Open Vulnerability and Assessment Language (OVAL) is an international, information security, community standard to promote open and publicly available security content, and to standardize the transfer of this information across the entire spectrum of security tools and services. OVAL includes a language used to encode system details, and an assortment of content repositories held throughout the community. The language standardizes the three main steps of the assessment process: representing configuration information of systems for testing; analyzing the system for the presence of the specified machine state (vulnerability, configuration, patch state, etc.); and reporting the results of this assessment. The repositories are collections of publicly available and open content that utilize the language. Open Vulnerability and Assessment Language - Wikipedia, the free encyclopedia.
In computer security, a demilitarized zone (DMZ), based on military usage of the term but more appropriately known as a demarcation zone or perimeter network, is a physical or logical subnetwork that contains and exposes an organization's external services to a larger, untrusted network, usually the Internet. The purpose of a DMZ is to add an additional layer of security to an organization's Local Area Network (LAN); an external attacker only has access to equipment in the DMZ, rather than the whole of the network. Demilitarized zone (computing) - Wikipedia, the free encyclopedia.
A computer virus is a computer program that can copy itself and infect a computer without permission or knowledge of the user
Domain kiting is the process of deleting a domain name during the five-day grace period and immediately re-registering it for another five-day period. This process is repeated any number of times with the end result of having the domain registered without ever actually paying for it. Google has recently said that their AdSense program will now look for domain names that are repeatedly registered and dropped. They say they will drop these domains (but they don't mention banning the users) from the AdSense program. [1]
In cryptography, the man-in-the-middle attack or bucket-brigade attack (often abbreviated MITM), sometimes Janus attack, is a form of active eavesdropping in which the attacker makes independent connections with the victims and relays messages between them, making them believe that they are talking directly to each other over a private connection when in fact the entire conversation is controlled by the attacker. The attacker must be able to intercept all messages going between the two victims and inject new ones, which is straightforward in many circumstances (for example, the owner of a public wireless access point can in principle conduct MITM attacks on the users). A man-in-the-middle attack can only be successful when the attacker can impersonate each endpoint to the satisfaction of the other. Most cryptographic protocols include some form of endpoint authentication specifically to prevent MITM attacks. For example, SSL authenticates the server using a mutually trusted certification authority. Man-in-the-middle attack - Wikipedia, the free encyclopedia.
A host-based intrusion detection system (HIDS) is an intrusion detection system that monitors and analyses the internals of a computing system rather than on its external interfaces (as a network-based intrusion detection system (NIDS) would do).
Host-based intrusion detection system - Wikipedia, the free encyclopedia.
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. Examples of such code include HTML code and client-side scripts. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. Vulnerabilities of this kind have been exploited to craft powerful phishing attacks and browser exploits. As of 2007, cross-site scripting carried out on websites were roughly 80% of all documented security vulnerabilities.[1] Often during an attack "everything looks fine" to the end-user[2] who may be subject to unauthorized access, theft of sensitive data, and financial loss.[3]
A logic bomb is a piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met. For example, a programmer may hide a piece of code that starts deleting files (such as the salary database), should they ever leave the company.
Botnet is a jargon term for a collection of software robots, or bots, that run autonomously and automatically. The term is often associated with malicious software but it can also refer to the network of computers using distributed computing software.
Privilege escalation is the act of exploiting a bug or design fault in a software application to gain access to resources which normally would have been protected from an application or user. The result is that the application performs actions with more privileges than intended by the application developer or system administrator.
Un producto que me ha satisfecho
Recent Comments