security Terms

The IT security industry uses words such as hardening or locking down to describe the process of making a server secure to vulnerabilities. As with the entire IT industry as a whole, there can be many terms created to refer to the same process, and learning jargon can be confusing. Projects such as the Open Web Application Security Project (OWASP) publish large comprehensive glossaries containing all the security terminology: http://www.owasp.org/index.php/Category:Glossary. The terms listed here will assist you with understanding certain sections of this chapter.

10.1.1. Black Hat Hacker

A black hat hacker is a malicious hacker who obtains unauthorized access to computer systems. The term is a reference to the black hat that villains/bad guys wear in classic western movies.

10.1.2. White Hat Hacker

A white hat hacker is a security expert who performs security testing on applications. A white hat hacker is an ethical hacker, who only uses their knowledge for good. The term is a reference to the white hat that hero/good guys would wear in classic western movies.

10.1.3. Cookie Poisoning/Cookie Manipulation

Cookie poisoning is the modification of a cookie, stored on the client computer by an attacker. Many attackers use cookie poisoning to gain unauthorized information about the user to fraudulently authenticate themselves to a web application. Many attackers will use a cross-site scripting exploit in the web application to enable cookies.

10.1.4. Session Hi-Jacking

Session hi-jacking is the result of a user's session to a web application being compromised by an attacker. It's common that when a session is hi-jacked by an attacker, the attacker will impersonate that user fraudulently and gain access to personal information from that user.

10.1.5. Brute Force Attacks

A brute force attack is a method of breaking a cryptographic schema by systematically trying a large number of possibilities. For example, a brute force attack for breaking a four-digit ATM Pin number would start with 1111 and then try 1112. As computing power becomes faster and cheaper, brute force attacks will be completed much faster.

10.1.6. Dictionary Attacks

A dictionary attack is a method of breaking a cryptographic schema by using common data words, phrases, and dates stored in a file or database. As computing power becomes faster and storage cheaper, larger dictionary files will be able to be created and processed, making these types of attacks faster to complete.

10.1.7. Rainbow Tables

A rainbow table is a list of data, normally passwords, which have been hashed. The purpose of these tables is to use them to look up the hash value of a known password. In many situations, after the hash of a known password is found, then other passwords can be broken.

10.1.8. Attacking the Mechanism

Attacking the mechanism refers to attacks that are made to the authentication system of the web application. These types of attacks include attacks that look for ways to "bypass" the authentication system, or find exploits within the authentication system.

10.1.9. Attacking the Data

Attacking the data refers to attacks on data that have been discovered by sniffing a network or some other means of gaining access to data. This means you have gained authentication data, such as a password hash, and you are trying to run an attack on that data.

10.1.10. Denial of Service Attack (DoS)

A Denial of Service Attack (DoS) or Distributed Denial of Service Attack (DDoS) is an attack that makes a resource unavailable to a user. DoS attacks can manifest in many different ways. Creating a flood of HTTP traffic to a web application is a DoS attack that would affect most users of the web applications, where finding an exploit that resets a user's password automatically would be a DoS that affects a single user.

10.1.11. Spoofing

Spoofing is a type of attack in which a person, program, or data is masqueraded as another. It's common to hear of users and IP addresses being spoofed. Another type of data that has been spoofed in recent years is caller identification information.

10.1.12. Penetration Testing

Penetration testing is a type of security testing that involves simulating an attack using malicious methods. The purpose of a penetration test is to find vulnerabilities in the web application stack. Penetration testing will test for vulnerabilities in not only the web application itself, but with the host operating system, web server, and even in some cases the personnel that manage the web application.

Vulnerabilities that are found during the penetration test will be presented to the client along with an assessment of the impact of the vulnerabilities found. Often the security expert performing the penetration test will help resolve the issues found during the test.

10.1.13. Man in the Middle Attack (MITM)

A man in the middle attack is where an attacker intercepts the communication between two systems and manipulates the data before sending it to the original intended target. Network sniffing tools such as Ettercap or proxy tools such as Fiddler can be used for simulating MITM attacks.