Penetration Testing — All The Terms You Need To Know

cybersecurity Sep 7, 2020
  1. Authentication — Authentication is the process of checking if a user is allowed to gain access to a system. This is commonly achieved by using username/passwords, ssh keys, etc.
  2. Authorization — Authorization is the process of checking if the authenticated user has permission to perform an action. For example, after logging into Facebook, you are authorized to update your profile and settings, but not anyone else’s.
  3. Audit —  Generally, audit means “inspection”. In Cybersecurity, an audit is to conduct a complete inspection of an organization’s network to find vulnerabilities. Also called “penetration testing”, cybersecurity professionals attack their own systems (or other’s systems with permission) in order to figure out how vulnerable their devices are.
  4. Access Control List — A list that contains users and their level of access to a system. Users are usually grouped into “Roles” and permissions are combined into “policies”. So you can either assign a user into a role (with pre-defined permissions) or assign a policy to a user.
  5. Aircrack-NG — Aircrack is a software suite that helps you to attack and defend wireless networks. Aircrack is not a single tool, but a suite of tools, each of which performs a specific function like a detector, packet sniffer, WEP/WPA cracker, and so on.
  6. Backdoor — A Backdoor is a piece of code that lets hackers get into the system easily after it has been compromised. Since an attacker has to go through multiple stages in order to successfully exploit a system, they don't usually want to go through it again.
  7. Burp Suite — Burpsuite is a web application security software that helps to test web apps for vulnerabilities. Burpsuite gives you fine-grained information about requests and responses and is used extensively in bug bounty hunting.
  8. Banner Grabbing — Banner grabbing is the process of capturing basic information about a server. This includes the type of web server software (eg. apache), services, or even service versions running on the system.
  9. Botnet — Network of computers controlled by a hacker to perform attacks such as Distributed Denial of Service.
  10. Brute-Force Attack — Method of trying to gain access to a system by trying different login combinations to gain access to the system. eg. trying to crack a 9 -digit numeric password by trying all the numbers from 000000000 to 999999999.
  11. Buffer Overflow — When a program tries to store more information than it is allowed to, it overflows into other memory partitions called “Buffers”. This leads to corrupting existing data on those buffers.
  12. Cache — Storing the response to a particular operation in temporary high-speed storage is to serve other incoming requests better. eg. you can store a database request in a cache till it is updated to reduce calling the database again for the same query.
  13. Cipher — Cryptographic algorithm for encrypting and decrypting data.
  14. Code Injection — Injecting malicious code into a system by exploiting a bug or vulnerability.
  15. Cross-Site Scripting — Executing a script on the client-side through a legitimate website. This can be prevented if the website sanitizes user input.
  16. Compliance — A set of rules defined by the government or other authorities on how to protect your customer’s data. Common ones include HIPAA, PCI-DSS, and FISMA.
  17. Dictionary Attack — Attacking a system with a pre-defined list of usernames and passwords. eg. admin/admin is a common username/password combination used by amateur sysadmins.
  18. Dumpster Diving — Looking into a company’s trash cans for useful information.
  19. Denial of Service & Distributed Denial of Service — Exhausting a server’s resources by sending too many requests is Denial of Service. If a botnet is used to do the same, its called Distributed Denial of Service.
  20. DevSecOps — Combination of development and operations by considering security as a key ingredient from the initial system design.
  21. Directory Traversal — Vulnerability that lets attackers list al the files and folders within a server. This can include system configuration and password files.
  22. Domain Name System (DNS) — Helps convert domain names into server IP addresses. eg. Google.com -> 216.58.200.142
  23. DNS Spoofing — Trikcnig a system's DNS to point to a malicious server. eg. when you enter ‘facebook.com’, you might be redirected to the attacker’s website that looks like Facebook.
  24. Encryption — Encoding a message with a key so that only the parties with the key can read the message.
  25. Exploit — A piece of code that takes advantage of a vulnerability in the target system. eg. Buffer overflow exploits can get you to root access to a system.
  26. Enumeration — Mapping out all the components of a network by gaining access to a single system.
  27. Footprinting — Gathering information about a target using active methods such as scanning and enumeration.
  28. Flooding — Sending too many packets of data to a target system to exhaust its resources and cause a Denial of Service or similar attacks.
  29. Firewall — A software or hardware filter that can be configured to prevent common types of attacks.
  30. Fork Bomb — Forking a process indefinitely to exhaust system resources. Related to a Denial of Service attack.
  31. Fuzzing — Sending automated random input to a software program to test its exception handling capacity.
  32. Hardening — Securing a system from attacks like closing unused ports. Usually done using scripts for servers.
  33. Hash Function — Mapping a piece of data into a fixed value string. Hashes are used to confirm data integrity.
  34. Honey Pot — An intentionally vulnerable system used to lure attackers. This is then used to understand the attacker’s strategies.
  35. HIPAA — The Health Insurance Portability and Accountability Act. If you are working with healthcare data, you need to make sure you are HIPAA compliant. This is to protect the customer’s privacy.
  36. Input Validation — Checking user inputs before sending them to the database. eg. sanitizing form input to prevent SQL injection attacks.
  37. Integrity — Making sure the data that was sent from the server is the same that was received by the client. This ensures there was no tampering and integrity is achieved usually by hashing and encryption.
  38. Intrusion Detection System — A software similar to a firewall but with advanced features. Helps in defending against Nmap scans, DDoS attacks, etc.
  39. IP Spoofing — Changing the source IP address of a packet to fool the target into thinking a request is coming from a legitimate server.
  40. John The Ripper — Brilliant password cracking tool, runs on all major platforms.
  41. Kerberos — Default authorization software used by Microsoft, uses a stronger encryption system.
  42. KeyLogger — A software program that captures all keystrokes that a user performs on the system.
  43. Logic Bombs — A piece of code (usually malicious) that runs when a condition is satisfied.
  44. Light Weight Directory Access Protocol (LDAP) — Lightweight client-server protocol on Windows, central place for authentication. Stores usernames and passwords to validate users on a network.
  45. Malware — Short for “Malicious Software”. Everything from viruses to backdoors is malware.
  46. MAC Address — Unique address assigned to a Network Interface Card and is used as an identifier for local area networks. Easy to spoof.
  47. Multi-factor Authentication — Using more than one method of authentication to access a service. eg. username/password with mobile OTP to access a bank account (two-factor authentication)
  48. MD5 — Widely used hashing algorithm. Once a favorite, it has many vulnerabilities.
  49. Metasploit — All in one penetration testing framework that helps to successfully exploit vulnerabilities and gain access to target systems.
  50. Meterpreter — An advanced Metasploit payload that lives in memory and hard to trace.
  51. Null-Byte Injection — An older exploit, uses null bytes (i.e. %00, or 0x00 in hexadecimal) to URLs. This makes web servers return random/unwanted data which might be useful for the attacker. Easily prevented by doing sanity checks.
  52. Network Interface Card(NIC) — Hardware that helps a device connect to a network.
  53. Network Address Translation — Utility that translates your local IP address into a global IP address. eg. your local IP might be 192.168.1.4 but to access the internet, you need a global IP address (from your router).
  54. Nmap — Popular network scanning tool that gives information about systems, open ports, services, and operating system versions.
  55. Netcat — Simple but powerful tool that can view and record data on TCP or UDP network connections. Since it is not actively maintained, NCat is preferred.
  56. Nikto — A popular web application scanner, helps to find over 6700 vulnerabilities including server configurations and installed web server software.
  57. Nessus — Commercial alternative to NMap, provides a detailed list of vulnerabilities based on scan results.
  58. Packet — Data is sent and received by systems via packets. Contains information like source IP, destination IP, protocol, and other information.
  59. Password Cracking — Cracking an encrypted password using tools like John the Ripper when you don't have access to the key.
  60. Password Sniffing — Performing man-in-the-middle attacks using tools like Wireshark to find password hashes.
  61. Patch — A software update released by a vendor to fix a bug or vulnerability in a software system.
  62. Phishing — Building fake websites that look remarkably similar to legitimate websites (like Facebook) to capture sensitive information.
  63. Ping Sweep — A technique that tries to ping a system to see if it is alive on the network.
  64. Public Key Cryptography — Encryption mechanism that users a pair of keys, one private and one public. The sender will encrypt a message using your public key which then you can decrypt using your private key.
  65. Public Key Infrastructure — A public key infrastructure (PKI) is a system to create, store, and distribute digital certificates. This helps sysadmins verify that a particular public key belongs to a certain authorized entity.
  66. Personally Identifiable Information (PII) — Any information that identified a user. eg. Address, Phone number, etc.
  67. Payload — A piece of code (usually malicious) that performs a specific function. eg. Keylogger.
  68. PCI-DSS — Payment Card Industry Data Security Standard. If you are working with customer credit cards, you should be PCI-DSS compliant.
  69. Ransomware — Malware that locks your system using encryption and asks you to pay a price to get the key to unlock it.
  70. Rainbow Table — Pre-calculated password hashes that will help you crack password hashes of the target easily.
  71. Reconnaissance — Finding data about the target using methods such as google search, social media, and other publicly available information.
  72. Reverse Engineering — Rebuilding a piece of software based on its functions.
  73. Role-Based Access — Providing a set of authorizations for a role other than a user. eg. “Managers” role will have a set of permissions while the “developers” role will have a different set of permissions.
  74. Rootkit — A rootkit is a malware that provides unauthorized users admin privileges. Rootkits include keyloggers, password sniffers, etc.
  75. Scanning — Sending packets to a system and gaining information about the target system using the packets received. This involved the 3-way-handshake.
  76. Secure Shell (SSH) — Protocol that establishes an encrypted communication channel between a client and a server. You can use ssh to log in to remote servers and perform system administration.
  77. Session — A session is a duration in which a communication channel is open between a client and a server. eg. the time between logging into a website and logging out is a session.
  78. Session Hijacking — Taking over someone else’s session by pretending to the client. This is achieved by stealing cookies and session tokens. eg. after you authenticate with your bank, an attacker can steal your session to perform financial transactions on your behalf.
  79. Social Engineering — The art of tricking people into making them do something that is not in their best interest. eg. convincing someone to provide their password over the phone.
  80. Secure Hashing Algorithm (SHA) — Widely used family of encryption algorithms. SHA256 is considered highly secure compared to earlier versions like SHA 1. It is also a one-way algorithm, unlike an encryption algorithm that you can decrypt. Once you hash a message, you can only compare it with another hash, you cannot re-hash it to its earlier format.
  81. Sniffing — performing man-in-the-middle attacks on networks. Includes wired and wireless networks.
  82. Spam — Unwanted digital communication, including email, social media messages, etc. Usually tries to get you into a malicious website.
  83. Syslog — System logging protocol, used by system administrators to capture all activity on a server. Usually stored on a separate server to retain logs in the event of an attack.
  84. Secure Sockets Layer (SSL) — Establishes an encrypted tunnel between the client and server. eg. when you submit passwords on Facebook, only the encrypted text will be visible for sniffers and not your original password.
  85. Snort — Lightweight open-source Intrusion Detection System for Windows and Linux.
  86. SQL Injection — A type of attack that can be performed on web applications using SQL databases. Happens when the site does not validate user input.
  87. Trojan — Malware hidden within useful software. eg. a pirated version of MS office can contain trojans that will execute when you install and run the software.
  88. Traceroute — Tool that maps the route a packet takes between the source and destination.
  89. Tunnel — Creating a private encrypted channel between two or more computers. Only allowed devices on the network can communicate through this tunnel.
  90. Virtual Private Network — A subnetwork created within a network, mainly to encrypt traffic. eg. connecting to a VPN to access a blocked third-party site.
  91. Virus — A piece of code that is created to perform a specific action on the target systems. A virus has to be triggered to execute eg. automatically playing a USB drive.
  92. Vulnerability — A point of attack that is caused by a bug / poor system design. eg. lack of input validation causes attackers to perform SQL injection attacks on a website.
  93. War Driving — Travelling through a neighborhood looking for unprotected wifi networks to attack.
  94. WHOIS — Helps to find information about IP addresses, its owners, DNS records, etc.
  95. Wireshark — Open source program to analyze network traffic and filter requests and responses for network debugging.
  96. Worm — A malware program capable of replicating itself and spreading to other connected systems. eg. a worm to build a botnet. Unlike Viruses, Worms don't need a trigger.
  97. Wireless Application Protocol (WAP) — Protocol that helps mobile devices connect to the internet.
  98. Web Application Firewall (WAF) — Firewalls for web applications that help with cross-site scripting, Denial of Service, etc.
  99. Zero-Day — A newly discovered vulnerability in a system for which there is no patch yet. Zero-day vulnerabilities are the most dangerous type of vulnerability since there is no possible way to protect against one.
  100. Zombie — A compromised computer, controlled by an attacker. A group of zombies is called a Botnet.

Loved this article? Join my Newsletter and get a summary of my articles and videos sent to your email every Monday. You can also connect with me here.

Tags

Great! You've successfully subscribed.
Great! Next, complete checkout for full access.
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.