SWE210 Software Security Week 5

These flashcards cover essential vocabulary related to software security, focusing on terms and concepts relevant to web vulnerabilities, architectures, and prevention measures.

Static Website Architecture

A type of web design where all pages are pre-created and served to users without dynamic content.

Dynamic Website Architecture

A web design that generates pages dynamically based on user input and interactions with a database.

Same-Origin Policy (SOP)

A security rule in web browsers that prevents websites from accessing data from different origins.

Cross-Origin

When any one of the three components (protocol, domain, port) differs from the original origin.

Script Injection

A security vulnerability that occurs when an attacker injects malicious code or scripts into a web application.

Cross-site Scripting (XSS)

A type of script injection attack that allows attackers to execute malicious JavaScript in another user's browser.

Reflected XSS

A non-persistent XSS attack where the malicious script originates from the current HTTP request.

Stored XSS

A persistent XSS attack where the malicious script is stored in the website's database and served to other users.

DOM-based XSS

A type of XSS attack where the vulnerability is exploited through manipulation of the Document Object Model on the client side.

WAF (Web Application Firewall)

A security tool that uses signature-based filtering to automatically block malicious attempts.

Input Validation

The process of ensuring that user input matches expected formats before processing.

Whitelisting

A security approach that only allows specific characters and patterns in user input.

Content Security Policy (CSP)

A security policy that restricts the sources from which scripts can be executed.

Malicious Script

Code injected by an attacker with the intent of causing harm or unauthorized actions.

HTTP Request

A message sent by a client to a server to initiate some action or request information.

HTTP Response

A message from a server back to a client, containing the requested information or acknowledgment of an action.

URL Encoding

A method to encode information in a Uniform Resource Locator (URL) for transmission.

Cookies

Data sent to and from an HTTP header that stores user-specific information to enhance the browsing experience.

Data Application

An application that processes data and provides services over the web.

Attack Vector

The method used by an attacker to gain unauthorized access to a system.

Session Cookie

A cookie that stores session-specific data and expires when the session ends.

Cross-Site Request Forgery (CSRF)

A type of security vulnerability that occurs when an attacker tricks a user's browser into executing unauthorized actions.

CSRF Token

A unique token generated for each user session, used to validate the authenticity of incoming requests.

Referrer Policy

A setting that controls how much referrer information is shared when navigating from one site to another.

Malicious Code

Code designed to disrupt, damage, or gain unauthorized access to computer systems.

Attacker

A malicious individual who attempts to exploit vulnerabilities in the system.

Victim

The user or system targeted by the attacker.

Web Server

A server that hosts websites and delivers content to users through web browsers.