This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit


Revision as of 05:58, 4 May 2006 by Deleted user (talk | contribs)

Jump to: navigation, search


See: #Triple DES

Access Control List

A list of credentials attached to a resource indicating whether or not the cre¬¬dentials have access to the resource.


Access Control List

Active attack

Any network-based attack other than simple eavesdropping — i.e., a passive attack).

Advanced Encryption Standard

A fast general-purpose block cipher standardized by NIST (the National Institute of Standards and Technology). The AES selection process was a multi-year competition, where Rijndael was the winning cipher.


See: #Advanced Encryption Standard


Referring to technology that detects or thwarts the use of a debugger on a piece of software.


Referring to technology that attempts to thwart the reverse engineering and patching of a piece of software in binary format.

Architectural security assessment

See: #Threat Model


Abstract Syntax Notation is a language for representing data objects. It is popular to use this in specifying cryptographic protocols, usually using DER (Distinguished Encoding Rules), which allows the data layout to be unambiguously specified. See also: #Distinguished Encoding Rules.

Asymmetric cryptography

Cryptography involving public keys, as opposed to cryptography making use of shared secrets. See also: #Symmetric cryptography.


In the context of security, a review of a system in order to validate the security of the system. Generally, this either refers to code auditing or reviewing audit logs. See also: #Audit log; #code auditing.

Audit log

Records that are kept for the purpose of later verifying that the security properties of a system have remained intact.

Authenticate- and-encrypt

When using a cipher to encrypt and a MAC to provide message integrity, this paradigm specifies that one authenticates the plaintext and encrypts the plaintext, possibly in parallel. This is not secure in the general case. See also: #Authenticate-then-encrypt; #encrypt-then-authenticate.

Pages in category "Glossary"

This category contains only the following page.