Glossary

Common security terms and definitions used throughout CSN Docs.

A

Authentication: The process of verifying the identity of a user, system, or entity.

Authorization: The process of determining what resources or actions a user is permitted to access.

B

Broken Authentication: A security vulnerability where authentication mechanisms are implemented incorrectly, allowing attackers to compromise user accounts.

C

Cross-Site Scripting (XSS): A vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users.

D

Defender Notes: Sections in scenario documentation that explain how to detect and prevent security vulnerabilities.

I

Injection Attack: A type of attack where malicious data is sent to an interpreter as part of a command or query.

L

Lab: A controlled environment for practicing security skills, containing intentionally vulnerable applications.

O

OWASP: Open Web Application Security Project, a nonprofit organization focused on improving software security.

P

Payload: The malicious code or data used in an attack.

Penetration Testing: Authorized simulated attacks on computer systems to evaluate security.

S

Scenario: A specific security vulnerability walkthrough within a lab, providing step-by-step instructions.

SQL Injection (SQLi): A code injection technique used to attack data-driven applications by inserting malicious SQL statements.

V

Vulnerability: A weakness in a system that can be exploited to cause harm or gain unauthorized access.

X

XSS: See Cross-Site Scripting.