When you’re hustling, time is money and that money comes in coins, not bills. It’s why we made our Website Terminology Glossary for web pros. This free resource for designers, developers, marketers or anyone else makes it easier explaining technical stuff to clients.
Rather than a lengthy back-and-forth, quickly find definitions that break it down in real terms. Start getting time back, and put more of those coins in the bank.
Website Terminology Glossary: Website Security, Vol. 1
When we talk about website security with clients, an easy way to visualize it is like layers of an onion. The principle is simple: the more layers of security you have, the better protected your website and server is from attack.
Protecting websites isn’t just about using a strong password — emphasize that threats come in all shapes and sizes, ranging from targeting uninformed users to taking advantage of known software vulnerabilities. Make it clear that attackers take great lengths to gain access to a website’s sensitive resources and data.
Attack vector
The pathways or methods that hackers use to break into a website and gain unauthorized access. Once the technique is successful, attackers can install malicious code, distribute spam, plant backdoors to keep unauthorized access, or even steal sensitive information.
It’s kinda like
Imagine you are James Bond trying to enter a building to steal important documents. The methods you use to get inside might include tricking the doorman at the entrance with fake ID, climbing in through a half-open window at the side of the building, or blowing up the delivery door so you can gain access.
You also might hear
attack method, type of attack
Backdoor
When a hacker breaks into your website, they often leave behind hidden entry points that allow them to access your site, even after you’ve removed malware. These entry points, known as backdoors, are often designed to be difficult to find. They can also be confused with legitimate website code, making it easy for the hacker to come back again at a later date without being detected.
It’s kinda like
If someone broke into your garage and stole your bird seed, then copied your keys and built a secret hidden tunnel through the floor so that they could come back next week for more.
You also might hear
unauthorized access, backdoor malware, trojan, rootkit
Blocklist
The process of identifying dangerous or hacked websites and warning potential users from browsers, search engines, and desktop antivirus programs. Blocklists help protect web users from online threats. But if your site is blocklisted by a major authority like Google, you’ll likely find a sharp decline in traffic, sales and revenue.
It’s kinda like
A public list of hotels with known bed bug infections
Brute force
An attacker works through every possible combination in an attempt to guess login info, encryption keys, or admin pages. This simple and reliable method lets the hacker sit back and automate their attack with trial-and-error by trying different combinations of popular passwords, usernames — and even dictionary words.
It’s kinda like
You forgot the combination to your four-digit lock, so you just randomly guessed every combination until you finally got the correct answer.
You also might hear
password guessing, dictionary attack, credential recycling, credential stuffing, reverse brute-force
Credit card skimmer
Malicious code injected into a website, server, or payment page to collect sensitive personal and payment or credit card information from visitors. Site visitors often don’t even know their information is stolen until fraudulent purchases are made. This type of malware can have serious consequences for an ecommerce site, impacting reputation, PCI compliance, and even leading to blacklisting.
It’s kinda like
If someone looked over your shoulder when you were buying sneakers, took pictures of your ID and credit card with their cellphone while you were completing the purchase, then used your info to buy a new TV online.
You also might hear
online skimmer, credit card stealer, e-commerce malware, card skimmer, identity theft
Denial of service attack (DoS)
These targeted attacks against websites and servers are intended to disrupt or bring a site down and make it inaccessible. It’s often done by sending so much information to the site at once that it triggers a crash. DoS attacks can also be accomplished by targeting a known vulnerability in the website’s software, making it difficult — or impossible — to access the site, and costing a website owner a lot of time and money in the process.
It’s kinda like
If you went to the library to grab a book, but three other people all came at once and tried to grab it at the same time and nobody could read it.
You also might hear
DDoS, buffer overflow attack, ICMP flood, SYN flood
Exploit
A tool or method that takes advantage of a bug or vulnerability on your website. Exploits often take the form of programs or code designed to let the hacker access your site to steal data or cause unwanted effects. These tools allow attackers to take advantage of security holes to do whatever they want with your site’s resources.
It’s kinda like
The ladder or rope that you use to climb through an open window into a locked building.
You also might hear
Known exploits, 0days, zero-day exploits
Identity theft
Occurs when someone uses another person’s personal or payment information to commit a crime or fraud. Sometimes, stolen information is even sold on the dark web for money, allowing other criminals to access it and use it for a fee.
It’s kinda like
If someone opened a credit card using your name and information and went on a spending spree.
You also might hear
impersonation, credit card theft, data breach
Keyloggers
Monitoring software that records any keys typed on a keyboard. Keyloggers often transmit keystrokes back to third party sites or sources, and can help attackers steal financial or personal information entered on a website.
It’s kinda like
A hidden voice recorder that eavesdrops on every word you speak and sends the conversation back to someone else for review.
You also might hear
keystroke loggers, keylogging apps, keystroke data
Malware
Harmful software or code designed to damage, disrupt, or gain unauthorized access into a website or server. Attackers can use malware to hijack a website, steal information, redirect traffic to spam, or infect site visitors. These intentionally harmful pieces of code can cause serious harm to a website, impact revenue, and damage brand reputation.
It’s kinda like
Viruses and unhealthy bacteria that wreak havoc on the body and are hard to get rid of.
You also might hear
website malware, conditional redirects, malicious JavaScript, backdoors, hacktools, SEO spam, DDoS, malicious redirects, hack, injection, defacements
Phishing
An attempt to trick someone into revealing sensitive information like passwords, usernames, credit card details, and other sensitive information. Phishing attacks often pretend to come from legitimate brands or sources you might be familiar with, and can be found in SMS, emails, and even on websites.
It’s kinda like
Someone trying to pretend to be a valet, only to collect the keys and steal the car.
You also might hear
Email phishing, spear phishing, smishing, vishing, whaling
SQL injection
These attacks inject malicious pieces of code into a website’s vulnerable SQL queries, helping a hacker obtain, tamper, or destroy a site’s information — or even become server admins. Since SQL injections work as legitimate queries on a database, they can be difficult to detect until a site’s content has been obviously modified.
It’s kinda like
Sneaking a gun into the bag of an airport security officer and then retrieving it behind the barrier.
You also might hear
SQL injection vulnerability, SQLi
Vulnerability
A website security risk involving a code flaw, glitch, or weakness. If exploited, vulnerabilities provide a point of entry allowing hackers to gain unauthorized access into your website and server.
It’s kinda like
A thief sneaking in through an open door or smashing through a window with a lead pipe.
You also might hear
software vulnerability, injection flaws, cross-site scripting (XSS), broken authentication, broken access control, security misconfiguration
WAF
An acronym for “web application firewall,” the WAF is a third-party security measure that monitors, controls and blocks malicious traffic coming to your website. These tools act as a shield to filter and inspect any traffic for potentially malicious behavior, blocking attacks before they even reach your site.
It’s kinda like
An airport security officer who checks for weapons and contraband before passengers can go to their gate.
You also might hear
firewall, blocklist WAF, allowlist WAF, network-based WAF, host-based WAF, cloud-based WAF
The post Website Terminology Glossary: Website Security, Vol. 1 appeared first on GoDaddy Blog.
Source: Go Daddy Garage
Republished by Blog Post Promoter