Glossary
Actions
Code Defender tracks all JavaScript activities on the client's website. The actions are divided into 3 main categories: Network, DOM, and Storage.
DOM actions include script load, value access, link change, mutation etc.
Network actions include fetch, xhr, beacon, worker, rtc etc.
Storage actions include set and get cookie.
Most actions have one or two additional parameters like the fields being accessed by the script, the names of the cookies being set, or the domains the network actions are targeted to.
Actions with changing parameters of the same kind are grouped.
Application
Application ID (AKA app_id), is an identifier created by HUMAN to be able to address parts of an account easily, and aggregate data by. An application can encompass one or more host domains.
Baseline
A baseline is a snapshot of a site's resources and behavior.
Deviation
When a resource on a site exhibits new behavior, it's considered a deviation from the baseline.
Domain Reputation
A domain's reputation is based on its hosting of disreputable content like malware and on its use in spreading spam. The reputation is based on several sources, both internal and external and is aggregated as a level of risk, from 0 (safe) - to 100 (malicious).
First Party
A script is considered first party if it is loaded from the same domain as the website or one of the listed domains of the application. A script can also be classified as first party if the domain it originates from has the same registrant as the website's domain (e.g. a script that is loaded from a CDN owned by the website).
Grouping
Some scripts have interchangeable paths or different file names, due to different versions, specific bundles, etc.
Grouping is Code Defender's unique concept which is a crucial part of ensuring we don't consider similar scripts with interchangeable paths as completely different entities.
After the grouping process is complete, we can track the grouped script's behavior over time, without creating noise on the interchangeable scripts.
For example, without grouping:
www.perimeterx.com/components/codedefender/2.0.3/template.js
and
www.perimeterx.com/components/codedefender/2.0.4/template.js
would have been considered two completely separate entities, even though it is practically the same script with an updated version.
After the grouping process, the entity would look like that:
www.perimeterx.com/components/codedefender/[UNIQUE_ID]/template.js
and all scripts under the same rule would be part of the group.
In the Analyzer, the user can see the grouping and examples for each grouped script set
Host-Domain Paradigm
Despite the fact that the Code Defender's sensor is configured per Application ID, all the data (incidents and actions) is aggregated per host domain. Users exposure to scripts and incidents is calculated per host domain.
Website domains are automatically assigned to be the host domain.
If requested, all subdomains of a given domain can be configured as host domains, and incidents will be created accordingly.
Incidents
An incident is a set of actions with some amount of risk. An incident is shown on the Dashboard if the percentage of users affected by its behavior has exceeded a predefined threshold, in order to prevent noise in the system.
- Note: for staging applications the threshold is practically insignificant.
There are 6 main incident categories:
All categories have incidents of 3 risk levels: low, medium and high. An incident's risk score depends on many factors including the page type on which the behavior happened, the script's party, known/ unknown vendor, etc.
Inline Script
An inline script is a script that is directly embedded in the website's HTML and not loaded from an external file. This script will appear as "Inline" in the portal.
Magecart
Magecart (Magento + Cart) is the name given to several cybercriminal groups targeting Magento based E-Commerce sites. The rising popularity of the Magento platform led to skimming attacks on it and other open source E-Commerce platforms to become synonymous with Magecart.
PCI DSS
Payment Card Industry's Data Security Standard is (true to its name) a standard set by the payment card industry that is required before a vendor is permitted to handle credit cards of the PCI members.
Personally Identifiable Information (PII)
Information related to an identifiable person. Though definitions change under different jurisdictions, the term is generally used to mean information such as identity details (name, SSN, etc), contact details (addresses, phone number, etc), and payment details.
Script
A script is a set of JavaScript instructions used to add or enhance a site's capabilities. In essence, it's a computer program running on a site.
Skimmer
Similar to the physical skimmers that are inserted to ATMs and other payment processing devices to steal personal information and payment details in particular, electronic skimmers are computer programs or scripts injected into a site for the same purpose.
Suspicious Behavior
Events or actions of a script that may indicate malicious activity. For example, parts of the scripts are obfuscated, reading from clipboard, or setting a suspicious cookie.
Third Party
A script is considered third party if it is loaded from a different domain.
Top-level domain (TLD)
A top-level domain (TLD) is one of the domains at the highest level in the hierarchical Domain Name System of the Internet after the root domain. For example, the TLD for the URL example1.example.com/home would be example.com
Unidentified Script
Unidentified scripts are scripts that the Code Defender sensor could not map to a script source or the action that was performed. This usually happens when Code Defender snippet is not loaded first in the page hierarchy on the website (integration step). Please see the sensor integration section for more details.
Vulnerability
In web applications context, a vulnerability is a gap in the application that can lead to unexpected and/or undesired consequences, if exploited by an attacker.
Updated 12 days ago