https://github.com/dfop02/hacking-dict

A dictionary with hacking techniques and their definitions
https://github.com/dfop02/hacking-dict

Last synced: 4 months ago
JSON representation

A dictionary with hacking techniques and their definitions

• Host: GitHub
• URL: https://github.com/dfop02/hacking-dict
• Owner: dfop02
• Created: 2021-05-12T22:34:03.000Z (about 5 years ago)
• Default Branch: main
• Last Pushed: 2021-05-12T23:13:36.000Z (about 5 years ago)
• Last Synced: 2025-10-23T06:56:14.334Z (8 months ago)
• Size: 2.93 KB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# Hacking Dict

A dictionary with hacking techniques and their definitions

[English](https://github.com/dfop02/hacking-dict/blob/main/README.md) | [Português-BR](https://github.com/dfop02/hacking-dict/blob/main/README_pt-br.md)

### Phishing

--- Meaning

> Phishing is a type of social engineering attack often used to steal user data, including login credentials and credit card numbers.

### SQL INJECT

--- Meaning

> SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It generally allows an attacker to view data that they are not normally able to retrieve. This might include data belonging to other users, or any other data that the application itself is able to access. In many cases, an attacker can modify or delete this data, causing persistent changes to the application's content or behavior.

In some situations, an attacker can escalate an SQL injection attack to compromise the underlying server or other back-end infrastructure, or perform a denial-of-service attack.

--- How to Prevent

Most instances of SQL injection can be prevented by using parameterized queries (also known as prepared statements) instead of string concatenation within the query.

Parameterized queries can be used for any situation where untrusted input appears as data within the query, including the WHERE clause and values in an INSERT or UPDATE statement. They can't be used to handle untrusted input in other parts of the query, such as table or column names, or the ORDER BY clause. Application functionality that places untrusted data into those parts of the query will need to take a different approach, such as white-listing permitted input values, or using different logic to deliver the required behavior.

For a parameterized query to be effective in preventing SQL injection, the string that is used in the query must always be a hard-coded constant, and must never contain any variable data from any origin. Do not be tempted to decide case-by-case whether an item of data is trusted, and continue using string concatenation within the query for cases that are considered safe. It is all too easy to make mistakes about the possible origin of data, or for changes in other code to violate assumptions about what data is tainted.

### Cross-site Scripting (XSS)

--- Meaning

> Cross-site Scripting (XSS) is a client-side code injection attack. The attacker aims to execute malicious scripts in a web browser of the victim by including malicious code in a legitimate web page or web application. The actual attack occurs when the victim visits the web page or web application that executes the malicious code.

--- How to Prevent

To keep yourself safe from XSS, you must sanitize your input. Your application code should never output data received as input directly to the browser without checking it for malicious code.