Tag: Security

87 items found

Project

BD Reparo: Corporate Windows Repair Tool

Modular Windows diagnostics and repair tool with PowerShell 5.1. 11+ modules, network diagnostics, system cleanup and single-script self-healing approach.

Project

Cross-System Workflow Automation with n8n

Self-hosted deployment of n8n workflow automation platform with Docker Compose. Firebase, REST API and 400+ integration support.

Project

Corporate Digital Identity in the Energy Sector

Sub-second loading corporate website with Hugo + Tailwind CSS 4 for the energy sector. Zero JavaScript framework overhead.

Project

Senkora: Database Management Interface

Secure web-based access and query management for MSSQL databases. Flask + Tabler UI, CodeMirror SQL editor, Windows and macOS support.

Project

QR-Based Digital Business Card System

Unique profile pages and QR code system per employee. vCard download, WhatsApp redirect, SMTP form and CSRF protection.

Service

Website Maintenance Package

Monthly maintenance package to keep your site always updated, secure and running. Updates, backups and monitoring included.

Service

Performance & Security Monitoring

Monitor uptime, performance and security alerts around the clock to detect website issues before customers feel the impact.

Service

Security Audit & Hardening

Run a web application security audit covering OWASP Top 10, SQL injection, XSS, API security and authentication weaknesses.

Service

Webhook & Event-Driven Architecture

Real-time data transfer between systems. Event-driven architecture with real-time integration and low latency.

Service

White-Label Software Development

White-label software solutions to sell under your brand or offer to your clients. Technical infrastructure from us, brand and client from you.

Service

CDN Setup & Geographic Optimization

Speed up your site for global users with Cloudflare CDN setup, edge caching, DDoS protection and DNS optimization.

Service

Legacy System Modernization

Modernize legacy PHP, Classic ASP, VB6 and database systems with a controlled migration path to secure, maintainable infrastructure.

Blog

PHP Tool That Auto-Detects IMAP/SMTP Settings

A PHP email automation tool that detects IMAP/SMTP settings, tests protocol combinations in parallel, and speeds up bulk account setup.

2024-10-15
Glossary

2FA (Two-Factor Authentication)

2FA adds a second proof, such as an authenticator app, SMS code, or security key, on top of a password during sign-in.

Glossary

3D Secure

3D Secure is an EMVCo payment security protocol where the issuing bank adds an authentication step to online card payments.

Glossary

ABAC (Attribute-Based Access Control)

ABAC is an authorization model that evaluates user, resource, action, and environment attributes instead of relying only on roles.

Glossary

AI Guardrails

AI guardrails are control layers that constrain model inputs, outputs, and tool use against safety, policy, and quality rules.

Glossary

Anomaly Detection

Anomaly detection automatically flags transactions, metrics, or events that fall outside the normal range learned from past behavior.

Glossary

API Gateway Security

API Gateway security centralizes authentication, quotas, WAF rules, and traffic visibility at the API entry point.

Glossary

API Key

An API key identifies an application or developer and supports quota tracking, access limits, and basic server-to-server security.

Glossary

API Security

API security protects endpoints with authentication, authorization, encryption, rate limits, and monitoring against misuse or data leaks.

Glossary

Audit Log

An audit log records critical system actions with user, time, resource, and outcome details to leave an inspectable trail.

Glossary

Backup Strategy

A backup strategy defines how often, where, and how data is copied so teams can recover from outages, mistakes, or attacks.

Glossary

bcrypt

bcrypt hashes passwords with salts and an adjustable cost factor, making brute-force attacks harder after a data leak.

Glossary

Biometric Authentication

Biometric authentication uses device biometrics such as face or fingerprint checks for login and sensitive approvals.

Glossary

Brute Force Attack

A brute force attack tries many password or key combinations automatically until one works, often targeting login and admin panels.

Glossary

Clickjacking

Clickjacking tricks users into clicking hidden or disguised interface elements, often by framing a trusted page inside another site.

Glossary

Cloudflare

Cloudflare is a global internet platform providing DNS, CDN, security, performance, and edge compute services from one network.

Glossary

CORS (Cross-Origin Resource Sharing)

CORS uses HTTP headers to tell browsers which origins may safely read responses from an API hosted on another origin.

Glossary

Credential Stuffing

Credential stuffing is an account takeover attack that automatically tests leaked usernames and passwords across many services.

Glossary

CSP (Content Security Policy)

CSP tells the browser which scripts, styles, images, and connections are allowed, limiting the impact of XSS and injection flaws.

Glossary

CSRF (Cross-Site Request Forgery)

CSRF tricks a logged-in user's browser into sending an unwanted state-changing request, often by abusing automatic cookies.

Glossary

CVE (Common Vulnerabilities and Exposures)

CVE assigns unique identifiers to publicly disclosed security flaws so teams can track exposure and prioritize remediation.

Glossary

Data Masking

Data masking protects personal or sensitive production data in test, analytics, and support environments with hidden or fake values.

Glossary

DDoS (Distributed Denial of Service)

DDoS is an attack that floods a service from many sources, requiring capacity, filtering, monitoring, and mitigation planning.

Glossary

Dependency Management

Dependency management controls package versions, licenses, compatibility, and security updates across a software project.

Glossary

Encryption

Encryption turns readable data into a cryptographic form that only authorized parties can decrypt using the right key and algorithm.

Glossary

Encryption at Rest

Encryption at rest protects data stored on disks, databases, or backups with keys, reducing exposure from unauthorized access.

Glossary

Firewall

A firewall filters traffic between devices and networks using rules, allowing approved connections while blocking suspicious or unauthorized access.

Glossary

GDPR (General Data Protection Regulation)

GDPR regulates personal data processing for people in the EU and EEA, defining transparency duties, individual rights, and controller obligations.

Glossary

Hallucination (AI)

AI hallucination is when a model produces information that sounds plausible but is false, unsupported, or not grounded in the source.

Glossary

Hashing

Hashing is a one-way process that turns data into a fixed-length digest for password storage and integrity checks.

Glossary

Honeypot

A honeypot is an isolated decoy system, service, account, or data trap used to observe attacker behavior and generate early warnings.

Glossary

HTTPS (HTTP Secure)

HTTPS encrypts HTTP traffic with TLS, providing confidentiality, integrity, and server identity between user, browser, and server.

Glossary

JWT (JSON Web Token)

JWT is a signed and encoded JSON-based token standard used to carry verifiable claims between APIs, clients, and services.

Glossary

KVKK

KVKK is Turkey's Personal Data Protection Law, setting legal duties for how organizations process, store, and transfer personal data.

Glossary

Let's Encrypt

Let's Encrypt is a nonprofit certificate authority that issues free, automated SSL/TLS certificates through ACME for HTTPS.

Glossary

Man-in-the-Middle Attack

A MITM attack intercepts traffic between two parties so an attacker can read, alter, or redirect communication without consent.

Glossary

MFA (Multi-Factor Authentication)

MFA protects sign-ins by requiring extra factors such as an authenticator app, device prompt, biometrics, or a security key.

Glossary

Mobile App Security

Mobile app security protects application code, API traffic, sessions, and on-device data from abuse and compromise.

Glossary

Mutual TLS (mTLS)

Mutual TLS verifies both client and server certificates during a TLS connection, reducing trust in network location alone.

Glossary

Network Segmentation

Network segmentation separates users, servers, and systems into controlled network zones to limit unauthorized access and attack spread.

Glossary

OAuth 2.0

OAuth 2.0 is an authorization framework that allows third-party applications to access resources without the user's password.

Glossary

OWASP (Open Web Application Security Project)

OWASP is a nonprofit security organization that publishes resources like the OWASP Top 10 to improve web application security.

Glossary

Papara (Payment Provider)

Papara is a Turkish electronic money institution offering personal and business accounts, money transfers, prepaid cards, and payment services.

Glossary

Passkey

A passkey is a phishing-resistant sign-in method that uses a device-held private key plus biometric or PIN approval instead of passwords.

Glossary

Payment Gateway

A payment gateway is a system that securely processes customer payment information in e-commerce transactions, bridging the merchant and bank.

Glossary

PCI DSS

PCI DSS is the payment card security standard for protecting cardholder data across systems that store, process, or transmit it.

Glossary

Penetration Testing

Penetration testing is an authorized security assessment that uses controlled attacks to find vulnerabilities in applications, networks, or infrastructure.

Glossary

Phishing

Phishing tricks users with fake messages or sites to steal passwords, payment data, or approval for unauthorized actions.

Glossary

Prompt Injection

Prompt injection is an attack where user or external content tries to override hidden instructions and steer an AI model.

Glossary

Ransomware

Ransomware is malware that encrypts systems or files, blocks access, and demands payment from the victim organization.

Glossary

Rate Limiting

Rate limiting protects APIs by capping how many requests a user, IP address, or token can send within a defined time window.

Glossary

RBAC (Role-Based Access Control)

RBAC is an authorization model that assigns permissions to job roles instead of individual users, making access management easier to govern.

Glossary

Reverse Proxy

A reverse proxy sits in front of backend servers, routing client traffic while handling TLS termination, caching, security, and load balancing.

Glossary

Rollback

A rollback restores a system to a previous known-good state after a faulty deployment, configuration change, or data operation.

Glossary

SAML (Security Assertion Markup Language)

SAML carries signed XML authentication assertions between an identity provider and a service provider, commonly for enterprise SSO.

Glossary

Secrets Management

Secrets management securely stores, distributes, rotates, and audits sensitive values such as API keys, passwords, and certificates.

Glossary

Security Headers (HTTP)

Security headers are HTTP response rules that tell browsers how to load and protect a page, reducing XSS and clickjacking risk.

Glossary

SFTP (SSH File Transfer Protocol)

SFTP transfers files over an SSH connection through encrypted command and data channels, supporting key-based authentication.

Glossary

SQL Injection

SQL injection occurs when untrusted input is mixed into SQL queries, creating risks of data leaks, privilege abuse, or record deletion.

Glossary

SSH (Secure Shell)

SSH is a network protocol for encrypted remote login, command execution, and secure file transfer on remote servers.

Glossary

SSL Certificate

An SSL certificate proves a site's domain identity and binds encryption keys to a trusted chain for HTTPS connections.

Glossary

SSL Pinning

SSL pinning makes a mobile app trust only an expected certificate or public key, reducing man-in-the-middle risk.

Glossary

SSL/TLS (Secure Sockets Layer / Transport Layer Security)

SSL/TLS is the protocol family that provides identity checks, key agreement, and encrypted data transfer between clients and servers.

Glossary

SSO (Single Sign-On)

SSO is a centralized sign-in model that lets users access multiple applications securely after one authentication session.

Glossary

Supply Chain Attack

A supply chain attack compromises a dependency, tool, build step, or vendor account to reach a target system indirectly.

Glossary

Token Refresh

Token refresh obtains a new short-lived access token with a refresh token, keeping sessions active without asking users to log in again.

Glossary

VLAN

A VLAN separates devices into logical network groups on shared hardware, isolating traffic and tightening access control.

Glossary

VPN (Virtual Private Network)

A VPN creates an encrypted tunnel between a device and a target network, protecting traffic and enabling private access.

Glossary

Vulnerability

A vulnerability is a weakness in software or infrastructure that can enable unauthorized access, data leakage, or outage.

Glossary

WAF (Web Application Firewall)

A WAF analyzes HTTP traffic at the application layer to filter SQL injection, XSS, malicious bots, and abusive requests.

Glossary

Web Storage

Web Storage stores small key-value data in the browser through localStorage and sessionStorage for client-side state.

Glossary

WebAuthn

WebAuthn is a web standard that lets browsers use security keys and passkeys for strong, passwordless authentication.

Glossary

Webhook Security

Webhook security verifies incoming event callbacks with signatures, timestamps, replay protection, and strict endpoint controls.

Glossary

XSS (Cross-Site Scripting)

XSS occurs when untrusted content runs as script in the browser, risking session theft, forged actions, and data exposure.

Glossary

Zero Trust Security

Zero Trust continuously validates each user, device, and request by identity, context, and permission instead of trusting network location.