10.1. Security Terms
The IT security industry uses words such as hardening or locking down to describe the process of making a server secure to vulnerabilities. As with the entire IT industry as a whole, there can be many terms created to refer to the same process, and learning jargon can be confusing. Projects such as the Open Web Application Security Project (OWASP) publish large comprehensive glossaries containing all the security terminology: http://www.owasp.org/index.php/Category:Glossary. The terms listed here will assist you with understanding certain sections of this chapter.
10.1.1. Black Hat Hacker
A black hat hacker is a malicious hacker who obtains unauthorized access to computer systems. The term is a reference to the black hat that villains/bad guys wear in classic western movies.
10.1.2. White Hat Hacker
A white hat hacker is a security expert who performs security testing on applications. A white hat hacker is an ethical hacker, who only uses their knowledge for good. The term is a reference to the white hat that hero/good guys would wear in classic western movies.
10.1.3. Cookie Poisoning/Cookie Manipulation
Cookie poisoning is the modification of a cookie, stored on the client computer by an attacker. Many attackers use cookie poisoning to gain unauthorized information about the user to fraudulently authenticate themselves to a web application. Many attackers will use a cross-site scripting exploit in the web application to enable cookies.
10.1.4. Session ...
Get Testing ASP.NET Web Applications now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
