Discover the key notions about the web and cybersecurity. With its alphabetical classification, you’ll find easily a word along with its meaning. Feel free to save this page in your bookmark to easily read it anytime you need to.
Accessibility proof / fingerprint
Within the scope of a monitoring solution, the accessibility proof or fingerprint results in a sentence or a code line. Its regular display within your website is proof for its availability.
It is a security audit (ancre vers audit de sécurité) where the user manually controls all the settings related to the audit in order to have an efficient and personalized audit.
It is a security audit where the user manually controls all the settings related to the audit in order to have an efficient and personalized audit.
The alert threshold is a feature of a web monitoring solution whose goal is to initiate an unavailability alert, only if the threshold has been reached.
This ping threshold is measured in milliseconds to differentiate a simple slow time from a performance loss which could be damaging to your company.
The Agence nationale de la sécurité des systèmes d’information (National Cybersecurity Agency of France) is an agency related to computer security. The ANSSI is in charge of proposing the rules to be implemented for the protection of the State's information systems and verifying the application of the measures adopted. In the field of information system defence, it provides a monitoring, detection, alert and response service to IT attacks, especially those happening on the State's systems.
API means “application programming interface”. It is a device that allows a software to offer its services to other software.
Authentification / multi-factors Authentification
Authentication is the process by which a third-party logs into a system to access secured data or services.
Most of authentications rely on a "Login and Password" scheme, but multi-factor authentications are emerging and are more secured. For example, authentication using a single-use code is significantly safer than the traditional login/password combination.
Quick audit allowing to obtain a first audit without having to make complex settings. This type of audit is not recommended for experts.
The Big data, or “mega data”, refers to all the digital data resulting from the use of new technologies for both professional and personal use. Given its gigantic volume (2.5 trillion bytes/day), Big data can't really be analyzed as a single data source.
Black box audit
A Black Box audit is a security audit in which the auditor (human or robot) has the same access as a visitor to a web application or website, but without getting access to a secure or administrator area.
Black Hat hacker
Black Hat hackers, in opposition to White Hat, are unethical hackers who illegally attack companies, structures and individuals for purely selfish and financial purposes.
The breach simulator is an exclusive technology from HTTPCS to check a breach exploitability before reporting it. Not only this simulator guarantees a 0 false positive rate, but it also improves the fixing and comprehension of a breach.
BYOD (bring your own device)
A work method from the US that consists in using your personal computer equipment for work. Although the worker can benefit from this approach, it nevertheless involves a high-risk regarding the company’s data security.
The Certification seal is a badge to display on your website or web application. For the users who implement good practices within their company and perform regular audits, HTTPCS affixes a trust seal on their website.
A dynamic trust seal improves the trust and the involvement of the visitors to your company.
The various HTTP codes correspond to the results of a request. For example, code 200 indicates the success of the request, codes 3XX are the redirections or codes 4XX group all the errors. The 404 error is the most popular one and refers to the failure of a web page.
A certifying authority is a trusted third-party that enables to authenticate two correspondents.
Within the scope of monitoring, the ping is a server located to a specific place of the world which will be able to test your website or web application availability.
CIO or CISO
The Chief Information Officer and the Chief Information is the individual in charge of ensuring compliance and planning the measures to be applied in order to have a good policy for the protection of resources and information technologies.
The Clarifying Lawful Overseas Use of Data Act or CLOUD Act is a US federal law intended to make it easier for law enforcement agencies to obtain personal data stored by US service providers, whether they are located in the United States or not, see this article.
The Common Weaknesses Enumeration is a dictionary written by the MITRE which collects and lists vulnerabilities that affect software.
"Cyber Malveillance" is a French government device that shares best practices in cyber security and provides the general public with organizations and structures that can help them manage their IT security issues.
HTTPCS is one of the organizations listed by Cyber Malveillance.
Cyber Vigilance is the Threat Intelligence solution of the HTTPCS suite. It enables users to be alerted in real time if their personal data appears on the Deep Web and Dark Web.
Corrupted content is content that has been violated voluntarily or accidentally, thus changing its nature and functioning.
The dark Net is the Internet part that is unreachable by traditional search engines. This network is based on specific protocols to guarantee greater anonymity for users who browse these web pages.
The dark web is a part of the web pages that is not indexed by search engines. It may sometimes contain illegal content, because accessing these pages is often anonymous and almost untraceable.
Data history is the period of time in which an organization or structure keeps data about the use of the solution.
A data leaks is an accident or a voluntary event (hacking attack) which results in the illegal disclosure of sensitive information or a database.
Defacing is the unsolicited modification of a website presentation, after being hacked. Therefore, it is a form of website hijacking operated by a hacker.
Just like the Dark Web, the Deep Web is a part that is not indexed by search engines. However, these pages contain legal but protected content, such as the web page of your bank account that can be accessed with your login credentials, for example.
A report is made available after each security audit. It includes the breaches, the fixes to implement, the good practices and any information required to improve the company’s IT security.
The Domain Name System monitoring is a device that ensures that your domain name redirects to your website or application.
The domain name or “Domain Name System” is the internet address of an application or website. Thanks to the domain name, the internet users can find your company by entering this address on a search engine.
Domain validation (DV)
The DV is the SSL certificate used to get an “https” address and a green padlock.
Exploitable security flaw
An exploitable security flaw is a vulnerability that can compromise the website or web app integrity, as opposed to a false positive that is considered as a false alert.
In cybersecurity, the false positive is considered as a detection error. The vulnerability scanner reports a flaw that can be exploited by a hacker when it is harmless, and therefore sends a false alert to the user. It leads to a waste of money and time for the company.
Flaw or security vulnerability
A security vulnerability is a design error or a computer system specificity that enables an individual to damage the system by exploiting that vulnerability.
OWASP and CVE are two organizations that categorize, classify and list the flaws and vulnerabilities encountered by businesses and individuals.
A forensic audit is a security audit performed in a short period of time following an attack or intrusion. Its purpose is to identify security breaches, apply appropriate corrective measures and adopt good practices to limit the consequences of the previous and upcoming attacks.
The general data protection regulation is an European law about controlling the collection of individual’s personal data (first name, last name, birthdate, IP address, bank details, etc…). The companies must respect heavy obligations about data storage, processing and securing in order to avoid any leak on the internet.
The GET is a webpage request with variables and their specified values at the end of the URL (after a ''?'). This method provides the user a link that can be saved and leads to this specific page.
Exemple : /test/demo_form.asp?name1=value1&name2=value2 (variables: name1 et name2, valeurs: value1 et value2)
Grey box audit
A Grey Box audit is a security audit in which the auditor (human or robot) has the same access as an internet user with access to an authenticated or administrator area.
A hacker is an individual who uses his advanced computer knowledge to search for vulnerabilities. Whether ethical or not, the hacker seeks to bypass and exceed the security elements established by brands and hardware manufacturers.
Hacker forums / hacker networks
Hacker forums are chat areas often hosted on the Dark Web, in which hackers exchange some information about discovered vulnerabilities, or to brag about their exploits.
HTTPCS Interactive Map
The HTTPCS interactive map (https://map.httpcs.com) is a key asset that enables visitors to see in real-time the attacks detected by Cyber Vigilance all around the world.
http means Hyper Text Transfer Protocol. It is a communication protocol between a server and a client done by a request system developed for the World Wide Web.
HTTPS means Hyper Text Transfer Protocol Secure. It refers to an HTTP protocol protected by SSL encryption.
A hyperlink is a link contained within a website or web application that redirects the user to another website or application.
The incident response includes all the protocols and methodologies aimed to respond in the best possible way to a cybersecurity incident.
Integrity by HTTPCS
Integrity is the HTTPCS integrity checker. It allows you to be notified of any change within a web application or website, whether it is considered fraudulent or not.
Internet of Things (IOT)
Internet of Things (IoT) is a recent term that refers to all everyday objects that are connected to the Internet.
The IP address is a sequence of numbers separated by dots that identifies each device connected to the Internet.
The ISM (Information Security Management) includes a set of policies and standards designed to ensure the effective management of information security.
Level of criticality
The level of criticality refers to the automatic attribution of a breach risk level. Depending on its exploitability and harmful potential, the breach is classified from “Low” (low risk) to “High” (high risk).
Local software and SaaS
A software as a Service (SaaS) is an application made available by a provider which is accessible through an internet browser and which does not require any installation from the user.
The Machine Learning is about studying an artificial intelligence regarding the creation of algorithms that constantly learn and improve themselves by working with many pieces of data.
The 100% mapping of a web application or website consists in indexing a whole application for a robot, even the least accessible pages.
A malicious content is a file or application that is intended to harm a system or data by accessing or damaging it.
A malware, contraction of “Malicious” and “Software”, refers to a software intended to cause damages.
Man in the middle attack
Man in the middle attack
A “man in the middle” is a type of attack in which an offender manages to intercept data from a secure exchange by standing between the two protagonists, each of them thinking they are dealing with the right interlocutor.
The MITRE is an American not-for-profit organization whose goal is to act in the interests of the public in various field like IT security.
A Monitoring service is a solution to check a website, web application or server availability.
The Monitoring frequency is the period of time between two pings performed by a checkpoint on a monitored system.
Multi domaine (SAN)
SAN (Subject Alternative Names) certificates are SSL certificates which make many domain names secure.
The natural SEO (Search Engine Optimization) is a subject that consists in working on the content of a website and their structures to get the best position in the search engine result page (SERP).
Organization validation (OV)
The OV is an SSL certificated intended for companies. Renewed at least every two years, it offers the best guarantees to protect users against computer piracy.
Injections: risk of command injection (System, SQL, Shellcode…)
Broken Authentication and Session Management: risk of breaking or bypassing the authentication and session management (session theft, password recovery)
Cross-Site Scripting (XSS): injection of HTML code on a page, leading to unwanted occurrences on a webpage. The XSS breaches are particularly common among the web security breaches.
Broken Access Control: security breaches on the rights of authenticated users. The attackers can exploit these flaws to get access to other users.
Security Misconfiguration: breach due to a misconfiguration of the web servers, web applications, database or framework.
Sensitive Data Exposure: security breaches disclosing some sensitive data, like passwords, credit card information, or even personal data.
Insufficient Attack Protection: lack of respect of the good security practices.
Cross-Site Request Forgery (CSRF) breaches due to query executions without the user’s knowledge.
Using Components with Known Vulnerabilities: breaches due to the use of vulnerable third-party components.
Underprotected APIs: ed APIs : underprotection of the applications using APIs
The PCI DSS is a payment card security standard.
A penetration test (sometimes called pentest) is an intentional attempt to find security breaches and vulnerabilities within a system for cybersecurity purposes.
A phishing is an attempt to extort personal information or bank details from a person by pretending to be a trusted third-party.
In computer science, the ping is a request sent to a system in order to check its accessibility and its latency (loading time).
The http POST method sends hidden variables to your browser. This method is generally favored when it comes to sending a form containing some sensitive data (password, username, …)
In cybersecurity, proactive defence means anticipating cyber-attacks rather than waiting for them to occur before reacting. This approach reduces weaknesses, flaws and vulnerabilities in the computer system, both technically and humanely.
A Ransomware is a malicious software whose goal is to encrypt the data of the infected computer to demand a ransom (usually in cryptocurrency) for its decryption.
It is not recommended to give in to a demand for ransom, since the criminal offenders cannot decrypt a corrupted system.
Red Team, Blue Team et Purple team
In pen-testing, the Red Team is an offensive team whose goal is to simulate an attack. The Blue Team is a defensive team in charge of simulating a defense.
The Purple Team gathers these two team which work together in order to adopt solutions after the penetration test.
Script Kiddies (sometimes called “lamers”) are hackers with very few skills. They try to exploit known breaches or use scripts or Toolkits in order to harm people without seeking to make a profit.
An action to assess the security status of a website or application regarding specific standards and conventions. (CVE, OWASP, ISO)
Security by HTTPCS
Security is the flagship solution of HTTPCS. It’s an efficient vulnerability scanner whose goal is to discover and fix the breaches of a website or web application.
Security flaw correction
The patch consists of modifying the structure of the website or web application in order to make a vulnerability inoperable.
Sensitive data is personal data, i.e. it involves sensitive information about an individual, origin, political opinions, religious or philosophical beliefs, trade union membership, sexual orientation or even genetic or biometric data.
A Secure Sockets Layer certificate is a protocol to secure online exchanges that ensures the inviolability of an exchange between two parties using a third party: the certification authority.
A Trojan is a file that seems harmless, but which actually contains a hidden malicious software in its code, and will go off after executing it.
TrustSign is the first French SSL certification authority. The company is owned by the Ziwit company.
The unavailability of a website, web application or server refers to the period where the service is not available to its users. These periods of time can be detected with a monitoring system.
Up (good working order) and Down (fault condition) are the two states of a server, website or web application to monitor.
URL means “Uniform Resource Locator”, commonly called “web address”. The URL is useful to name a resource located on the internet.
USA Patriot Act
The USA PATRIOT Act (Uniting and Strengthening American by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act) was passed on October 25th, 2001. This law aims to strengthen the antiterrorist defense.
The user console is the SaaS interface that enables the users of the HTTPCS solutions to set up their operations.
Virtual robots / Virtual agents
A robot or a virtual agent is a computer program supposed to index and map a designated target on the internet. It can be a robot acting for a search engine like Google, or a robot in charge of indexing the dark web and deep web, like the Cyber Vigilance robot.
A computer virus is a software containing malicious codes that can spread from one computer to another by inserting itself in some “host” software.
In the field of IT security, a vulnerability is a breach or weakness that cab harm the integrity of a system because of its exploitation by hackers.
Web integrity refers to the act of ensuring that a website or web app does not suffer from any intentional or accidental alteration or destruction.
Website and web application
A website and a web application are infrastructures accessible through a web browser, whose goal is to send content, sell a product or provide a service to visitors without any installation.
Website’s tree structure
The website’s tree structure is the visual layout resulting from a mapping which enables you to see the structure and link between the different pages composing a website or a web application in a logical way.
A White Box audit is a security audit in which the auditor (whether a human or a robot) get access to all the system information.
White hat hacker
The White Hats are ethical hackers that use their skills in order to improve the IT security and infrastructure system.
Their work is usually rewarded by organizations through a bug bounty.
A Whitelist feature is useful to consider a non-exploitable breach as “not harmful”. The breach will no longer be in the list of breaches to fix and saves time for the technical teams.
The Wild Card certificate which secures an unlimited number of subdomains on a server or an unlimited number of servers.
The Zero Day is an IT vulnerability that was never published or fixed.
The Ziwit Academy is an approved training organization established by Ziwit and composed of cybersecurity experts and ethical hackers. Its mission is to teach good cybersecurity practices.