Category:Glossary

From OWASP
Revision as of 06:59, 4 May 2006 by Deleted user (Talk | contribs)

Jump to: navigation, search

Contents

3DES

See: #Triple DES

Access Control List

A list of credentials attached to a resource indicating whether or not the cre¬¬dentials have access to the resource.

ACL

Access Control List

Active attack

Any network-based attack other than simple eavesdropping — i.e., a passive attack).

Advanced Encryption Standard

A fast general-purpose block cipher standardized by NIST (the National Institute of Standards and Technology). The AES selection process was a multi-year competition, where Rijndael was the winning cipher.

AES

See: #Advanced Encryption Standard

Anti-debugger

Referring to technology that detects or thwarts the use of a debugger on a piece of software.

Anti-tampering

Referring to technology that attempts to thwart the reverse engineering and patching of a piece of software in binary format.

Architectural security assessment

See: #Threat Model

ASN.1

Abstract Syntax Notation is a language for representing data objects. It is popular to use this in specifying cryptographic protocols, usually using DER (Distinguished Encoding Rules), which allows the data layout to be unambiguously specified. See also: #Distinguished Encoding Rules.

Asymmetric cryptography

Cryptography involving public keys, as opposed to cryptography making use of shared secrets. See also: #Symmetric cryptography.

Audit

In the context of security, a review of a system in order to validate the security of the system. Generally, this either refers to code auditing or reviewing audit logs. See also: #Audit log; #code auditing.

Audit log

Records that are kept for the purpose of later verifying that the security properties of a system have remained intact.

Authenticate- and-encrypt

When using a cipher to encrypt and a MAC to provide message integrity, this paradigm specifies that one authenticates the plaintext and encrypts the plaintext, possibly in parallel. This is not secure in the general case. See also: #Authenticate-then-encrypt; #encrypt-then-authenticate.

Pages in category "Glossary"

This category contains only the following page.