An authentication system which requires two sets of credentials, for example fingerprint and password.
An application, typically one which runs on a smartphone or tablet.
The analysis of an application, to determine security vulnerabilities which may be present in it.
Data that is at rest is stored on a permanent storage medium, for example on a hard disk. See also: on the move.
The process of providing credentials, typically in proving your identity to gain access to a resource that others would not be permitted access to.
The computer systems (typically servers) which applications communicate with to store or retrieve data and to perform specific tasks.
A type of application security test which involves no insider knowledge of how the application is built, its architecture or its source code. The opposite of white box testing.
See also:grey box testing
An attack which involves attempting many combinations very quickly. Typically this involves trying to authenticate as a user by trying many different passwords
A digital means to prove that you are who you say you are. This can be used, for example, to sign a document to prove that it’s not been tampered with since you wrote it, or to prove that a website that you’re visiting really does belong to the company you expect.
A review of an application’s source code to determine security vulnerabilities which may be present in it.
The information needed to gain access to a particular resource, such as your username and password.
The process of analysing the behaviour of an application as it runs, to determine security vulnerabilities which may be present in it.
See also: SAST (Static Application Security Testing).
A dictionary attack is typically performed against a particular user’s password. It involves trying all words, one by one, from a generated list. For added effectiveness, the word list can be tailored to a target
An attack which aims to prevent a service from working, usually temporarily
The process of converting data into a code. A key is required to convert the code back to the original data.
To make use of a vulnerability, typically as a step towards gaining unauthorised access to a resource.
Attempting, with permission and without intent to cause damage, to gain access to an endpoint without authorisation. An endpoint may for example be a computer system, a piece of data, an application or an account.
A type of application security test for which no significant insider knowledge is provided. However for time/cost effectiveness, the tester may be provided up front some information which would usually be discoverable through analysis.
A mix of black box testing and white box testing.
A step that can be taken, or a situation which exists, to lessen the severity of a vulnerability
Data is on the move when it is being transmitted from one place to another, typically over the internet or a local network
See also: at rest.
The process of testing a system to determine whether it’s possible to gain unauthorised access to it.
The process of analysing an application’s architecture and source code to determine security vulnerabilities which may be present in it.
See also: DAST (Dynamic Application Security Testing).
Any data or functionality which if compromised would cause (typically personal or financial) damage.
An issue that exists in a system which would allow a user to gain access to resources or functionality that she/he would not ordinarily be permitted to.
A type of application which is run in a web browser, typically by visiting a page on the internet.
A type of application security test for which insider knowledge is provided up front, typically including how the application is built, its architecture and its source code. The opposite of black box testing.
See also: grey box testing
We are based in Hampshire, UK, with clients all over the world. For a free 20 minute consultation, please enter your details here.