Web site Terminology Glossary | Web site Safety, Vol. 1

Think about an onion

Once you’re hustling, time is cash and that cash is available in cash, not payments. It’s why we made our Web site Terminology Glossary for internet professionals. This free useful resource for designers, builders, entrepreneurs or anybody else makes it simpler explaining technical stuff to shoppers.

Reasonably than a prolonged back-and-forth, shortly discover definitions that break it down in actual phrases. Begin getting time again, and put extra of these cash within the financial institution.

Web site Terminology Glossary: Web site Safety, Vol. 1

After we speak about web site safety with shoppers, a straightforward option to visualize it’s like layers of an onion. The precept is straightforward: the extra layers of safety you will have, the higher protected your web site and server is from assault.

Defending web sites isn’t nearly utilizing a robust password — emphasize that threats are available in all sizes and shapes, starting from concentrating on uninformed customers to profiting from recognized software program vulnerabilities. Make it clear that attackers take nice lengths to realize entry to a web site’s delicate sources and information.

Assault vector

The pathways or strategies that hackers use to interrupt into a web site and acquire unauthorized entry. As soon as the method is profitable, attackers can set up malicious code, distribute spam, plant backdoors to maintain unauthorized entry, and even steal delicate data.

It’s kinda like

Think about you’re James Bond making an attempt to enter a constructing to steal essential paperwork. The strategies you employ to get inside would possibly embody tricking the doorman on the entrance with pretend ID, climbing in by a half-open window along with the constructing, or blowing up the supply door so you possibly can acquire entry.

You additionally would possibly hear

assault technique, kind of assault


When a hacker breaks into your web site, they usually depart behind hidden entry factors that permit them to entry your website, even after you’ve eliminated malware. These entry factors, generally known as backdoors, are sometimes designed to be troublesome to search out. They may also be confused with official web site code, making it straightforward for the hacker to return again once more at a later date with out being detected.

It’s kinda like

If somebody broke into your storage and stole your chicken seed, then copied your keys and constructed a secret hidden tunnel by the ground in order that they may come again subsequent week for extra.

You additionally would possibly hear

unauthorized entry, backdoor malware, trojan, rootkit


The method of figuring out harmful or hacked web sites and warning potential customers from browsers, search engines like google, and desktop antivirus applications. Blocklists assist defend internet customers from on-line threats. But when your website is blocklisted by a serious authority like Google, you’ll probably discover a sharp decline in visitors, gross sales and income.

It’s kinda like

A public record of accommodations with recognized mattress bug infections

Brute power

An attacker works by each potential mixture in an try to guess login data, encryption keys, or admin pages. This straightforward and dependable technique lets the hacker sit again and automate their assault with trial-and-error by making an attempt completely different mixtures of well-liked passwords,  usernames — and even dictionary phrases.

It’s kinda like

You forgot the mix to your four-digit lock, so that you simply randomly guessed each mixture till you lastly received the proper reply.

You additionally would possibly hear

password guessing, dictionary assault, credential recycling, credential stuffing, reverse brute-force

Bank card skimmer

Malicious code injected into a web site, server, or cost web page to gather delicate private and cost or bank card data from guests. Website guests usually don’t even know their data is stolen till fraudulent purchases are made. The sort of malware can have critical penalties for an ecommerce website, impacting status, PCI compliance, and even resulting in blacklisting.

It’s kinda like

If somebody appeared over your shoulder if you had been shopping for sneakers, took footage of your ID and bank card with their cellphone whilst you had been finishing the acquisition, then used your data to purchase a brand new TV on-line.

You additionally would possibly hear

on-line skimmer, bank card stealer, e-commerce malware, card skimmer, identification theft

Denial of service assault (DoS)

These focused assaults towards web sites and servers are supposed to disrupt or convey a website down and make it inaccessible. It’s usually executed by sending a lot data to the positioning without delay that it triggers a crash. DoS assaults may also be completed by concentrating on a recognized vulnerability within the web site’s software program, making it troublesome — or unimaginable — to entry the positioning, and costing a web site proprietor a variety of money and time within the course of.

It’s kinda like

In case you went to the library to seize a e book, however three different individuals all got here without delay and tried to seize it on the identical time and no person might learn it.

You additionally would possibly hear

DDoS, buffer overflow assault, ICMP flood, SYN flood


A software or technique that takes benefit of a bug or vulnerability in your web site. Exploits usually take the type of applications or code designed to let the hacker entry your website to steal information or trigger negative effects. These instruments permit attackers to make the most of safety holes to do no matter they need along with your website’s sources.

It’s kinda like

The ladder or rope that you just use to climb by an open window right into a locked constructing.

You additionally would possibly hear

Identified exploits, 0days, zero-day exploits

Identification theft

Happens when somebody makes use of one other particular person’s private or cost data to commit against the law or fraud. Typically, stolen data is even offered on the darkish internet for cash, permitting different criminals to entry it and use it for a price.

It’s kinda like

If somebody opened a bank card utilizing your identify and knowledge and went on a spending spree.

You additionally would possibly hear

impersonation, bank card theft, information breach


Monitoring software program that data any keys typed on a keyboard. Keyloggers usually transmit keystrokes again to 3rd social gathering websites or sources, and might help attackers steal monetary or private data entered on a web site.

It’s kinda like

A hidden voice recorder that eavesdrops on each phrase you converse and sends the dialog again to another person for evaluate.

You additionally would possibly hear

keystroke loggers, keylogging apps, keystroke information


Dangerous software program or code designed to break, disrupt, or acquire unauthorized entry into a web site or server. Attackers can use malware to hijack a web site, steal data, redirect visitors to spam, or infect website guests. These deliberately dangerous items of code may cause critical hurt to a web site, influence income, and injury model status.

It’s kinda like

Viruses and unhealthy micro organism that wreak havoc on the physique and are arduous to do away with.

You additionally would possibly hear

web site malware, conditional redirects, malicious JavaScript, backdoors, hacktools, web optimization spam, DDoS, malicious redirects, hack, injection, defacements


An try to trick somebody into revealing delicate data like passwords, usernames, bank card particulars, and different delicate data. Phishing assaults usually faux to return from official manufacturers or sources you may be aware of, and may be present in SMS, emails, and even on web sites.

It’s kinda like

Somebody making an attempt to faux to be a valet, solely to gather the keys and steal the automotive.

You additionally would possibly hear

Electronic mail phishing, spear phishing, smishing, vishing, whaling

SQL injection

These assaults inject malicious items of code into a web site’s susceptible SQL queries, serving to a hacker acquire, tamper, or destroy a website’s data — and even develop into server admins. Since SQL injections work as official queries on a database, they are often troublesome to detect till a website’s content material has been clearly modified.

It’s kinda like

Sneaking a gun into the bag of an airport safety officer after which retrieving it behind the barrier.

You additionally would possibly hear

SQL injection vulnerability, SQLi


A web site safety threat involving a code flaw, glitch, or weak point. If exploited, vulnerabilities present some extent of entry permitting hackers to realize unauthorized entry into your web site and server.

It’s kinda like

A thief sneaking in by an open door or smashing by a window with a lead pipe.

You additionally would possibly hear

software program vulnerability, injection flaws, cross-site scripting (XSS), damaged authentication, damaged entry management, safety misconfiguration


An acronym for “internet utility firewall,” the WAF is a third-party safety measure that displays, controls and blocks malicious visitors coming to your web site. These instruments act as a protect to filter and examine any visitors for doubtlessly malicious habits, blocking assaults earlier than they even attain your website.

It’s kinda like

An airport safety officer who checks for weapons and contraband earlier than passengers can go to their gate.

You additionally would possibly hear

firewall, blocklist WAF, allowlist WAF, network-based WAF, host-based WAF, cloud-based WAF

Source link