Applies To:

Show Versions Show Versions

Manual Chapter: Configuration Guide for BIG-IP® Application Security Management: Glossary
Manual Chapter
Table of Contents   |   << Previous Chapter


active security policy

The active security policy is the security policy whose criteria are determining the legitimacy of incoming requests for the web application. A web application can have only one active policy at a time.

application flow

See flow.

application security class

The application security class is the logical bridge, or link, between the local traffic components and the application security components. You use the application security class to specify to which incoming HTTP traffic the system applies application security.

blocking mode

A security policy is in blocking mode when one or more Block flags are enabled. When a security policy is in blocking mode, and a request triggers a violation, rather than forwarding the request to the corresponding web application, the Application Security Manager returns the blocking response page with a Support ID to the client.

buffer overflow

A buffer overflow occurs when an application attempts to store more data in a temporary storage area than is allowed. When data in a buffer exceeds the size of the buffer, adjacent buffers can overflow, corrupting the data already stored there. In a buffer overflow attack, an attacker can incorporate additional codes designed to trigger specific actions which could send new instructions to the attacked system in order to damage the user's files, change data, or disclose confidential information.

client-side scripting

Client-side scripting is a feature that exists on the client side (such as a web browser) of a client-server system to extend the functionality of web pages written in HyperText markup language (HTML). For example, JavaScript®, JScript, and VBScript are client-side scripting languages. See also Java applets.

content spoofing

Content spoofing is an attack technique that attempts to trick a user into thinking that false web site content is legitimate.


A cookie is a message sent to a Web browser by a Web server, that the server can retrieve at a later time. The browser stores the message in a text file. Cookies are usually used to track a user's actions when browsing a site. See also cookie manipulation.

cookie manipulation

Cookie manipulation is the process of altering or modifying cookie values on a client system's web browser in order to exploit security issues within a web application. An attacker can manipulate cookie values on the client system to fraudulently authenticate themselves to a web site. See also cookie.

cross-site scripting

Cross-site scripting (XSS) is a type of exploit where information from one context, where it is not trusted, can be inserted into another context, where it is. For example, an attacker can insert malicious coding into a link that appears trustworthy, but when a user follows the link, the embedded code is submitted as a part of the client system's request, which could allow the attacker access to the client system. See also client-side scripting.

Denial of Service

Denial of Service (DoS) is an attack technique on a network or web site that is designed to render the network or site useless by flooding it with excessive traffic. Processing the excess traffic can consume CPU cycles, memory usage, traffic bandwidth, and disk space, causing the system to become inaccessible to normal activity.

directory traversal

Directory traversal is an exploit that lets attackers access restricted directories and execute commands in areas beyond the normal web server directory. User access to web sites is typically restricted to the document root directory, or CGI root directory.

Dynamic content value (DCV) parameters

DCV parameters are those for which the web application sets the value on the server side. See also dynamic parameter.

dynamic parameter

A dynamic parameter is a parameter whose set of accepted values can change, and usually depend on the user session. For example, within a banking web application, the account number parameter is a dynamic parameter, since each user has one or more unique account numbers. See also static parameter.

dynamic value

See dynamic parameter.


An entity is one of the many components of a web application. Web objects, flows, parameters, and character sets are all examples of entities.

entry point

An entry point is a web page from which a user can access the corresponding web application.

false positive alarm

False positive alarms occur when the system blocks a request that is actually legitimate.


Flow is the defined access path for a browser to get from one object to another specific object within a web application. Flow is also known as application flow.

flow parameter

Parameters that are defined within the context of an application flow are known as flow parameters. See also global parameter, web object parameter.

form field manipulation

Form field manipulation is a technique where an attacker modifies HTML Form field input values or HTTP POST data to exploit a web application. See also cookie manipulation, parameter tampering.

format string attack

A format string attack is an exploit that uses string formatting library features to access alternate memory space in an application.

global parameter

Within the Application Security Manager configuration, global parameters are defined parameters that are not associated with a specific web object or a specific application flow. The Policy Enforcer validates global parameters wherever they occur. See also flow parameter, web object parameter.

HTTP (HyperText Transfer Protocol)

HyperText Transfer Protocol (HTTP) is the protocol used by the World Wide Web. HTTP defines how messages are formatted and transmitted, and how a web browser requests data and how a web server responds.

HTTP class

See application security class.


Java® is a programming language developed by Sun Microsystems. Java programs can run on most computing platforms because runtime environments exists for most common operating systems. See also client-side scripting, JavaScript.

Java applets

Java applets are small Java applications that can be embedded in a web page and run on a client system by Java-compatible web browser. See also client-side scripting, Java, JavaScript.


JavaScript® is a scripting language that is used to create dynamic or interactive web page content. See also client-side scripting, Java applets.

known directory

See predictable file location.

learning process

The learning process is the process of making a security policy more accurate by verifying how the security policy complies with traffic requests. If the learning process finds discrepancies between the security policy and the traffic requests, it translates the discrepancies into a learning suggestion for modifying the security policy.

learning suggestion

When a request triggers a violation, and the Learn flag is enabled for that violation, the Learning Manager generates a learning suggestion. The learning suggestion contains information about what in the request caused the violation.

meta character

A meta character is a special character in a program or form field that can control or give information about other characters. They may have special meaning to programming languages, operating systems, or database queries.

meta character injection

Meta character injection is an attack technique where an attacker sends meta characters as data input with the intent to manipulate a web application. See also cross-site scripting, null injection, parameter tampering, SQL injection.

negative security logic

The web application is subjected to all traffic, except that which is known to be a threat because it matches the system's built-in negative logic criteria. See also positive security logic.

null injection

Null injection is an attack technique that bypasses sanity checking filters by adding null-byte characters to a URL. If a user-input string contains a null character (0\), the web application on the site may stop processing the string at the null insertion point. This is a form of meta character injection. See also meta character injection, parameter tampering.


See web object.

OS commanding

OS commanding is an attack technique where an attacker runs operating system commands by manipulating application input. See also form field manipulation, parameter tampering.


See flow parameter, global parameter, web object parameter.

parameter tampering

Parameter tampering is an attack technique in which the attacker tries to gain access to the web application by changing the parameter name and value pairs in a URL. This exploit is also referred to as URL manipulation. See also URL manipulation.

path traversal attacks

A path traversal attack is an HTTP attack technique that uses patterns like ../../ to get access to files not intended to be viewed above the WWW root, or in order to cross directories on the server.

positive security logic

When the security policy is in blocking mode, the security policy permits only known, legitimate traffic through to the web application. See also negative security logic.

predictable file location

Predictable file location is an example of a method that attackers can use to gain access to hidden content or functionality by making educated guesses about the names and locations of certain files. An attacker can search manually or automatically for directories, CGIs, or other configuration files based on knowledge of a particular type of web server system.


A referrer is a web page that can request other objects. For example, an HTML page can request a GIF, JPG, or PNG file. The HTML page is a referrer; the image files are not.

regular expression

A regular expression (regexp) is a sequence of characters that provides the user with a powerful, flexible, and efficient test processing tool.

safe traffic

Safe traffic is traffic generated by a controlled group of users, those who are known not to be potential attackers.

Secure Sockets Layer

Secure Sockets Layer (SSL) is a standard protocol designed to provide an encrypted connection between two systems such as a web server and web browser. SSL uses two keys, a public key known to everyone, and a private key known to the recipient of the message.

security policy

In the Application Security Manager, the security policy is a set of rules that enables the Application Security Manager to understand whether a request is valid for a web application.

session credential

A session credential is a string of data that identifies a user to a web server. This string can be contained in a cookie or in the URL. See also session ID.

session fixation

Session fixation is a technique that an attacker can use to force a different value to a user's session credential. See also session credential, session ID.

session hijacking

Session hijacking is the act of compromising a user's session. If an attacker hijacks a user's session, the attacker may appear to be the legitimate user to the web server. See also session credential, session ID.

session ID

A session ID is a string of data that identifies a user to a web server. This string can be contained in a cookie or in the URL. A session ID can track a user's session as he uses the web site.

session manipulation

Session manipulation is an attack technique where an attacker alters a session ID or session credential value in order to masquerade as a different user. See also session credential, session hijacking, session ID.

SQL injection

SQL injection is an attack technique used on database-driven web sites where an attacker runs unauthorized SQL commands by exploiting insecure code on a system to bypass the firewall in front of the SQL database. See also form field manipulation, parameter tampering.

static parameter

A static parameter is a parameter in a request whose values are chosen from a known set of values, for example, the name of a country, a Yes/No form field, and so on. See also dynamic parameter.

static value

See static parameter.

target frame

A target frame is the frame in a browser session to which the web object is loaded.

target security policy

The target security policy is the security policy that the system updates whenever you accept a learning suggestion. See also active security policy.

transparent mode

A security policy is in transparent mode when blocking is disabled. When a security policy is in transparent mode, the Application Security Manager forwards all requests to the web application. See also blocking mode.

URI (Universal Resource Identifier)

The Universal Resource Identifier (URI) specifies the name of a web object in a request. For example, in this web address, index.html is the URI.

URL (Universal Resource Locator)

A Universal Resource Locator (URL) is the standard method for specifying the location of an object on the Internet.

URL manipulation

URL manipulation describes the process of changing the parameter name and value pairs of a web application. Also known as parameter tampering.

web application

A web application is an application delivered to users from a web server to a web client, such as a web browser, over a network.

web object

A web object is an individual page within a web application.See also referrer.

web object parameter

A web object parameter is a parameter that is defined within the context of a web object.

Table of Contents   |   << Previous Chapter

Was this resource helpful in solving your issue?

NOTE: Please do not provide personal information.

Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)