Website Security Terminology @ Sucuri Blog

Posted Thursday, July 30, 2015 at 12:39 pm in Hosting & Security

If you want to keep your website safe, it is important to understand the terminology used to describe the causes and effects of hacks. Software vulnerabilities and access control issues are two of the main causes of website infections, and in this post we will define some of the terminology used to describe them. consequences.

Here’s a short list of the terms. Read the full post at the Sucuri Blog.

1. Blacklist

When a website is blacklisted, a red warning page stops visitors to your website, or your search results might show a text warning.

2. Spam

There are numerous ways hackers can use your website to distribute spam.

3. Malicious Redirects

When a website is hacked, the attacker can force all your visitors to go to another webpage.

4. Drive-by-Downloads

Common hacks don’t usually target websites specifically, but the risk to your website involves the exploitation of your server resources or your visitors.

5. Data Exfiltration

Data exfiltration is the act of taking information out of your web application that is unauthorized.

6. Phishing

Phishing is on the rise, it’s the process in which an attacker looks to confuse the enduser into sharing their sensitive information.

Causes: Terminology Associated With Website Attacks

The more you know about the ways that can let an attacker into your website, the better you will be able to arm yourself against the odds.

1. Vulnerability Exploitation

There are various attack vectors an attacker can try to exploit when trying to abuse your website.

a. Remote and Local File Inclusion

Remote File Inclusion vulnerabilities take advantage of abuse features within programming language that allow a developer to include code from other files, specifically known as the “dynamic file include” mechanism.

b. Privilege Escalation

This kind of software vulnerability allows an attacker to gain elevated access…

c. SQL Injection

Structured Query Language (SQL) Injection (SQLi) vulnerabilities are very common and dangerous software vulnerabilities.

d. Cross Site Scripting

Cross Site Scripting (XSS) software vulnerabilities are perhaps the more common vulnerabilities you find when working with web applications.

e. Remote Code Execution

Remote Code Execution (RCE) software vulnerabilities sit at the top of the hill when it comes to scary attack vectors.

2. Distributed Denial of Service

Distributed Denial of Service (DDOS) are attacks in which the malicious person is looking to disrupt the availability of your website.

3. Brute Force

Brute Force attacks focus on abusing your access control mechanisms (i.e., how you log into your web application).

In Conclusion

I hope this list helps clear up some of the terminology we use in our disclosures and discussions about website security risks.

Read the full blog posts here – By Alycia Mitchell – Author for Securi on July 7, 2015