Ethical Hacking Terminologies
-
Ethical Hacking: The authorized and legal practice of probing systems for security vulnerabilities to identify and fix potential weaknesses.
-
Penetration Testing: The process of simulating real-world attacks on a system, network, or application to discover vulnerabilities and weaknesses.
-
Vulnerability Assessment: A systematic review of a system’s security to identify and classify vulnerabilities.
-
Exploit: A piece of software or code that takes advantage of a vulnerability to compromise a system.
-
Payload: The part of the exploit that delivers malicious code or performs a specific action on the target system.
-
Zero-Day Vulnerability: A security flaw in software or hardware that is unknown to the vendor or the public, making it a potential risk for exploitation.
-
Social Engineering: Manipulating individuals to divulge confidential information or perform actions that may compromise security.
-
Phishing: A fraudulent attempt to obtain sensitive information by disguising as a trustworthy entity in electronic communication.
-
Man-in-the-Middle (MitM) Attack: A type of attack where an attacker intercepts and potentially alters communication between two parties without their knowledge.
-
Firewall: A network security device that monitors and controls incoming and outgoing network traffic based on predetermined security rules.
-
Intrusion Detection System (IDS): A security mechanism that monitors and analyzes network or system activities for signs of malicious behavior.
-
Intrusion Prevention System (IPS): A security tool that can detect and actively respond to potential threats by blocking or preventing malicious activities.
-
Sniffing: Intercepting and analyzing network traffic to capture sensitive information such as passwords or other confidential data.
-
Packet Filtering: Examining packets of data and allowing or blocking them based on predetermined criteria, often used in firewalls.
-
Denial of Service (DoS) Attack: Flooding a system, network, or service with excessive traffic to make it unavailable for legitimate users.
-
Distributed Denial of Service (DDoS) Attack: Similar to a DoS attack, but orchestrated from multiple sources to overwhelm the target.
-
Session Hijacking: Gaining unauthorized access to a user’s session, often through the theft of session tokens or cookies.
-
Cross-Site Scripting (XSS): Injecting malicious scripts into web pages viewed by other users.
-
Cross-Site Request Forgery (CSRF): Forcing a user to perform unwanted actions on a web application where they are authenticated.
-
Honeypot: A security mechanism designed to deceive attackers, luring them away from critical systems while monitoring their activities.
-
Cryptography: The practice of secure communication in the presence of third parties, often involving encryption and decryption.
-
SSL/TLS: Protocols for securing communication over a computer network, commonly used for web browsing.
-
Two-Factor Authentication (2FA): Adding an extra layer of security by requiring users to provide two different authentication factors.
-
Brute Force Attack: An attempt to crack a password or encryption key by systematically trying all possible combinations.
-
White Hat Hacker: Ethical hackers who use their skills to help organizations find and fix security vulnerabilities.
-
Black Hat Hacker: Malicious hackers who exploit vulnerabilities for personal gain or to cause harm.
-
Gray Hat Hacker: Individuals who may engage in hacking activities without malicious intent but without explicit authorization.
-
Patch: A software update designed to fix vulnerabilities or improve security in a computer program.
-
Proxy Server: An intermediary server that acts as a gateway between a user and the internet, enhancing security and privacy.
-
Incident Response: The process of managing and mitigating the impact of a security incident, often involving detection, analysis, and recovery.