« New cert program for Application Security Specialists | Main | Metasploit shut down by FBI and DHS »

Announcing month of new security buzzwords

In the tradition of Month of Bugs we're pleased to announce the month of security buzzwords, complete with abbreviations.

#1 Remote Command Injection (RCI)
#2 Remote Filestream Inclusion (RFSI)
#3 Cam Jacking (CJ)
#4 Cross-Port Request Forgery (XPRF)
#5 Cross-Site Fixation (XSF)
#6 HTTP Gerbiling (HTTP-Gerbil)
#7 Host Request Splitting (HRS)
#8 Double Credential Reflection Looping (DCRL)
#9 Heap Showering (SHOWER)
#10 Proxy Jacking (PJ)
#11 HTTP Riding (HR)
#12 Tiny Blue Pill Attack (VIAGRA)
#13 Side Jacking (SJ)
#14 Reverse Backdoor Plugging (RBP)
#15 Active Site Scripting (ASS)
#16 Cloud Jacking (CJ)
#17 Proxy In The Middle attack (PITM)
#18 Cross-page Channel Smurfing (XPCS)
#19 Blue-Pill Obfuscation Bypass Internal Traversaling (PILLOBITing)
#20 Proxy Request Smuggling (PRS)
#21 Man in the Browser Helper Object (MITBHO)
#22 Stack Shattering (SS)
#23 HTTP Galloping (HORSEY)
#24 Cross Metadactyling (XMETA)
#25 Data Type Redirectioning (DTR)
#26 XSLT Foreign Object Insertion (XSLTROI)
#27 Cloud Surfing (CLOUDING)
#28 Stack Tumbling (STMBL)
#29 Cyber Jacking (CYBER)
#30 Cross-context Fixation (X-F)

Thanks to HD Moore and my co workers for helping compile this list, and PDP for the inspiration.


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!

You forgot "Cross Cross Cross - XXX"

Some of these sound less like computer exploit techniques and more like something you'd find on *ahem* some other less savory areas of the Internet.

Thanks for the credits. :) Btw, some of these "new terms" bring good ideas for research.

hmm, should have make an exploi, but "copy/paste-jacking" is great! :)

Great list :-) Was disappointed to not find "Universal" anywhere, though.