wasc

Web应用安全联盟

Web Security Glossary#

1.Abuse of Funcationality See also Denial of Service(拒绝服务)
2.ActiveX Controls
3.Brute Force(暴力破解)

An automated process of trial and error used to guess the “secret” protecting a system. Examples of these secrets include usernames, passwords or cryptographic keys. See also “Authentication”, “Insufficient Authentication”, “Password Recovery System”, “Weak Password Recovery Validation”.

4.Content Spoofing(内容欺诈)

An attack technique used to trick a user into thinking that fake web site content is legitimate data.