Find the list of common application security terms that are used on our website.

UBIKA Glossary


  • API: Application programming interface or application interface that enables systems to be linked to programs at source level.
  • Application layer security : it refers to the way to protect web applications at the application layer (layer 7 of the OSI model) from malicious attacks.
  • Application security: Application security, or appsec, is the practice of using security software and hardware, best practices and procedures to protect applications from external threats.
  • Authentication: This is the proof of authenticity. You can authenticate an identity by entering a password, using a smart card or biometric data, and data by cryptographic signatures.


  • Bot: is a type of software application or script that performs automated tasks on command. A botnet is a remotely controlled network of several thousand computers, tablets or mobile devices that are misused to shut down websites by way of distributed denial-of-service attacks. Botnets are also used to send spam emails or steal data and are sometimes rented out to third parties.


  • Cloud Computing: It’s the practice of using a network of remote servers hosted on the internet to store, manage, and process data, rather than a local server or a personal computer.
  • Cloud Workload Protection Platform (CWPP): as defined by Gartner CWPP is a “workload-centric security solution that targets the unique protection requirements” of workloads in modern enterprise environments.


  • Data Protection: Includes protection of personal information that either directly identifies or allows for identification of a person. Since May 2018, it is governed by the European General Data Protection Regulation in order to improve consumer protection.
  • Digital transformation: process of using digital technologies to create new — or modify existing — business processes, culture, and customer experiences to meet changing business and market requirements
  • Distributed Denial-of-Services (DDoS): Programmed and scheduled attacks on internet services, intended to overload the server and cause a downtime. Most commonly executed by botnets massively targeting net components or servers.


  • GDPR: Regulation of the European Union for the unification of the rules for the processing of personal data, valid since May 25th 2018


  • Injection attack: If user input is not adequately filtered, applications can be vulnerable to injection attacks. An SQL injection vulnerability allows attackers to manipulate database queries so that desired database content is returned instead of what was originally intended. SQL injection can also be used to make changes to database content or execute program code.


  • NIS: Law to implement the European directive to ensure high network and information security; in force since 06/29/2017. Defines measures within the European Union to ensure a high level of security for information and network systems.


  • PCI-DSS: Payment Card Industry Data Security Standard. A set of rules in payment transactions that is supported and used by leading credit card organizations to process secure transactions.
  • PSD2: The second payment service directive paves the way for open banking. Customers should be given more freedom in choosing online financial services.
  • Public Cloud: Public clouds allow you to work independently from software and hardware by provisioning applications, infrastructure, computing power and storage space.


  • Security by design: Cybersecurity requirements already implemented during the development of solutions and products.
  • SQL Injection: In SQL injections, database commands are injected into an SQL database via input fields on websites in order to spy out data or gain control of the system.


  • Web Application and API Protection (WAAP): Unlike a traditional firewall, a WAAP is a highly specialized security tool specifically designed to protect web applications and APIs.
  • Web Application Firewall (WAF): This is a process that protects websites and web applications. It analyzes traffic between clients and servers at the application level, monitors, filters and blocks HTTP traffic and is either installed as a standalone firewall or installed on the server.