IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [terminology]

For questions about names of attacks, vulnerabilities, concepts, etc.

Terminology is the study of terms and their use. This tag can be used for questions about the science of terms, as in particular subject.

For example:

  • Is the injection in a NoSQL database architecture also called SQL injection?

More information about terminology can be found here: https://en.wikipedia.org/wiki/Terminology

265 questions
10
votes
1 answer

What is a security embargo?

Via Hackernews I landed on "An Ancient Security Hole is (Not) Closed", which mentions "embargoes" on several occasions, e.g.: ...I have no interest in digging out more details or ruining embargoes that I'm not party to. I know the generic meaning…
Jeroen
  • 859
  • 9
  • 15
8
votes
2 answers

Vulnerability Assessments - Vulnerability Taxonomies?

All, First question on here so please be as gentle as you can :-) I've been looking around for any writings or papers on a standard for classifying vulnerabilities. Not from a severity/risk/impact point of view but categorising such as grouping all…
IC3N1
  • 83
  • 3
5
votes
2 answers

Difference between "weakness" and "vulnerability"?

What is the difference between the terms "vulnerability" and "weakness" when it comes to security? I was looking at the CWE page and it mentions that a weakness leads to a security vulnerability. I understand this only partially. From my…
Izy-
  • 873
  • 1
  • 8
  • 18
4
votes
2 answers

Registration or Enrollment?

When joining an authenticated network, I have seen the terms "Enrollment" and "Registration" used to describe the process of initially setting up your credentials on the network. "Authentication" itself then is a periodic activity where these…
robert
  • 335
  • 2
  • 11
4
votes
1 answer

Do voting machines rely on "security through obscurity"?

There was an interesting paper in 2013 from the University of Pennsylvania called Familiarity Breeds Contempt: The Honeymoon Effect and the Role of Legacy Code in Zero-Day Vulnerabilities. One compelling example the authors discuss is the lack of…
olliezhu
  • 241
  • 1
  • 6
4
votes
1 answer

Is there a difference in terminology between the words "cryptogram" and "ciphertext"?

I've noticed that certain security professionals use the term "ciphertext" while others use "cryptogram". Is there any meaningful difference between those terms? Or can they be used interchangeably?
Mike B
  • 3,458
  • 4
  • 32
  • 42
4
votes
3 answers

Cyber Security vs. Digital Security

What is the difference between Cyber Security and Digital Security? They sound very similar (same) to me, But my university course slides said: current techniques of Machine Learning can provide Digital Security, but not Cyber Security. So what is…
Makan
  • 143
  • 1
  • 6
4
votes
1 answer

Is there a term for the combination of principal and credential?

In an API that needs to take a principal and a credential as arguments, what is the pair of those two pieces of information commonly called? FFW Apache Shiro seems to call this an AuthenticationToken. Is that established terminology though?
Stefan Plantikow
  • 41
  • 3
3
votes
3 answers

Difference between white-box testing and secure code review

As far as I know, penetration testing can be divided into black-box, gray-box, and white-box testing. But then what about secure code review? Is it part of white-box testing or is it separate?
McJohnson
  • 292
  • 2
  • 7
3
votes
1 answer

What does Frank Abagnale mean by "Level 4 security" in his talk at Google?

During his talk at Google, Frank Abagnale mentioned the following: ...we will be doing away with passwords in the next 24 months. Passwords will leave the world, there will be no more passwords. There is a new technology called Trusona...it is a…
Steve V.
  • 135
  • 4
2
votes
1 answer

Protecting vs Securing

I encountered a question "true or false, replication is NOT a way to protect data". I answered true since I felt that protecting data meant securing the network and preventing unauthorized access to the data, and simply replicating it would not…
Jay
  • 535
  • 1
  • 5
  • 12
2
votes
1 answer

Is there a term for vulnerabilities the need 'help' from target vs vulnerabilities that can be exploited with no actions from the target?

I'm making a guideline for a bug bounty program and want to distinguish between bugs that require some kind of action on the target's behalf (eg clicking a suspicious link), vs vulnerabilities that can be exploited without any actions from the user…
Alex V
  • 200
  • 6
2
votes
1 answer

The use of "over" in cryptography (as in "a hash over the key")

This is the ultimate noob question. When reading discussions of cryptography, I often come across phrases like these: ...calculates a hash over the primary key... ...a key derivation function over a static string... ...an HMAC over the i-th derived…
kjo
  • 1,063
  • 2
  • 9
  • 17
2
votes
3 answers

Are all vulnerabilities security related?

Are all vulnerabilities security related? When people talk about vulnerabilities and security vulnerabilities, are they the same concept? My understanding is that a vulnerability is the a weakness in the system that allow to have potential attack.
Ken
  • 21
  • 1
2
votes
4 answers

Is Information Security a Cybersecurity area or the opposite?

I'm reading about Cybersecurity and Information Security and I have questions: Is Information Security part of Cybersecurity? Is Cybersecurity part of Information Security? Both have just common concepts? What's the right affirmation? Cyber…
eightShirt
  • 313
  • 1
  • 3
  • 13
1
2 3