Читаем CISSP Practice полностью

Web services description language (WSDL)

An XML format for describing network services as a set of endpoints operating on messages containing either document-oriented or procedure-oriented information. WSDL complements the universal description, discovery, and integration (UDDI) standard by providing a uniform way of describing the abstract interface and protocol bindings and deployment details of arbitrary network services.

Web services security (WS-Security)

A mechanism for incorporating security information into SOAP messages. WS-Security uses binary tokens for authentication, digital signatures for integrity, and content-level encryption for confidentiality.

White box testing

A test methodology that assumes explicit and substantial knowledge of the internal structure and implementation detail of the assessment object. It focuses on the internal behavior of a system (program structure and logic) and uses the code itself to generate test cases. The degree of coverage is used as a measure of the completeness of the test cases and test effort. White box testing is performed at individual components level, such as program or module, but not at the entire system level. It is also known as detailed testing or logic testing, and should be combined with black box testing for maximum benefit because neither one by itself does a thorough testing job. White box testing is structural analysis of a system. Comprehensive testing is also known as white box testing.

White noise

A distribution of a uniform spectrum of random electrical signals so that an intruder cannot decipher real data from random (noise) data due to use of constant bandwidth. White noise is a good security control to prevent electromagnetic radiations (emanations).

White team

A neutral team of employees acting as observers, referees, and judges between a red team of mock attackers (offenders) and a blue team of actual defenders of their enterprise’s use of information systems. The white team establishes rules of engagement (ROE) and performance metrics for security tests. The white team is also responsible for deriving lessons-learned, conducting the post engagement assessment, and communicating results to management. Occasionally, the white team also performs incident response activities and addresses bot attacks on an emergency basis.

Whitelisting

(1) Whitelisting is a method for controlling the installation of software by ensuring that all software is checked against a list approved by the organization, (2) Whitelisting technology only allows known good applications and does not allow any new or unknown exploits to access a system, (3) A list of discrete entities, such as hosts or applications that are known to be benign, and (4) A list of e-mail senders known to be benign, such as a user’s coworkers, friends, and family. Synonymous with whitelists.

Whole disk encryption

The process of encrypting all the data on the hard drive used to boot a computer, including the computer’s operating system, and permitting access to the data only after successful authentication with the full disk encryption product. It is also called full disk encryption (FDE).

Wide-area network (WAN)

(1) A communications network that connects geographically separated areas. It can cover several sites that are geographically distant. A WAN may span different cities or even different continents. (2) A network concept to link business operations and computers used across geographical locations. (3) A data communications network that spans any distance and is usually provided by a public carrier. Users gain access to the two ends of the network circuit and the carrier handles the transmission and other services in between. WANs are switched networks, meaning they use routers.

Wi-FI protected access 2 (WPA2)

WPA2 is an implementation of the IEEE 80211i security standard, and its security is better than that of WEP.

Wiki

A collaborative website where visitors can add, delete, or modify content, including the work of previous authors.

WiMAX

A wireless standard (IEEE 802.16) for making broadband network connections over a medium-sized area such as a city for wireless MANs. WiMAX stands for Worldwide Interoperability for Microwave Access.

Wired Equivalent Privacy (WEP)