API Anahtar Döndürme
The operational practice of periodically replacing and invalidating existing API keys to minimize the risk of key compromise and limit the window of exposure if a key is leaked.
Terimi gorKategoriler
Application Security
Incele Application Security terms for siber guvenlik profesyonelleri.
Diller
API Ağ Geçidi Uygulaması
Operational policy and control enforcement at the API gateway layer, ensuring only validated and authorized API traffic is allowed and all relevant security checks are applied per organization’s security standards.
Terimi gorAPI Hız Sınırlama Stratejisi
A structured approach to limit the number of API requests made by a client or IP within a specified timeframe, preventing abuse and maintaining service reliability.
Terimi gorAPI Kaynak Manipülasyonu
The unauthorized modification or manipulation of API resources, typically by altering request parameters or payloads to access or change data not permitted by the user's role.
Terimi gorAPI Kota Uygulaması
The process of applying limits to the number of API requests allowed for each user, application, or key, to prevent resource abuse and maintain service availability.
Terimi gorAPI Kötüye Kullanım Analitiği
The use of data analysis techniques to monitor, identify, and report on abnormal or malicious usage patterns within API traffic, supporting real-time defense and investigation.
Terimi gorAPI Kötüye Kullanım İzleme
Continuous observation and analysis of API traffic to detect misuse patterns, abuse, or automated attacks, such as scraping, brute force, or denial-of-service.
Terimi gorAPI Oran Sınırlaması
A security control mechanism that restricts the number of API requests from a user or client within a specified timeframe to prevent abuse, denial-of-service, and brute-force attacks.
Terimi gorAPI Sözleşme Doğrulaması
The process of verifying that an API’s requests and responses strictly conform to the documented interface specification, reducing integration errors and security vulnerabilities.
Terimi gorAPI Sürüm Eskimesi
The process and risk associated with retiring or deprecating old API versions, often resulting in unsupported endpoints and increased security exposure.
Terimi gorAPI Uç Nokta Keşfi
The process of identifying available API endpoints, often through automated tools or by analyzing documentation and application behavior, which may expose unintended or sensitive functions to attackers.
Terimi gorAPI Şeması Zorlaması
The practice of validating incoming and outgoing API requests and responses against a defined schema to prevent structural vulnerabilities and data inconsistencies.
Terimi gorAçık Yönlendirme Azaltma
Security controls that detect and prevent web applications from redirecting users to untrusted external URLs, reducing the risk of phishing and credential theft.
Terimi gorAşırı Veri Açığa Çıkması
A security weakness where APIs expose more data than necessary to clients, increasing the risk of sensitive information disclosure and regulatory non-compliance.
Terimi gorAşırı Yetki Verilmesi
A security misconfiguration where a user or entity is assigned more access rights than necessary, violating the principle of least privilege.
Terimi gorBozuk Erişim Kontrolü
A critical security flaw where access restrictions are incorrectly implemented, enabling users to perform actions or access data beyond their authorization.
Terimi gorBozuk Fonksiyon Düzeyi
An API vulnerability where improper function-level authorization allows attackers to access or execute functions beyond their privileges.
Terimi gorBozuk Kimlik Doğrulama Akışı
A security flaw in authentication workflows allowing users to bypass, disrupt, or abuse login and identity verification mechanisms.
Terimi gorBozuk Kriptografik Saklama
A vulnerability where sensitive data is improperly encrypted, decrypted, or stored using weak cryptographic algorithms, leading to potential data exposure.
Terimi gorBozuk Nesne Düzeyi
A critical API vulnerability where improper access controls allow attackers to manipulate or access objects belonging to other users, leading to data exposure or modification.
Terimi gorBozuk Yetkilendirme Şeması
A security flaw where access control logic is incomplete or inconsistent, enabling unauthorized users to gain access to restricted functions or data.
Terimi gorCORS Politikası Uygulaması
The process of strictly applying Cross-Origin Resource Sharing (CORS) policies to control which origins can interact with APIs or web resources, reducing the risk of cross-origin attacks.
Terimi gorDinamik Kod Enstrümantasyonu
The process of inserting monitoring hooks or logic into running code to analyze application behavior, detect anomalies, or identify security weaknesses at runtime.
Terimi gorFederasyonlu Kimlik Eşlemesi
A process that links a user’s identity and credentials across multiple trusted identity providers, enabling Single Sign-On (SSO) and cross-domain authentication in federated environments.
Terimi gorFonksiyon Düzeyi Yetkilendirme
A control mechanism that verifies a user’s or system’s permission for each specific API endpoint or business function before allowing the requested action.
Terimi gorGirdi Kanonikleştirme Kontrolü
Processes that convert various possible input formats to a standard, canonical form before validation, helping to prevent injection or encoding-based attacks.
Terimi gorGizli Bilgi Yayılımı Önleme
The implementation of processes and tools to prevent sensitive secrets—such as API keys, credentials, and certificates—from being dispersed across source code, repositories, and environments.
Terimi gorGüvenlik Olayı Kaydı
The systematic recording of security-related activities, alerts, and incidents within systems or networks to support detection, response, investigation, and compliance.
Terimi gorGüvenlik Yanlış Yapılandırması
A common vulnerability where systems, servers, or applications are deployed with insecure default settings, incomplete configurations, or unintentional exposure of services.
Terimi gorGüvensiz Doğrudan Nesne
A vulnerability where applications expose internal object references, such as file or database keys, directly to users without proper access controls, enabling unauthorized access.
Terimi gorGüvensiz Serileştirme
A vulnerability where untrusted or tampered data is deserialized without proper validation, potentially leading to remote code execution or privilege escalation.
Terimi gorHassas Fonksiyon Açığı
A flaw where critical application functions, such as admin features or payment operations, are accessible to unauthorized users due to insufficient access controls or misconfiguration.
Terimi gorHassas Kayıt Kontrolü
Procedures and mechanisms to ensure that confidential or regulated information is never written to logs, reducing the risk of accidental data leakage or regulatory violations.
Terimi gorHassas Veri Açığa Çıkması
A risk where confidential or regulated data is unintentionally disclosed through insecure APIs, weak encryption, or improper access controls.
Terimi gorHatalı Gizli Bilgi Saklama
A vulnerability where sensitive secrets, such as API keys or passwords, are stored in insecure locations, such as plaintext or unsecured repositories.
Terimi gorHatalı Hata Yönetimi
Failure to securely process or sanitize application errors, leading to information disclosure or security bypass opportunities.
Terimi gorHatalı Oturum Kapatma Mekanizması
A logout process that fails to fully invalidate all session tokens and authentication artifacts, allowing potential session hijacking or unauthorized access.
Terimi gorHatalı Önbellek Kontrolü
Failure to configure cache settings securely, leading to the unintended storage or exposure of sensitive data in shared or public caches.
Terimi gorHMAC Doğrulama Süreci
A procedure using Hash-based Message Authentication Code (HMAC) to verify data integrity and authenticity during transmission or storage.
Terimi gorHTTP Parametre Kirliliği
A web security vulnerability where multiple HTTP parameters with the same name are sent in a single request, potentially bypassing security logic or causing application misbehavior.
Terimi gorİstemci Sertifikası Doğrulama
A process that verifies the authenticity and trustworthiness of client certificates during mutual TLS connections, enabling strong identity assurance and encrypted communication.
Terimi gorİstemci Tarafı Uygulaması
Reliance on client-side logic to enforce security controls, which can be bypassed or manipulated, undermining the intended protection mechanisms.
Terimi gorİstenmeyen Bilgi Açığı
The accidental or unauthorized exposure of sensitive data due to flawed application logic, misconfigurations, or insufficient access controls.
Terimi gorİş Kuralı Uygulaması
Implementation and monitoring of business logic controls within applications to prevent unauthorized or unintended actions and ensure compliance with organizational policies.
Terimi gorİş Mantığı Doğrulaması
The process of systematically verifying application workflows and rules to ensure that implemented business logic enforces intended controls, prevents abuse, and resists circumvention or manipulation.
Terimi gorİş Mantığı İstismarı
The exploitation of legitimate business logic in applications to gain unauthorized advantages, often bypassing technical controls without exploiting traditional vulnerabilities.
Terimi gorJeton Kapsamı Uygulama
The process of restricting token privileges to the minimum necessary set of actions or resources, ensuring that access tokens cannot be misused beyond their intended purpose.
Terimi gorJeton Son Kullanım Doğrulaması
The process of checking the expiration date and time of authentication or authorization tokens to ensure that expired tokens cannot be used for access or transactions.
Terimi gorJeton Sızıntısı Önleme
Measures and controls implemented to prevent authentication or authorization tokens from being inadvertently exposed, intercepted, or exfiltrated by attackers.
Terimi gorJWT Hedef Kitle Kısıtlaması
A security control ensuring a JWT token is only accepted by the intended recipients (audiences), preventing token reuse by unauthorized services.
Terimi gorJWT İmza Doğrulama
The process of validating the cryptographic signature of a JSON Web Token (JWT) to ensure its integrity and authenticity, preventing tampering or unauthorized modifications.
Terimi gorJWT İptal Listesi
A security control that maintains a list of invalidated JSON Web Tokens (JWTs), preventing previously issued tokens from being accepted after revocation or compromise.
Terimi gorKimlik Bilgisi Doldurma Tespiti
The identification and mitigation of automated attacks in which attackers use lists of compromised credentials to gain unauthorized access to user accounts.
Terimi gorKimlik Bilgisi Yönetim Politikası
A formal set of rules and procedures for creating, storing, rotating, and revoking authentication credentials to ensure security and regulatory compliance.
Terimi gorKimlik Doğrulama Aktarma Saldırısı
A cyberattack in which authentication credentials are intercepted and forwarded (relayed) to impersonate a legitimate user, often bypassing traditional access controls.
Terimi gorKod Bağımlılığı Analizi
The process of examining software dependencies for known vulnerabilities, outdated components, or license compliance issues in application development.
Terimi gorKullanıcı Kimliğine Bürünme Kontrolü
Mechanisms and safeguards that prevent or detect unauthorized use of a legitimate user's identity within a system or application.
Terimi gorOAuth Onay Yetkilendirmesi
Process by which a resource owner grants a client application delegated access to protected resources, based on explicit consent, using the OAuth protocol.
Terimi gorOAuth Token Sorgulama
A protocol mechanism defined in RFC 7662 that allows resource servers to query an authorization server about the status and meta-information of an OAuth access token.
Terimi gorOran Sınırı Atlatma
A technique or vulnerability where attackers evade rate limiting controls to send more requests than intended, potentially enabling brute-force or denial-of-service attacks.
Terimi gorOtomatik Tehdit Azaltma
The use of automated controls, tools, and workflows to detect, respond to, and neutralize cyber threats in real time, minimizing manual intervention and accelerating incident response.
Terimi gorOturum Jetonu Bağlama
A security mechanism that cryptographically ties a session token to a specific user device or connection context, preventing token theft and reuse across different sessions.
Terimi gorOturum Kaçırma Savunması
Countermeasures and controls implemented to detect, prevent, and respond to session hijacking attacks, such as session fixation, token theft, or cookie manipulation.
Terimi gorOturum Yeniden Oynatma Koruması
Controls and mechanisms designed to prevent attackers from capturing and reusing legitimate session tokens or data packets to impersonate users or replay actions.
Terimi gorOturum Zaman Aşımı Uygulaması
Policy and technical controls to ensure user sessions automatically expire after a defined period of inactivity, minimizing unauthorized session reuse risk.
Terimi gorParametre Manipülasyon Saldırısı
An attack technique where an adversary manipulates input parameters in client requests to alter application behavior, bypass access controls, or exploit vulnerabilities.
Terimi gorSabit Gizli Bilgi Tespiti
The process of identifying hardcoded or unchanging secrets such as API keys or passwords within source code or binaries.
Terimi gorStatik Kod Taraması
The process of automatically analyzing source code or binaries for security vulnerabilities, coding errors, or policy violations without executing the program.
Terimi gorTekrar Saldırısı Nonce Doğrulaması
A security mechanism that ensures a unique nonce value is included and validated in each request or transaction, protecting against replay attacks by rejecting reused nonces.
Terimi gorTekrar Saldırısı Tespiti
A security mechanism to identify and block attempts where valid data transmissions are maliciously repeated or delayed, often to gain unauthorized access or privileges.
Terimi gorToplu Atama Sömürüsü
A vulnerability where an attacker assigns values to object properties that should not be directly set by the user, often leading to privilege escalation or data corruption.
Terimi gorUygulama Katmanı DDoS
A type of distributed denial-of-service attack that targets the application layer (OSI Layer 7) with malicious HTTP or API requests to exhaust server resources.
Terimi gorVeri Manipülasyonu Tespiti
Mechanisms and monitoring used to detect unauthorized or malicious modification of data in storage, transit, or processing, ensuring data integrity.
Terimi gorYanlış Kaynak Paylaşımı
A security risk where system resources are shared without proper isolation or access controls, leading to unintended data exposure or privilege escalation.
Terimi gorYanlış Oran Sınırlandırma
A security weakness where APIs or web services do not sufficiently restrict the frequency or volume of requests, allowing brute force, enumeration, or denial-of-service attacks.
Terimi gorYanlış Varlık Envanteri
A failure to maintain a complete, accurate, and up-to-date list of all hardware, software, and cloud assets, leading to unmanaged risks and blind spots in security monitoring.
Terimi gorYeniden Oynatma Saldırısı Azaltma
Security controls implemented to detect and prevent replay attacks, where previously valid data transmissions are maliciously resent to gain unauthorized access or privileges.
Terimi gorYetersiz Denetim İzleri
A deficiency in logging or tracking system activities that undermines the ability to reconstruct security events, investigate incidents, or demonstrate compliance.
Terimi gorYetersiz Entropi Kontrolü
Failure to verify that cryptographic functions use sources of randomness with adequate entropy, increasing the risk of predictable keys or tokens.
Terimi gorYetkili API Kısıtlaması
Controls that limit access to sensitive API endpoints or functions to only those users or services with explicit privileged rights.
Terimi gorÇapraz Kiracı İzolasyonu
Security controls that strictly separate data, processes, and resources among different tenants in multi-tenant cloud or SaaS environments to prevent unauthorized cross-tenant access.
Terimi gorÖn Uçuş İstek İşleme
The process of managing HTTP preflight requests (OPTIONS method) sent by browsers to check CORS permissions before the actual API request is made, ensuring proper cross-origin policy enforcement.
Terimi gorÜçüncü Taraf Güven Sınırı
A defined security demarcation between an organization’s internal systems and those of third-party entities, used to enforce controls and monitor external access.
Terimi gor