Cybersecurity Glossary of Words

Quick Reference: Glossary of Cybersecurity Terms

by | Jun 26, 2020 | Cybersecurity | 0 comments

If you’re new to Cybersecurity, sometimes the language can be confusing. Stronger has compiled a list of terms you’ll need to know. There are more, but this is a good starting point.

Antivirus/Anti-malware software is a computer program used to prevent, detect, and remove malware.

Bots: As they apply to eCommerce security, bots are used by hackers to scrape websites for pricing and inventory information, allowing them to change the pricing in an online store, or to garner the best-selling inventory in shopping carts.

Brute Force Attacks consist of an attacker submitting many passwords or passphrases with the hope of guessing correctly. These attacks can also include Dictionary Attacks, which use commonly used passwords and common words in a Brute Force Attack to crack a password.

Content Security Policy (CSP): A CSP is an added layer of security that helps to detect and mitigate certain types of attacks, including XSS and data injection attacks. (Learn more)

Data Backup is a copy of computer data taken and stored elsewhere to be used later in the case of hardware malfunction or data loss due to cyber-attack.

DoS and DDoS: Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks are where an attacker makes a machine or network resource unavailable by temporarily or indefinitely disrupting services of a host connected to the internet. The only difference between DoS and DDoS attacks are that DoS are typically executed using on computer or machine and DDoS attacks use multiple. (Learn more)

Financial Fraud is where hackers make unauthorized transactions and wipe out their trail. This also includes Refund Fraud, which is where a fake request for refund or returns for illegally acquired products or damaged goods.

Firewall: A firewall is a hardware or software system that works as a wall or gateway between two or more networks. They allow authorized traffic and deny unauthorized or potentially malicious traffic from passing through.

HTTP vs HTTPS: HTTPS is HTTP with encryption. The main difference between the two protocols is that HTTPS uses TLS (SSL) to encrypt normal HTTP requests and responses. (Learn more)

Multi-Factor Authentication (MFA) is an authentication method in which a user is granted access only after successfully presenting two or more pieces of evidence to an authentication mechanism. 2FA is a subset of MFA.

Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle branded credit cards from the major card schemes. The Standard is comprised of 12 requirements for compliance, which are organized into six groups: build and maintain a secure network and systems, maintain a vulnerability management program, implement strong access control measures, regularly monitor and test networks, and maintain an information security policy. (Learn more)

Payment Gateway Security entails utilizing a merchant service that processes credit card payments for eCommerce sites as well as brick and mortar stores. Most payment gateways ensure payment security by using encryption between the user’s browser and the retailer’s server and initiating an authorization request before allowing the transaction to proceed.

Phishing is a fraudulent attempt to obtain sensitive information such as usernames, passwords, and credit card details by tricking users into clicking on a bad link or opening a corrupted file.

SSL Certificates are what enable websites to move from HTTP to HTTPS. They are data files hosted on a website’s origin server and make SSL/TLS encryption possible. (Learn more)

SQL Injections are cyber attacks intended to access a database by targeting query suggestion forms. They then inject malicious code in the database, collect the data they need, and delete it later.

Two-Factor Authentication (2FA) is a second layer of security to protect an account or system. 2FA increases the security of online accounts by requiring two types of information from the user such as a password or PIN, an email account, ATM card, fingerprint, or code before the user can login.

XSS Attacks or cross-site scripting attacks, enable attackers to infect an online store with malicious code. When customers purchase from the online store, the malicious code is then transferred to their machine. This site is easily prevented by implementing a Content Security Policy.