Announcing month of new security buzzwords
In the tradition of Month of Bugs we're pleased to announce the month of security buzzwords, complete with abbreviations.
#1 Remote Command Injection (RCI)
#2 Remote Filestream Inclusion (RFSI)
#3 Cam Jacking (CJ)
#4 Cross-Port Request Forgery (XPRF)
#5 Cross-Site Fixation (XSF)
#6 HTTP Gerbiling (HTTP-Gerbil)
#7 Host Request Splitting (HRS)
#8 Double Credential Reflection Looping (DCRL)
#9 Heap Showering (SHOWER)
#10 Proxy Jacking (PJ)
#11 HTTP Riding (HR)
#12 Tiny Blue Pill Attack (VIAGRA)
#13 Side Jacking (SJ)
#14 Reverse Backdoor Plugging (RBP)
#15 Active Site Scripting (ASS)
#16 Cloud Jacking (CJ)
#17 Proxy In The Middle attack (PITM)
#18 Cross-page Channel Smurfing (XPCS)
#19 Blue-Pill Obfuscation Bypass Internal Traversaling (PILLOBITing)
#20 Proxy Request Smuggling (PRS)
#21 Man in the Browser Helper Object (MITBHO)
#22 Stack Shattering (SS)
#23 HTTP Galloping (HORSEY)
#24 Cross Metadactyling (XMETA)
#25 Data Type Redirectioning (DTR)
#26 XSLT Foreign Object Insertion (XSLTROI)
#27 Cloud Surfing (CLOUDING)
#28 Stack Tumbling (STMBL)
#29 Cyber Jacking (CYBER)
#30 Cross-context Fixation (X-F)
Thanks to HD Moore and my co workers for helping compile this list, and PDP for the inspiration.
You forgot "Cross Cross Cross - XXX"
Posted by: Anonymous | Apr 1, 2009 10:20:30 AM
Some of these sound less like computer exploit techniques and more like something you'd find on *ahem* some other less savory areas of the Internet.
Posted by: Anonymous | Apr 1, 2009 11:11:52 AM
Thanks for the credits. :) Btw, some of these "new terms" bring good ideas for research.
Posted by: pdp | Apr 2, 2009 1:48:11 AM
hmm, should have make an exploi, but "copy/paste-jacking" is great! :)
Posted by: romain | Apr 2, 2009 5:45:37 AM
Great list :-) Was disappointed to not find "Universal" anywhere, though.
Posted by: Brandon | Apr 3, 2009 10:07:03 AM