– Affected users — An assessment of the proportion of users potentially impacted by the exploitation of a specific vulnerability. (Component of DREAD)
– Assessment report — The written results of a security design review (SDR), consisting of a ranked summary of findings and recommendations, including specific design changes and strategies to improve security. (See Chapter 7)
– Asset — Valuable data or resources, especially likely targets of attack, to be protected.
– Asymmetric encryption — Data encryption with separate keys for encryption (public key) and decryption (private key). (Cf. Symmetric encryption)
– Attack — Action taken in an attempt to violate security.
– Attacker — A malicious agent working to violate the security of a system. (Also known as Threat actor)
– Attack surface — The aggregate of all potential points of entry to a system for attack.
– Attack vector — A sequence of steps forming a complete attack, starting from the attack surface and culminating in access to an asset.
– Auditing — Maintaining a reliable record of actions by principals, for regular inspection, to detect suspicious behavior indicative of improper activity. (Component of the Gold Standard)
– Authentication (authN) — High-assurance determination of the identity of a principal. (Component of the Gold Standard)
– Authenticity — Assurance that data values have not been tampered with; in other words, that the system doesn’t allow unauthorized modification of data.
– Authorization (authZ) — Security policy controls ensuring that privileged access is restricted to certain authenticated principals. (Component of the Gold Standard)
– Availability — Assurance that data access is always available to authorized principals; in other words, that the system avoids significant delays or outages hindering legitimate access.
– Backtracking — Behavior of algorithms, such as regular expression matching, where progress may advance and regress, exponentially repeating. Potential security issues result when backtracking incurs excessive computation that degrades availability. (See Chapter 10)
– Block cipher — A symmetric encryption algorithm that processes fixed-length blocks of data, as opposed to one bit at a time.
– Bottleneck — A single point in the code execution path that guards all access to a specific asset. Bottlenecks are important for security because they ensure that uniform authorization checks happen for all accesses.
– Buffer overflow — A class of vulnerabilities involving invalid access outside the bounds of allocated memory.
– Certificate authority (CA) — An issuer of digital certificates.
– Chokepoint — See Bottleneck.
– Chosen plaintext attack — Analysis of encryption where the attacker is able to learn the ciphertext for a plaintext of choice, and thereby discover the secret key. (See Chapter 5)
– C-I-A — The fundamental information security model. (See Confidentiality, Integrity, and Availability)
– Ciphertext — The encrypted form of a message that is meaningless without the key. (Cf. Plaintext)
– Collision — When two different inputs produce the same message digest value.
– Collision attack — Using a known collision to subvert authenticity relying on cryptographic message digest values being unique.
– Command injection — A vulnerability allowing malicious inputs to result in running arbitrary commands controlled by an attacker.
– Confidentiality — The fundamental information security property of enforcing only authorized access to data.
– Confused Deputy — A vulnerable pattern where an unauthorized agent can trick an authorized agent or code to perform a harmful action on the former’s behalf. (See Chapter 4)
– Cryptography — The mathematical art of reversibly transforming data so as to conceal it.
– **Cryptographically secure pseudo-random number generator (CSPRNG) ** — A source of random numbers considered unpredictable enough that guessing is infeasible, which is thus suitable for cryptography. (Cf. Pseudo-random number generator (PRNG))
– Damage potential — An assessment of how much harm can be done by exploiting a specific vulnerability. (Component of DREAD)
– Decryption — The process of transforming a ciphertext back into the original plaintext message.
– Denial of service (DoS) — An attack that consumes computing resources in order to degrade availability. (Also a component of STRIDE)
– Dependency — A software library or other component of a system that software requires in order to operate.
– Dialog fatigue — The human response to repetitive or uninformative software dialogs, often leading to reflexive responses to get past the dialog in order to accomplish a goal. The security impact occurs when users fail to understand or consider the security consequences of their actions.
– Digest — A unique numerical value of fixed size computed from an arbitrarily large data input. Different digest values guarantee the inputs are different, but collisions are possible. (Also known as Hash)
– Digital certificate — A digitally signed statement asserting a specific claim by the signer. Common digital certificate standards include TLS/SSL secure communications (both for the server and the client side), code signing, email signing, and certificate authorities (root, intermediate, leaf).
– Digital signature — A computation demonstrating knowledge of a private key, proving the authenticity of the signer.
– Discoverability — An assessment of how easily the existence of a specific vulnerability could be learned by a would-be attacker. (Component of DREAD)
– DREAD — An acronym for a five-component system used to assess a vulnerability to gauge its severity. (See Damage potential, Reproducibility, Exploitability, Affected users, and Discoverability)
– ECB (electronic code book) mode — A block cipher encryption mode where each block is encrypted independently. Since identical blocks result in identical outputs, for many applications ECB is weak and usually not recommended. (See Chapter 5)
– Elevation of privilege — Any means by which an agent acquires increased privileges, especially when an attacker exploits a vulnerability. (Component of STRIDE)
– Encryption — An algorithm transforming plaintext into ciphertext to secretly convey a message.
– Entropy source — A source of random input to a random number generator.
– Exploit — The recipe for a working attack that violates security, causing harm.
– Exploitability — An assessment of how easy it is to exploit a specific vulnerability. Often this is a subjective guess due to many unknowns. (Component of DREAD)
– Fact of communication — Knowledge of whether or not two communicants exchanged information, such as by an eavesdropper observing encrypted messages they cannot decipher.
– Flaw — A bug that might or might not be a vulnerability, either in design or implementation.
– Footgun — A software feature that makes it easy to introduce a bug, especially a vulnerability.
– Fuzz testing — Automated brute-force testing with arbitrary inputs to discover software flaws.
– Gold Standard — A nickname for the three basic security enforcement mechanisms. (See Auditing, Authentication (authN), and Authorization (authZ))
– Guard — An authorization enforcement mechanism in software that controls access to a resource.
– Hardware random number generator (HRNG) — A hardware device designed to produce highly random data efficiently. (See Cryptographically secure pseudo-random number generator (CSPRNG))
– Hash — See Digest.
– Hash message authentication code (HMAC) — A class of message digest functions where each key value determines a unique message digest function.
– HTML injection — A vulnerability allowing an attacker to craft malicious inputs that inject arbitrary markup or script into an HTML page.
– Incident — A specific instance of a security attack.
– Information disclosure — An unauthorized information leak. (Component of STRIDE)
– Injection attack — A security attack that uses malicious input to exploit a vulnerability where part of the input is interpreted in an unexpected manner. Common forms include SQL injection, HTML injection, command injection, and path traversal. (See Chapter 10)
– Input validation — Defensive checking of input data to ensure that it is of a valid format, so that it will be correctly processed downstream.
– Integration testing — Software testing of multiple components operating together. (Cf. Unit testing)
– Integrity — The fundamental information security property of maintaining data accurately, or only allowing authorized modification and deletion. (See C-I-A)
– Key — A parameter to a cryptographic algorithm that determines how the data is transformed. (See Private key, Public key)
– Keyed hash function — See Hash message authentication code (HMAC).
– Message authentication code (MAC) — Data accompanying a message as evidence that it is authentic and has not been tampered with. (Cf. Hash message authentication code (HMAC))
– Message digest — See Digest.
– Mitigation — A preemptive countermeasure to prevent a potential attack or reduce its harm, such as by minimizing damage, making the attack recoverable, or making it easily detectable.
– Nonce — An arbitrary number used once, such as in a communications protocol, to prevent replay attacks.
– One-time pad — A shared secret key for message encryption that can only be used once because reuse weakens its security.
– Overflow — The incorrect result of an arithmetic instruction when the value exceeds the capacity of the variable. When overflow happens undetected, it often results in a vulnerability by introducing unexpected results.
– Path traversal — A common vulnerability where malicious input injects unexpected content into a filesystem path that allows it to designate files outside the bounds of intended access.
– Plaintext — The original message before encryption, or after decryption by the intended recipient.
– Preimage attack — An attack on a message digest function attempting to find an input value that produces a specific message digest value. (See Chapter 5)
– Principal — An authenticated agent: a person, business, organization, application, service, or device.
– Private key — A parameter needed for decryption, kept secret by the authorized recipient.
– Provenance — A reliable history of the origin and chain of custody, providing confidence in the validity of data.
– Pseudo-random number generator (PRNG) — A “pretty good” random number generator that is vulnerable to prediction by sophisticated analysis. These random numbers are useful for many purposes, such as simulations, but are unsuitable for cryptography because they are not sufficiently random. (Cf. Cryptographically secure pseudo-random number generator (CSPRNG))
– Public key — A widely known parameter needed to encrypt a message for a particular recipient.
– Random number — An arbitrarily chosen number that cannot be reliably predicted.
– Rate limiting — A method of slowing down a process, commonly used to mitigate attacks that rely on brute-force repetition to succeed.
– Replay attack — Attacking an secure communication protocol by resending previous authentic messages. A replay attack succeeds if an attacker resends a copy of a previous authentic communication that is mistaken as a subsequent identical message sent by the original sender. (See Chapter 5)
– Reproducibility — An assessment of how reliably the exploitation of a specific vulnerability will work. (Component of DREAD)
– Repudiation — Plausible deniability for actions, specifically allowing an attacker to evade responsibility. (Component of STRIDE)
– Root certificate — The self-signed digital certificate authorizing trust in a certificate authority.
– Sandbox — A restricted execution environment designed to cap the maximum privilege available to code executing within it.
– Security design review (SDR) — A structured review of the security of a software design.
– Security hat — An expression describing the “putting on” of a security mindset to think about how things might go wrong.
– Security regression — The recurrence of a known security bug that was previously fixed.
– Security test case — A software test case that checks that a security control is always enforced.
– Security testing — Software testing to ensure that security controls work properly.
– Side channel attack — An attack that deduces confidential information indirectly, as opposed to by directly defeating protection mechanisms. For example, reliably deducing knowledge of the results of a computation from the time delay to produce the result. (See Chapter 8)
– Speculative execution — The optimization method used in modern processors whereby future instructions are executed early to potentially save time, with backtracking logic to discard results later if unneeded. The impact of speculative execution on the cache state potentially leaks information not otherwise accessible, making it a security threat. (See Chapter 8)
– Spoofing — The subversion of authentication where an attacker pretends to be an authorized principal. (Component of STRIDE)
– SQL injection — A vulnerability allowing an attacker to craft malicious inputs to run arbitrary SQL commands.
– STRIDE — An acronym for the six basic kinds of software security threats, useful to guide threat modeling. (See Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, Elevation of privilege)
– Symmetric encryption — An encryption method where the same key is used to encrypt or decrypt. The symmetry is that anyone who can encrypt can also decrypt. (Cf. Asymmetric encryption)
– Tainting — A process of tracing the origin of data through software used to mitigate untrusted inputs, or data influenced by those inputs, from being used in privileged operations such as for an injection attack. (See Chapter 8)
– Tampering — The unauthorized modification of data. (Component of STRIDE)
– Threat — A potential or hypothetical security problem.
– Threat actor — See Attacker.
– Threat modeling — Analysis of the model of a system used to identify threats needing mitigation. (See Chapter 2)
– Timing attack — A side channel attack where information can be inferred from measuring the timing of an operation.
– Underflow — Lost precision in the result of a floating-point computation.
– Unit testing — Software testing of individual modules in isolation from other components.
– Untrusted input — Input data from untrusted sources, in particular as a potential attack surface.
– Vulnerability — A software flaw that makes a security attack possible.
– Vulnerability chain — A collection of vulnerabilities that, when combined, constitute a security attack.
– Weakness — A bug that causes fragility and hence may be a vulnerability.