This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Category:Glossary"
Deleted user (talk | contribs) |
Deleted user (talk | contribs) |
||
| Line 3: | Line 3: | ||
==Access Control List== | ==Access Control List== | ||
A list of credentials attached to a resource indicating whether or not the cre¬¬dentials have access to the resource. | A list of credentials attached to a resource indicating whether or not the cre¬¬dentials have access to the resource. | ||
| − | + | ==ACL== | |
| + | Access Control List | ||
| + | ==Active attack== | ||
| + | Any network-based attack other than simple eavesdropping — i.e., a passive attack). | ||
| + | ==Advanced Encryption Standard== | ||
| + | A fast general-purpose block cipher standardized by NIST (the National Institute of Standards and Technology). The AES selection process was a multi-year competition, where Rijndael was the winning cipher. | ||
| + | ==AES== | ||
| + | See: [[#Advanced Encryption Standard]] | ||
| + | ==Anti-debugger== | ||
| + | Referring to technology that detects or thwarts the use of a debugger on a piece of software. | ||
| + | ==Anti-tampering== | ||
| + | Referring to technology that attempts to thwart the reverse engineering and patching of a piece of software in binary format. | ||
| + | ==Architectural security assessment== | ||
| + | See: [[#Threat Model]] | ||
| + | ==ASN.1== | ||
| + | Abstract Syntax Notation is a language for representing data objects. It is popular to use this in specifying cryptographic protocols, usually using DER (Distinguished Encoding Rules), which allows the data layout to be unambiguously specified. | ||
| + | See also: [[#Distinguished Encoding Rules]]. | ||
| + | ==Asymmetric cryptography== | ||
| + | Cryptography involving public keys, as opposed to cryptography making use of shared secrets. | ||
| + | See also: [[#Symmetric cryptography]]. | ||
| + | ==Audit== | ||
| + | In the context of security, a review of a system in order to validate the security of the system. Generally, this either refers to code auditing or reviewing audit logs. | ||
| + | See also: [[#Audit log]]; [[#code auditing]]. | ||
| + | ==Audit log== | ||
| + | Records that are kept for the purpose of later verifying that the security properties of a system have remained intact. | ||
| + | ==Authenticate- and-encrypt== | ||
| + | When using a cipher to encrypt and a MAC to provide message integrity, this paradigm specifies that one authenticates the plaintext and encrypts the plaintext, possibly in parallel. This is not secure in the general case. | ||
| + | See also: [[#Authenticate-then-encrypt]]; [[#encrypt-then-authenticate]]. | ||
[[Category:Article Type]] | [[Category:Article Type]] | ||
Revision as of 11:58, 4 May 2006
3DES
See: #Triple DES
Access Control List
A list of credentials attached to a resource indicating whether or not the cre¬¬dentials have access to the resource.
ACL
Access Control List
Active attack
Any network-based attack other than simple eavesdropping — i.e., a passive attack).
Advanced Encryption Standard
A fast general-purpose block cipher standardized by NIST (the National Institute of Standards and Technology). The AES selection process was a multi-year competition, where Rijndael was the winning cipher.
AES
See: #Advanced Encryption Standard
Anti-debugger
Referring to technology that detects or thwarts the use of a debugger on a piece of software.
Anti-tampering
Referring to technology that attempts to thwart the reverse engineering and patching of a piece of software in binary format.
Architectural security assessment
See: #Threat Model
ASN.1
Abstract Syntax Notation is a language for representing data objects. It is popular to use this in specifying cryptographic protocols, usually using DER (Distinguished Encoding Rules), which allows the data layout to be unambiguously specified. See also: #Distinguished Encoding Rules.
Asymmetric cryptography
Cryptography involving public keys, as opposed to cryptography making use of shared secrets. See also: #Symmetric cryptography.
Audit
In the context of security, a review of a system in order to validate the security of the system. Generally, this either refers to code auditing or reviewing audit logs. See also: #Audit log; #code auditing.
Audit log
Records that are kept for the purpose of later verifying that the security properties of a system have remained intact.
Authenticate- and-encrypt
When using a cipher to encrypt and a MAC to provide message integrity, this paradigm specifies that one authenticates the plaintext and encrypts the plaintext, possibly in parallel. This is not secure in the general case. See also: #Authenticate-then-encrypt; #encrypt-then-authenticate.
