Glossary

CDN:

Content Delivery Networks like Akamai, Amazon, and CloudFlare allow web developers to have there site resources hosted around the world on 3rd party CDN servers. This allows the web developers to use smaller servers as they offload bandwidth and also give the end users a more responsive experience. This can also open your site up to another vulnerability vector.

CIS:

Center for Internet Security, this organization provides standards for many common applications and systems. The CIS Benchmarks are PDFs with secure settings that should be followed. CIS also has preconfigured OSs that are stripped down and hardened so developers have a good starting point and can peal back only what they need.

DOM:

Document Object Model; This is a data structure used to represent the browsers understanding of the web pages' structure. This includes ordering/layout of elements, styling of elements from css files, and any other edits that may be done by JavaScript or similar. Once complete the browser draws to screen and this process is repeated as the user interacts with the page or after a set amount of time (think news feeds).

DOM Tree:

This is the same as the DOM but because of the DOMs structure of nodes and encapsulated nodes (much like HTMLs tagging). Developers will often refer to the DOM as the DOM Tree.

Out-of-Band:

Out-of-band data is data transferred through a stream that is independent from the standard in-band data stream. An out-of-band data mechanism provides a conceptually independent channel, which allows any data sent via that mechanism to be kept separate from in-band data.

Browser Security Model:

LAMP:

One of the most popular stacks: Linux, Apache, MySQL, PHP

XAMP:

Any OS, Apache, MySQL, PHP

MEAN:

A modern and lean web stack. Often used for single application or mobile hosting. MongoDB, Express.js(server-side), AngularJS (client-side framework) often swapped out for others, and Node.js for the runtime environment.

Python-Django Stack:

Python, Django(client framework), Apache, MySQL

.NetStack:

C#(.NET), Cassandra, MS SQL, Visual Studio

ROR stack:

This had some extreme popularity for a while and is dropping off in favor of JS based stacks but are still commonly seen in the wild. Ruby, Rails, MySQl, Apache

Relational DB:

This is a database that uses keys to reference other database items. This allows a single data point to be located in only one place and then referenced with keys in other tables. An example of this may be a credit card database that has a key linking back to the user who it belongs to in the user table. This type of database can also have data integrity constraints that for certain fields to not be null or force something like a username to be unique. These can also be transactional, meaning that you can link DB commands so that if one fails the whole set will fail. So if a user tires to create an account but the email is already taken, it wont populate the other fields in the DB like the username and phone number.

Non-Relational DB:

This type of DB (like NoSQL) give up the data integrity and transactional constraints for higher speeds since SQL is often the speed bottleneck of a website. In these databases the data can be stored in various ways (key:value, json, xml) and also the queries will be non standard (although are often mySQL like).

Distributed Caches:

Services like Redis and Memcached will stand between a webapp and the sql database. This will allow for fast retrieval of commonly accessed resources. These distributed caches can also be shared between several servers and apps that need to use the same dataset. The caching service will also update itself as changes are made to the DB or items become more commonly requested(cache misses).

SDLC:

Software Development Lifecycle. Basically software dev using an agile or similar cycle and central repo for coding with the least amount of conflicts and hitting deliverables in a organized fashion.