Skip to main content

Glossary

API (Application Programming Interface) — an interface that defines how a program can interact with another program.

API authorization token (Authorization token, Token) — a set of characters used to authenticate users in the system without using the user interface.

Application security — a set of measures taken to improve the security of an application often by finding, fixing, and preventing security vulnerabilities.

Bug tracking system (Bug tracker) — a software application that tracks reported software bugs in software development projects. Examples: Jira, Redmine.

CI/CD system — a system that combines continuous integration, continuous delivery, and continuous development practices. CI/CD systems can be integrated into the development process with SDLC and SSDLC methods. Examples: TeamCity, Jenkins.

Continuous Delivery (CD) — a software development practice. According to this practice, teams produce software in short sprints.

Continuous Deployment (CD) — a software release practice that uses automated testing to validate if changes to a code base are correct and stable for immediate autonomous deployment to a production environment.

Continuous Integration (CI) — a software development practice that consists in regular merging working copies into a main development branch and performing automated builds of a project to identify potential defects and solve integration problems.

Command Line Interface (CLI, terminal, console) — an interface that processes commands for a computer program in the text form.

Command Line Tools (CLT) — applications without graphical interface operated through terminal.

Configuration file — a file with application settings.

Executable file — a compiled file. Examples of extensions for executable files: .exe, .com, .bat, .bin, .dmg, .app.

Information security tools — a set of engineering, electronic and other tools that are used to manage information security issues. Examples: information leakage protection systems, web application firewalls.

Integrated Development Environment (IDE) — a software application that provides tools for software development. An IDE usually consists of a source code editor, build automation tools, and a debugger. Examples: Eclipse, IntelliJ IDEA.

Integration — a process of data exchange between systems with its possible processing.

LDAP (Lightweight Directory Access Protocol) — application protocol for accessing and maintaining distributed directory information services. Uses TCP/IP, and has bind, search, compare, add, change, and remove operators.

Plugin — an independently compiled software module that dynamically connects to the main program and expands its functionality.

Project ID — the first six symbols of UUID. Project ID can be used to search for a project in the list but UUID is the full identifier of the project. Example: d4d1e2.

Script — a sequence of actions created to complete a task automatically.

Software Development Lifecycle (SDLC) — a software development methodology that provides quality and correctness of the software. SDLC methodology consists of the following phases: requirements analysis, design, development, testing, deployment, maintenance.

Software Bill of Materials (SBOM) — a document that provides a detailed inventory of the components and dependencies used in a software project. It also lists all of the libraries, frameworks, and their respective versions that are utilized within the software.

Secure Software Development Lifecycle (SSDLC, DevSecOps) — a software development methodology used by organizations to build secure applications. SSDLC methodology defines how to integrate security into software development process. Additional security steps are taken at each stage of the SDLC. For example: analyzing risks during the requirements analysis phase, assessing risks during the design phase, applying static code analysis during the development phase, checking the fulfillment of security requirements during the testing phase, monitoring threats and responding to incidents during the deployment and maintenance phases.

Trace — a set of program instructions that are executed sequentially. In DerScanner, the entry trace is a diagram that shows the path of vulnerability data. This path is identified by data flow analysis.

UUID (Universally Unique Identifier) — a 128-bit number used to identify information. Example: d4d1e2da-6b82-4350-829b-d3883592f4c8.

VCS hosting — a web service for hosting projects and their joint development. Examples: GitLab, GitHub, Bitbucket.

Version Control System (VCS) — a software tool used to record changes to the files and track changes in the code. Examples: Git, Subversion.

Web Application Firewall (WAF) — an application with a set of filters designed to detect and block network attacks on a web application. Examples: ModSecurity, Imperva SecureSphere, F5. The DerScanner interface provides instructions for setting up these systems for discovered vulnerabilities.

Webhook — an event notification mechanism for web service users.

XPath (XML path language) — the query language for XML documents.