Cascading Style Sheets. The language for designing web pages and adding style.
an object-oriented computer programming language commonly used to create interactive effects within web browsers.
in computer programming languages and especially JavaScript, is the process of removing all unnecessary characters from source code without changing its functionality.
Open Web Application Security Project; highly-regarded organization and much used by cybersecurity professionals.
An organized collection of data (e.g., text, images, videos, audio, geospatial, tabular) An electronic system that allows data to be easily accessed, manipulated and updated via a Database Management System (DBMS).
A set of data elements (values) using a model of vertical columns (shown by a name) and horizontal rows (fields), the cell (record) being the unit where a row and column intersect. A table has a specified number of columns by design, but can have any number of rows.
Let you quickly perform an action on a table in a database like apply changes or retrieve information.
refers to an injection attack wherein an attacker can execute malicious SQL statements (also commonly referred to as a malicious payload) that control a web application's database server (also commonly referred to as a Relational Database Management System – RDBMS).
Cross-site scripting (XSS) is a security bug that can affect websites. If present in your website, this bug can allow an attacker to add their own malicious JavaScript code onto the HTML pages displayed to your users. Once executed by the victim's browser, this code could then perform actions such as completely changing the behavior or appearance of the website, stealing private data, or performing actions on behalf of the user.
Structured Query Language; Programming language for managing and querying data from a relational database.
A question (noun) or to ask a question (verb) - often in relation to a database.
How we define what is stored in a table.
Represents a piece of information (or attribute).
A set of data elements (values) using a model of vertical columns (shown by a name) and horizontal rows (fields), the cell (record) being the unit where a row and column intersect. A table has a specified number of columns by design, but can have any number of rows.
One entry in a table. Each row has an ID that is unique to the table.
A statement in SQL that allows you to ask for a row or multiple rows from a table in a database.
a clause in SQL that allows you to filter results of s SELECT with certain conditions.
Client devices are typically personal computing devices with network software applications installed that request and receive information over the network or Internet. Mobile devices like your smart phone, tablets, iPads, laptops and also desktop computers can can all function as clients.
Examples of servers include web servers, mail servers, and file servers. Each of these servers provide resources to client devices. Most servers have a one-to-many relationship with clients, meaning a single server can provide multiple resources to multiple clients at one time.
Client-server applications are programs or apps that run on our client devices AND need to access resources from a server. In other words, they need help and can’t do what they need to do alone.
A server computer program or application provides functionality for client programs or devices. So a single overall computation is distributed across multiple processes or devices. Servers can provide various functionalities, often called "services", such as sharing data or resources among multiple clients, or performing computation for a client.
Client devices and applications are often referred to as the “front end” - meaning what the user actually sees.
Server devices and applications are often referred to as the “back end” - meaning the user doesn’t actually SEE what is happening; it’s hidden from their view and they just see the results on their end.
Clients and servers communicate over a computer network on separate hardware, but both client and server may reside in the same system. A server host runs one or more server programs which share their resources with clients. A client does not share any of its resources, but requests a server's content or service function. Servers store and protect data and process requests from clients. Clients make requests and format data on the device for the end user.
An injection risk where the website returns errors that the hacker can use to explore the database more. This is the first clear test that an attacker can use to test to see if a site is vulnerable. It is usually displayed as an unhandled internal exception error. This info is meant for the developer and is not meant to go back and deliver it to a person’s webpage.
An injection risk where the attacker can add a condition that’s always true, like 1=1, often by appending it to the query to pull up even more in a results set. This fundamentally changes the query and can allow someone to pull the entire contents of the database.
Often used when error-based and union-based SQLi do not work. It essentially involves asking the database a series of targeting questions and based on the results gives clues as to how to get the DB to give up its contents.
