Watering Hole – a computer attack strategy, in which the victim is a particular group (organization, industry, or region). In this attack, the attacker guesses or observes which websites the group often uses and infects one or more of them with malware. Eventually, some member of the targeted group gets infected.Relying on websites that the group trusts makes this strategy efficient, even with groups that are resistant to spear phishing and other forms of phishing.
Web Application Firewall (WAF) – is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection. By customizing the rules to your application, many attacks can be identified and blocked.
web browser – the program a person uses on their device to view a web page. Examples of web browser programs include Chrome, Opera, Internet Explorer and Firefox.
Web of Trust – a concept that is used in PGP, GnuPG, and other OpenPGP-compatible systems to establish the authenticity of the binding between a public key and its owner. Its decentralized trust model is an alternative to the centralized trust model of a public key infrastructure (PKI), which relies exclusively on a certificate authority.
web server – is a computer that is used to host (provide) a web service or web site.
wet wiring – creating connections between the human nervous system and digital devices.
white-box testing (also known as clear box testing) – is the term used to describe a situation where the technical layout (or source code) of the computer program being tested has been made available for the security test. This makes the test easier and cheaper to perform but usually results in the identification of more issues than black-box penetration testing. White box testing can start early in the software lifecycle before an application has ever been installed in any production environments, making security fixes substantially cheaper and easier to apply.
white-hat – a security specialist who breaks into systems or networks by invitation (and with the permission) of the owner, with the intent to help identify and address security gaps.
white-listing – the restriction of ‘allowed’ internet sites or data packages to an explicit list of verified sources. For example, an organization operating a whitelisting firewall can decide to only permit their network users to navigate to a restricted and verified list of internet websites. This is the opposite of blacklisting.
white team – the people that act as referees during any ethical hacking exercise conducted between a red team and a blue team.
Wi-Fi — A means to support network communication using radio waves rather than cables. The current Wi-Fi or wireless networking technologies are based on the IEE 802.11 standard and its numerous amendments, which address speed, frequency, authentication and encryption.
Wireless Intrusion Prevention Systems (WIPS) – a device that can be attached to a network and check the radio spectrum for rogue or other unauthorized access points, then take countermeasures to help close the threat down.
WHOIS – a query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system. The protocol stores and delivers database content in a human-readable format. The WHOIS protocol is documented in RFC 3912.
World Wide Web (WWW) – the global, hypermedia-based collection of information and services that is available on Internet servers and is accessed by browsers using Hypertext Transfer Protocol and other information retrieval mechanisms.
worm – a form of malicious software (malware) that seeks to find other locations that it can replicate to. This assists to both protect the malware from removal and increase the area of the attack surface that is compromised.