Related Concepts

  • Request: Message sent to a server with the information of an action this has to do. It comes from the user or another server

  • Response: Message sent from server with the answer to a respective request

  • Framework: Collection of premade code that easily allows a developer to include common features that a website would require

  • AJAX: Asynchronous JavaScript And XML, method for sending and receiving network data in a web application background without interfering with changing the current web page

  • robots.txt: Document that tells search engines which pages are and aren't allowed to show or ban on their search engine results

  • sitemap.xml: List of every file the website owner wishes to be listed on a search engine

  • .well-known: Centralizes a website's critical metadata, including configuration files and information related to its services, protocols, and security mechanisms

    • .well-known/openid-configuration: JSON document containing metadata about the provider's endpoints, supported authentication methods, token issuance, and more

    • .well-known/security.txt: Contains contact information for security researchers to report vulnerabilities.

  • Favicon: Small icon displayed in the browser's address bar or tab

  • VCS: Version Control System, an application that tracks files of a project or website

  • Cookies: Small pieces of data that are stored on a computer to remind the web server of information about the client

  • Fuzzing: Use brute forcing for enumeration to get hidden files, directories, and paths from a website

  • RCE: Remote Code Execution, the capacity of executing commands on the server of an application

  • Pipeline: Consists of a chain of processing elements arranged so that the output of each component is the input of the next one

  • CI/CD: Continuous Integration and Continuous Delivery is the process by which code goes through from the development machine, the testing, and preparation phases until it reaches the hands of the users

  • Uploaded File Exploits: When a server-side app allows uploading files that can be executed through the web app

  • CMS: Content Management System is a software platform that enables users to create, manage, and modify digital content on websites without needing extensive technical knowledge

  • Client-Side App: Most of the logic of the app is written in JavaScript and resides in the web browser rather than in the server

  • Transpiling: Process of converting one coding language into another (normally to JavaScript)

  • Source Map: This shows the original source files that have been transpiled

  • API: Application Programming Interfaces let apps communicate, transmit data, and manage requests more easily

  • Minification: Process of removing all unnecessary characters from the source code, shortening variables, and other actions to optimize the file size

  • SSL: Secure Sockets Layer is a security protocol developed to establish secure, encrypted connections between a client and a server

  • Code signing: Involves adding a digital signature to software and applications to verify that the application, operating system, or any software has not been modified since it was signed

  • WAF: Web Application Firewall is a security solution designed to protect web applications from various attacks that act as a network firewall, but under web services

  • Crawling: Also called spidering, this is the automated process of browsing the web, following links from one page to another, and collecting information. Usually done by bots to discover and index web pages

  • Authentication: Verifying that a user is who they claim to be

  • Authorization: Related to permissions, this is verifying whether a user is allowed to do something

  • MIME: Multipurpose Internet Mail Extensions, is a standard way to classify different types of files and data on the internet

PreviousCVE - ShellshockNextTools and Utilities

Last updated