Security Glossary

Testing API endpoints with various inputs to discover vulnerabilities, undocumented endpoints, or parameter injection points.

A trial-and-error method used to obtain information such as passwords or directories by systematically checking all possible combinations.

The process of finding hidden files, directories, or resources on a web server that are not directly linked or referenced.

A web security vulnerability that allows attackers to read arbitrary files on the server by manipulating file path references.

A software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program to find coding errors and security loopholes.

Fast web fuzzer written in Go. A tool used for web application security testing through fuzzing various elements like directories, files, parameters, and more.

In FFUF, criteria used to exclude unwanted responses from results, opposite of matchers.

Three-digit codes returned by web servers indicating the result of an HTTP request. Used in fuzzing to filter and identify interesting responses.

Request methods like GET, POST, PUT, DELETE used in HTTP protocol. Fuzzing different methods can reveal hidden functionality.

In FFUF, criteria used to identify interesting responses, such as matching specific status codes, sizes, or content patterns.

The process of testing web application parameters with various inputs to discover vulnerabilities, hidden functionality, or unexpected behavior.

The data or input being tested during fuzzing operations, typically read from wordlists or generated programmatically.

Technique used to filter fuzzing results based on criteria like status codes, response size, word count, or response time to identify significant findings.

A technique to control the number of requests sent to a server within a specific timeframe, preventing server overload during fuzzing operations.

A fuzzing technique where discovered directories are automatically fuzzed again to find deeper nested resources and paths.

The process of examining server responses during fuzzing to identify patterns, anomalies, and potential security issues.

The process of discovering subdomains of a target domain to identify additional attack surfaces and potential vulnerabilities.

A method for hosting multiple domain names on a single server. vHost fuzzing helps discover hidden subdomains or applications on a web server.

A file containing a list of words, paths, or values used as input for fuzzing operations. Common wordlists include directories, subdomains, usernames, and passwords.

A security solution that monitors and filters HTTP traffic to protect web applications from attacks. Can interfere with fuzzing operations.