Glossary

The information security sector uses many terms specific to this field of activity.

We explain here some terms and concepts frequently used on our website, so that everyone can familiarize with the main terms used.
This page will be progressively completed, don’t hesitate to let us know which terms you would like to see there too.

GLOSSARY

Denial of service (DoS)

A denial of service attack aims to make unavailable a server, a network, an application, either by overloading equipment (bandwidth, firewall…) or by targeting a vulnerability. The attack comes from a single machine.

Distributed denial of service (DDoS)

A distributed denial of service has the same goal as a DoS attack, to make unavailable a server, a service, an application, but the attack comes this time simultaneously from many machines.

Social engineering

Manipulation techniques that aim to influence the contacts’ behavior in order to obtain confidential information or to make them carry out actions that could lead to a security incident, in the context of a cyberattack.

SQL Injection

An injection type attack that aims to interact with the application’s database, through the application’s functionalities.

Logic flaw/vulnerability

A logic flaw is found when a logic step or a workflow can be avoided, or when the expected behaviour of a site or application can be bypassed.

Pentest

Penetration Test. A security evaluation method that consists in simulating malicious attacks in order to detect vulnerabilities of an application or a system.

Phishing

Email attack sent to a larger number a people.

Spear phishing

Targeted and personalized attack sent per email to a small number of people.

OWASP

Open Web Application Security Project.
A free community working on the security of Web applications. Its publications are recognized for their value, such as the Top 10 which lists the main security flaws in web applications.

Vishing

Voice phishing. Equivalent of phishing used in social engineering attacks.

XSS / Cross Site Scripting

An attack consisting of inserting dangerous content into a target site. It can result in total modification of the site’s content or in data theft.
Contact us