Attack vector

An attack vector is a path or means by which a hacker can gain access to a network resource to deliver a payload.

Brute-force attack

A brute-force attack consists of an attacker systematically checking all possible passwords and passphrases until the correct one is found. See OWASP.

Certificate authority

A certificate authority is an entity that issues digital certificates. See Wikipedia.

Circular buffer

A circular buffer is a data structure that uses a single, fixed-size buffer as if it were connected end-to-end. See Wikipedia.

CRLF injection

The term CRLF refers to Carriage Return (ASCII 13, \r) Line Feed (ASCII 10, \n). They're used to note the termination of a line, however, dealt with differently in today’s popular Operating Systems. See OWASP


A cross-site request forgery, abbreviated as CSRF or XSRF, is a type of malicious exploit where unauthorized commands are transmitted from a user that the web application trusts. See OWASP.

Forced browsing

Forced browsing is an attack where the aim is to enumerate and access resources that are not referenced by the application, but are still accessible. See OWASP.

Invalid request

A request that was checked by filter node and does not match LOM rules.

LDAP injection

LDAP Injection is an attack used to exploit web based applications that construct LDAP statements based on user input. See OWASP

Logic bomb

A logic bomb is a piece of malicious code that executes when specific trigger conditions are met. A typical example would be a program that monitors a company's payroll system, and attacks the company if a specific employee is terminated. See OWASP


LOM stands for Local Objective Model. LOM is a set of rules for a particular web application. The set of rules is generated based on user requests to the web application and the application's responses.


A man in the middle (MITM) attack consists of an attacker secretly relaying the communication between two parties who believe they are directly communicating with each other. See OWASP.

NoSQL injection

NoSQL injection is an SQL injection that targets NoSQL databases. See OWASP

Open redirect

Unvalidated redirects and forwards that are possible when a web application accepts untrusted input that could cause the web application to redirect the request to a URL contained within untrusted input. See OWASP

Path traversal

A path traversal attack (also known as directory traversal) aims to access files and directories that are stored outside the web root folder by manipulating variables that reference files with “dot-dot-slash (../)” sequences and its variations or by using absolute file paths. See OWASP

Port scanner

A port scanner is an application designed to probe a server or host for open ports. Such an application may be used by attackers to identify network services running on a host and exploit vulnerabilities. See Wikipedia


A Remote Code Execution (RCE) is an attacker's ability to execute any command of the attacker's choice on a target machine. See Wikipedia.

Reverse proxy

A reverse proxy is a type of proxy server that retrieves resources on behalf of a client from a server and the returns the resources to the client as if they originated from the Web server itself. See Wikipedia.

Security incident

A security incident is an occurrence of a vulnerability exploitation. An incident is an attack targeted at a confirmed vulnerability. An incident, just like an attack, is an entity external to your system and is a characteristic of the outside Internet, not the system itself. Despite the fact that the attacks targeted at existing vulnerabilities are a minority, they are of the utmost importance in terms of information security. Wallarm automatically detects the attacks targeted at existing vulnerabilities and displays them as a separate object.


An SQL Injection is a code injection technique used to attack data-driven applications. See OWASP.

Virtual patch

A virtual patch is a security policy enforcement layer which prevents the exploitation of a known vulnerability. See OWASP


A vulnerability is an error made due to negligence or inadequate information when building or implementing a web application that can lead to an information security risk.

The information security risks are:

  • Unauthorized data access; for example, access to read and modify user data.
  • Denial of service.
  • Data corruption and other.

A vulnerability is not a characteristic of the Internet. A vulnerability is a characteristic of your system. Whether or not you have vulnerabilities does not depend on your Internet traffic. The Internet traffic, however, can be used to detect the vulnerabilities, which is what Wallarm does, among other functions.

XML External Entity

An XML External Entity attack is a type of attack against an application that parses XML input. It may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts. See OWASP_Processing)


Cross-site scripting (XSS) enables attackers to inject client-side scripts into web pages viewed by other users. See OWASP.

results matching ""

    No results matching ""