Glossary of Terms: Web Applications

The following terms are commonly used and referenced along with the Web Application Security and Web Application Headers risk vectors.

Browser

Application software used to locate, display, and interact with content. Content can be a webpage containing files and digital media (images and videos) or a web application. Most browsers can be used to access information over the Internet, information in local networks, or locally stored files.

Resource

Lenovo, “What is a browser?”

Content Security Policy (CSP)

A directive that protects web applications against code injection.

Cookie

A text file stored for a website to provide the user continuity when visiting the site. The information could be login and authentication, user preferences, shopping cart contents, etc.

Directive

Instructions or rules stated within web application headers for how the browser should behave, often with a focus on security.

Framework

Pre-built tools that simplify and standardize web application development.

Operating System

System software that manages computer hardware and software resources and provides common services for computer programs.

Examples: Microsoft Windows, Linux, Unix, Mac OS

Header

A Hypertext Transfer Protocol header (a.k.a. web application header or HTTP header) defines how communications between users of web-connected applications and applications hosted in web servers should be conducted.

Redirect

A directive that instructs the browser to visit a different URL from the original link.

Subresource Integrity (SRI)

Resource

Bitsight Blog, “Web Application Security for DevOps: CORS & SRI”