Code Obfuscation and App Security Glossary

Code Obfuscation and App Security Terms and Definitions

application hardeningA way of reducing risks stemming from reverse-engineering, tampering, and vulnerability discovery.
application shieldingA way to help prevent, detect and/or respond to potential or actual application-level intrusions.
assembly linkingStatically linking two or more assemblies to produce a single, merged assembly. 
authenticationVerifying that an application, device, or user is what or who it purports to be. Credentials may include passwords, private keys, or other evidence. 
authorizationGranting rights to a user, service or application.
back doorA hidden way to access computer system functions while bypassing system security policy. Back doors may be established illicitly, or sometimes for authorized maintenance purposes.
certificateA digitally signed statement that contains identification information used to verify identity.
cipherMeans of encoding a readable message into an unreadable scrambled message. Data in unencrypted form is called plaintext; data in encoded form is called ciphertext.
control flow obfuscationRewriting control structures so that decompilers cannot recreate the original statements (for/while/if/etc.) and must resort to confusing goto calls. Control flow obfuscation may also throw in false loops and code paths that do not affect program flow, but create spaghetti code to human eyes.
cryptographyAnalysis of encoding techniques used to secure information from specific threats. Cryptography can ensure confidentiality and facilitate authentication and data integrity.
decompilerA program that converts an executable application into higher level source code. Decompilers may be used to reverse engineer applications.
decryptionConverting encrypted data back to its original form, e.g. translating ciphertext to plaintext.
digital signatureComputed data that connects a sender’s identity to information being sent. Cryptography is used to construct digital signatures in public key environments.
encryptionThe process of converting data (cleartext) to coded form (ciphertext) given a key. Those who have an appropriate key can decrypt encrypted data.
fingerprintingPersonalizing digital content to detect piracy. Fingerprints may consist of small changes in the sequence of data, enabling subsequent “traitor tracing” back to the original source.
firewallA security system that separates a secured network from other network components. Firewalls can allow only authorized traffic, and prevent or detect network attack.
ildasmMicrosoft’s Disassembler for .NET/MSIL programs.
ILSpyILSpy is a popular open-source .NET assembly browser and decompiler
impersonationGaining access to a system in the security profile of a specific identity. Impersonation may be illegitimate (spoofing, masquerading) or legitimate (e.g., authorized testing.)
incremental obfuscationUsing an automatically generated map file to allow patches and updates to run an obfuscated assembly.
least privilegeA security administration principle wherein each user is provided only the minimum set of rights needed to accomplish their authorized tasks. Issuing the most restrictive set of privileges may minimize damages from unauthorized use and error.
maliciousDeliberately harmful intent. Malicious users may use malicious code to attack a system.
nonrepudiationA technique providing evidence that a user took an action. Nonrepudiation is used to counter false denial of involvement in a communication or transaction.
obfuscationTechnology to shroud the context and contents of code. Obfuscated applications function properly, yet confuse human observers and decompilers.
overload inductionPreEmptive’s patented obfuscation algorithm that maximizes the number of methods renamed to the same character by creating overload relationships. 
owaspThe Open Web Application Security Project
passwordA private character string used to authenticate a user. Password attacks are attempts to obtain a password, using password dictionaries to guess a password, sniffers to capture passwords from network traffic or other communications, and cracking programs.
phishingUsing deceptive communications to entice victims to reveal passwords, account numbers, or other information. Phishing communications may include spam and web postings.
physical vulnerabilityrisk created because access to system hardware is not properly controlled. Physical vulnerabilities may arise when computers are left running in unattended locations.
private keyA key kept by an issuer which is paired with a public key, in public key encryption. Either key can encrypt data, the corresponding key is required to decrypt data. The issuer may the private key to digitally sign data.
proxy serverA computer connected to multiple networks that serves one or more client machines. Proxy servers can connect risk a local area network to the Internet, and be part of a firewall protection system.
public keyA key released to the public which is paired with a private key, in public key encryption. Either key can encrypt data, the corresponding key is required to decrypt data.
runtime application self-protection (RASP)A security technology that is infused into an application or application runtime environment that is capable of detecting, alerting and preventing real-time attacks.
reverse engineeringthe process of taking something apart (such as a Java or .NET application) to analyze details of its inner workings. 
safeguardA protective measure that reduces system vulnerability. Safeguards or countermeasures may include software and hardware security features, access controls, and physical protections.
sandboxA security technique used to contain the actions that applications from untrusted sources might take. Sandboxed applications are limited to a defined set of privileges and functions.
secure socket layer (SSL)An Internet protocol that provides authentication, data integrity, and confidentiality using end-to-end encryption.
string encryptionThe use of an algorithm to obscure hard-coded strings. This prevents hackers from localizing their attacks by searching for strings such as “invalid registration” and encrypts critical resources like SQL statements.
tamperTo modify a system, device, or data in an unauthorized manner.
trojan horseAn application that appears useful but includes code that is damaging. Remote Access Trojan (RAT) and Trojan code are also used.
virtual private network (VPN)A private network that uses the infrastructure of public networks. The VPN encapsulates, encrypts, and authenticates data flows to restrict access and prevent data interception.
virusAn application which modifies other applications to replicate its functions. Viruses often damage system operation
vulnerabilityA security flaw or weakness that could allow an attacker to compromise or exploit a system’s operation.
watermarkingHiding a unique string in an assembly that can be retrieved at a later time.