Security terms Salt, Nonce, Rainbow

Salt

A new salt (form of encryption) is randomly generated for each password. Setting a salt and a password are concatenated and processed with a cryptographic hash function, and the resulting output (but not the original password) is stored with the salt in a database.

Nonce

Nonce is an arbitrary number used only once in a cryptographic communication. It is a random or pseudo-random number issued in an authentication protocol to ensure that old communications cannot be reused in replay attacks.

Rainbow

A rainbow table is a precomputed table. This table use for reversing cryptographic hash function, usually for cracking password hashes. Tables using for recover a plaintext password up to a certain length consisting of a limited set of characters. It take less computer processing time and more storage than a brute-force attack which calculates a hash on every attempt, but more processing time and less storage than a simple lookup table with one entry per hash.

Authentication and Authorization

· Authentication is the process of verifying who you are. When you log on to a PC with a user name and password you are authenticating.

· Authorization is after verifying that you have access to something. Gaining access to a resource because the permissions configured on it allow you access is authorization.

Authentication can be done using the following methods:

• Local Code42 platform directory
• LDAP
• Single Sign-On (SSO)
• RADIUS

Authorization can be done using the following methods:

· Local Code42 platform directory

• LDAP

Difference between multiple security terms

Encoding	Encryption	Hashing
Maintaining data usability	Maintaining data confidentiality	Validating the integrity of content
Reversed data by  employing same algorithm	Reversed data by  secret key	Validate through the signature
No secret key	Use key	Signature by a sender

SQL Injection	Blind SQL Injection
Display error message	Does not see an error message
It does not ask ant question	It ask a true and false question to database
Attacker see the result	Attacker not see the result

SQL Injection	Cross-Site Scripting
Inserting query syntax	Embedded script tags in URL
Attacker send simple text based syntax	Attacker send simple text based script
Injecting SQL field value in the form of regular expression	Simple HTML tags in the form of the regular expression
It can be easily effected	It can be affect with average vulnerability

Cross-Site Scripting	Cross-Site Request Forgery
It doesn’t need authentication	Authenticated Session
Escape the basic validating	Server trust the user
Need of java script	Not need of javascript
A site that is vulnerable to XSS attacks is also vulnerable to CSRF attacks	A site that is completely protected from XSS types of attacks is still most likely vulnerable to CSRF attacks.