Glossary

Glossary#

##

2FA: Two-Factor Authentication. A form of MFA where the user provides exactly two factors.

A#

Access control: The process of restricting access to parts of an application based on who the user is and what they are allowed to do.
Accessibility: Accessibility is the practice of making the web usable for people with disabilities and other access needs.
Accessible: Accessible design means creating websites that can be easily used by people with disabilities, such as those who use screen readers or have limited mobility. This involves ensuring that the layout, text, and navigation are clear and usable for everyone.
Account: A record that allows a user to log in and access a restricted system.
Accountability: The ability to link actions or events in a system to specific users or processes.
Address: An address identifies where data should be sent. On the internet, devices use IP addresses so data can reach the correct destination.
Agent: The learner in reinforcement learning that tries actions and receives feedback.
Alias: An alias is a short temporary name given to a table or column in a query to make the SQL easier to write and read.
Anomaly: Unusual behaviour that may indicate a problem or security incident.
Anonymous function: An anonymous function is a function without a name.
API: Application Programming Interface. A way to programmatically interact with applications or other software.
API specification: A document that describes how an API behaves.
Application Layer: The Application Layer is where users interact with the internet, using protocols like HTTP for websites and SMTP for emails to send and receive data through apps like browsers or email clients.
Argument: An argument is a value passed into a function when the function is called.
Array: An array is an ordered sequence of items stored together in one value.
Array element: An array element is one item stored inside an array.
Array index: An array index is the position number used to access an element in an array.
Array method: An array method is a built-in function used to work with an array.
Arrow function: An arrow function is a shorter syntax for writing a function expression.
Asymmetric cryptography: Cryptography that uses two keys: one key to encrypt plaintext to ciphertext and the other key to decrypt ciphertext to plaintext.
Atomic operation: An operation that happens as a single unit and cannot be interrupted part way through.
Atomicity: The transaction property where all operations either succeed together or fail together.
Attribute: An attribute supplies extra information or settings for a tag. Attributes are written in the start tag as name-value pairs.
Attribute-value pair: A name and value used to configure a setting, such as a cookie attribute.
Authentication: The process of confirming the identity of a user or system.
Authenticity: The quality of a message or entity being genuine, so it comes from who it claims to and has not been altered.
Authorisation: The process of deciding what actions an authenticated user or system can perform.
Automated backup: A backup created automatically so data can be recovered after a security incident or system failure.
Availability: A security principle where software and services are up and running whenever users need them.
Avalanche effect: The property where even a single bit change in the input results in a completely different hash.

B#

Back propagation: The process used to train a neural network by determining the direction to update weights and biases after seeing training samples.
Back-end: The back-end is the server-side part of a web application, including business logic, databases, APIs, and integration with other systems.
Backend: See Back-end
Belief system: A set of moral principles, cultural traditions or personal values that shapes how people define right and wrong.
Bias: A preference or assumption that can become embedded in an AI system and lead to inaccurate, unjust or discriminatory outcomes.
Binary classification: A classification task where each sample is assigned to one of two classes.
Binary decision tree: A decision tree where each decision point has two branches.
Blind SQL injection: SQL injection where the attacker cannot see database results directly but can infer information from different responses.
Block: A block element is an HTML element that starts on a new line and extends to fill the full width available, stacking vertically by default.
Block diagram: A diagram that shows the high-level architecture or components of a system.
Block size: The length of data, in bits, that each block contains in a block encryption algorithm.
Block statement: A block statement is used to denote a sequence of statements. A block statement begins and ends with a pair of curly braces.
Blueprint: A plan that describes how an application will be built.
Body: The body is the section of an HTML document that contains the visible content of a webpage, such as text, images, buttons, and links.
Boolean: A Boolean is a value that is either true or false.
Boolean expression: A Boolean expression is a statement or expression that evaluates to either true or false.
Bootstrap: Bootstrap is a popular front-end framework that provides responsive layouts, styles, and interface components.
Border: The border is the line or edge that surrounds an element’s padding and content, forming a visible outline around the element.
Box Model: The CSS Box Model is a framework that describes how HTML elements are structured and displayed, consisting of four parts: content, padding, border, and margin.
Branch: A path in a decision tree that represents the decision taken from a node.
Breakpoint: A breakpoint is a predefined screen width where a responsive layout changes.
Broken authentication: A vulnerability where attackers can bypass login, guess credentials, or impersonate another user.
Broken session management: A vulnerability where sessions can be stolen, changed, reused, or left valid for too long.
Business continuity: Planning that helps important services continue during a disruption.

C#

CA

See Certificate Authority

Cache

A cache is stored data that can be reused later so resources can load faster or be available offline.

Caesar cipher

A simple substitution cipher that encrypts text by replacing each letter with a letter a fixed position later in the alphabet.

Cascading

Cascading refers to the way styles are applied in a specific order of importance. If multiple styles conflict, CSS follows rules to decide which one to apply. For example, styles in a more specific rule or applied later will usually override earlier ones.

CCPA

California privacy law that may apply to projects with international reach.

Centroid

An artificial point used by k-means clustering to track the centre of a group.

Certificate Authority

A trusted third-party organisation that verifies identities and issues digital certificates.

Child

A child is an element nested inside another element. For example, if a paragraph is inside a <div>, the paragraph is the child of the <div>.

Cipher

A method used to transform readable information into obscured data that can only be understood by those who know how to reverse it.

Ciphertext

Obscured data produced by applying a cipher to plaintext.

Class

A class is a template for creating objects with defined properties and methods.

Class diagram

A diagram that shows models, objects, and their relationships.

Classification tree

A decision tree used for classification.

Clause

Part of a SQL query that performs one job, such as selecting rows, filtering rows, or sorting results.

Client

A client is the device (like your computer or phone) that requests information from a server, such as when you use a web browser to load a website.

Client-side session

A web session where session information is stored on the client, usually in an encoded and signed cookie.

Closing tag

A closing tag ends an HTML element. It is written like the matching opening tag, but with a forward slash before the tag name, such as </p>.

Cluster

A group of samples that are similar.

Clustering

A machine learning algorithm designed to find natural groupings in a dataset.

CMS

See Content Management System

Code review

A review where peers or senior developers check code for correctness, security vulnerabilities, and coding standards.

Collision

A situation where different inputs produce the same hash value.

Collision resistance

A cryptographic hash property where it is infeasible to find different inputs that generate the same hash value.

Example

Enter your message to hash: hello world

Hex of SHA-256 Hash:
b94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9088f7ace2efcde9

Using hashlib

The hashlib.sha256 function accepts byte valued data, not strings. So you’ll need to convert the entered string into bytes e.g.

bytes = "hello world".encode("utf-8")

h = hashlib.sha256(bytes)

The result h from hashlib is a Hash type object. To get the hexadecimal representation of the hash you can use the hexdigest method of this object.

hex_hash = h.hexdigest()

Solution

Solution is locked

Column

A column is a vertical field in a database table that stores one kind of data for each record.

Comment

A comment is a note or explanation in code that is ignored when the program runs.

Comparison operator

A comparison operator compares values and produces a Boolean result.

Component

A component is a reusable interface element, such as a button, card, form, or navigation bar.

Compositional role

A role used in a system where users can have multiple roles, each with its own set of permissions.

Concurrent request

A request that happens at the same time as another request.

Conditional

A conditional is code that lets a program make a decision based on whether a condition is true or false.

Confidentiality

A security principle where sensitive information remains accessible only to authorised individuals or processes.

Confusion

A cryptographic design technique that decorrelates the input plaintext from the output ciphertext.

Confusion matrix

A table that arranges true positives, true negatives, false positives and false negatives to evaluate a classification model.

Consent

Explicit user agreement for data collection, when required by law or good practice.

Consistency

The transaction property where the database remains in a valid state before and after the transaction.

Console

The console is where JavaScript can display information, warnings, and errors while a program runs.

Content

Content refers to the actual text, images, or other media contained within an HTML element.

Content Management System

A Content Management System, or CMS, is software for creating, editing, organising, and publishing website content without writing all of the code manually.

Contents

The contents of an HTML element are the text, images, or other elements that are placed inside an element’s opening and closing tags. For example, in <p>Hello World!</p>, “Hello World!” is the content of the paragraph element.

Cookie

A small piece of data sent by a web server to a user’s browser, which the browser stores and sends back with later requests.

Cookie attribute

A setting on a cookie that controls how it is stored or sent, such as HttpOnly, Secure, or SameSite.

Cookie value

The stored data associated with a cookie name.

CRUD

Create, Read, Update, Delete. The four common actions used when working with stored data.

Cryptographic hash function

A hash function designed for security applications.

Cryptography

The use of techniques such as ciphers and hashing to protect digital data, including confidentiality, authenticity, and integrity.

CSP

Content Security Policy. An HTTP header that can restrict which sources scripts are allowed to load from.

CSPRNG

Cryptographically Secure Pseudorandom Number Generator. A pseudorandom number generator designed to be unpredictable enough for cryptographic use.

CSRF

Cross-Site Request Forgery. An attack where an attacker tricks a user into submitting unauthorised requests to a website where the user is logged in.

CSRF token

A unique identifier inserted into a website’s own pages and checked when forms are submitted.

CSS declaration

A CSS declaration is a property-value pair that sets one style on an element, such as color: red; or font-size: 14px;.

CSS preprocessor

A CSS preprocessor is a scripting language that extends CSS and compiles into standard CSS for browsers.

CSS unit

A CSS unit is a measurement used to define sizes, spacing, and layout in a stylesheet, such as px, em, rem, or %.

Cultural protocol

An accepted social norm or practice that shapes appropriate behaviour within a group.

Cultural value

A value held by a culture that influences expectations, decisions and interactions.

Culture of security

A development culture where security is treated as a main project priority and developers proactively work to protect the software.

curl

A command-line tool used to send HTTP requests to servers.

D#

DAST: Dynamic Application Security Testing. Testing the running application in the way an external attacker might.
Data access: A user’s right to request access to their personal data.
Data deletion: A user’s right to request deletion of their personal data.
Data manipulation: Intercepting communication and changing its content before forwarding it to the intended recipient.
Data minimisation: Limiting personal data collection to what is strictly needed to operate features.
Data model: A definition of the database tables, columns, and relationships used by an application.
Data packets: Data packets are small units of information that are broken down and sent over the internet, which are reassembled at the destination to form the original data.
Data rectification: A user’s right to request correction of their personal data.
Data type: A data type is a category of data, such as a string, number, or Boolean.
Database: A database stores data relating to a particular subject, often organised as related tables.
Database integration: Moving database-related work from development into the production database or environment.
Database transaction: A sequence of database operations performed as a single unit of work.
Decision tree: A graphical tree that represents a decision-making process using nodes and branches.
Decision tree node: A point in a decision tree that represents a decision.
Decrement: Decrement means to decrease a value, often by 1.
Decryption: The reverse process of converting ciphertext back to plaintext.
Deep learning: A field of machine learning that uses complex models built with many layers.
Degree: The highest power in a polynomial.
Dense neural network: A neural network made up of many connected neurons, where information is passed through the network.
DevOps: A set of principles and practices that brings development and operational teams together.
Diffusion: A cryptographic design technique that hides plaintext by spreading it over a greater number of characters or bits.
Digest: Another name for a hash value.
Digital certificate: A file that serves as proof of identity, similar to a driver’s licence or passport.
Digital signature: A way to ensure authenticity in digital communications by proving that a message or file was created by a specific sender.
Disaster recovery: Planning and procedures used to restore systems and data after a major failure.
Display: The display property in CSS determines how an HTML element is rendered on the page, controlling its layout behaviour as block, inline, or other display types.
Distance: A measure used to compare how close or similar samples are.
DNS: See Domain Name System
Document object: The browser object that represents the entire HTML document and provides methods and properties to interact with the webpage.
Document Object Model: The Document Object Model, or DOM, is the browser’s tree-like representation of a webpage that JavaScript can inspect and change.
DOM: See Document Object Model
DOM tree: The DOM tree is the hierarchical structure of nodes created when the browser parses an HTML document.
Domain Name System: DNS is like the internet’s phone book, translating human-friendly domain names (like google.com) into IP addresses that computers use to find and communicate with websites.
DRY: Don’t Repeat Yourself is a programming principle that encourages writing code in a way that avoids duplication. Instead of repeating the same code in multiple places, you write it once and reuse it whenever needed.
Durability: The transaction property where committed changes are permanently saved.
Dynamic: Dynamic content on a website changes based on user interactions or data from a server, such as personalised recommendations or live updates.

E#

Eavesdropping: Passively listening to unencrypted network traffic to capture sensitive data.
ECC: Elliptic Curve Cryptography. An asymmetric cryptography approach based on the mathematics of elliptic curves.
ECMAScript: ECMAScript is the standardised version of JavaScript.
Elements: HTML elements are the building blocks of a webpage. They are written with tags, and they define the structure and content of a webpage.
else if statement: An else if statement checks another condition after an earlier if or else if condition was false.
else statement: An else statement runs an alternative block of code when the if condition is false.
Encryption: The process of applying a cipher to plaintext.
Endpoint: A route or URL used to access part of an API.
Engine: The web browser engine is software for interpreting HTML and rendering it into a visual form, along with any multimedia to be embedded such as images.
Ensemble: A group of models used together.
Entity-relationship diagram: A diagram showing database entities and the relationships between them.
Entropy source: Randomness collected from the real world and used to generate numbers that cannot be guessed.
Ephemeral port: An ephemeral port is a temporary port used by a computer to establish a connection with a server, typically for short-lived communication like web browsing.
Escape user input: Convert special characters in user input into safe equivalents before rendering them on a page.
Event: An event is an interaction or browser action, such as a click, key press, or page load, that JavaScript can respond to.
Event attribute: An HTML attribute, such as onclick, onmouseover, or onchange, that runs JavaScript when a specified event occurs.
Event handler: An event handler is a function that runs when a particular event occurs.
Event listener: An event listener is code registered with an element or object so it can call an event handler when a matching event occurs.
Exception management: The way software detects, handles, reports, and recovers from unexpected errors.
Expression: An expression is a piece of code that produces a value.
External script: An external script is JavaScript stored in a separate file and linked from the HTML using a script tag.

F#

F1 score: The harmonic mean of precision and recall.
Factor: Evidence of a user’s identity, based on something only that user knows or can access.
False negative: A sample predicted to be in class 0 that is not actually in class 0.
False positive: A sample predicted to be in class 1 that is not actually in class 1.
Fetch event: A service worker event triggered whenever the browser makes a network request.
File attack: An attack that uses a file, file name, file path, or file contents to make software behave unsafely.
Flask: Flask is a lightweight Python web framework that handles HTTP request and response details so developers can build server side web applications with Python functions.
Flexbox: Flexbox is a one-dimensional CSS layout system for arranging items in a row or column and controlling their alignment, spacing, and order.
Font: A font is the visual style used to display text, including the shape and size of characters.
for loop: A for loop repeats a block of code a specific number of times.
Form: A form is an HTML element that groups input elements so a user can enter data and submit it to a web server.
Form data: Form data is the information entered into a form and sent to the server when the form is submitted.
for…of loop: A for…of loop steps through the values in an iterable object, such as an array or string.
Front-end: The front-end is the user-facing part of a web application, including the interface, layout, and browser-side behaviour.
Front-end framework: A front-end framework is a collection of prewritten CSS and JavaScript that helps developers build responsive, styled interfaces more quickly.
Function: A function is a reusable block of code designed to perform a specific task.
Functional requirement: A requirement that describes what the system should do and how it should interact with users, external systems, or devices.
Functional testing: Testing that confirms code meets the functional requirements set out in the design and specifications.

G#

GDPR: European privacy regulation that may apply to projects with international reach.
Global scope: Global scope is the scope for variables declared outside any function.
Grid: Grid is a two-dimensional CSS layout system for arranging content in rows and columns.
Grid system: A grid system divides a page into rows and columns to help create responsive layouts.
Group: Collect rows that share the same value for an attribute so summary functions can be applied to each collection.
GROUP BY: SQL clause used to group rows by a particular attribute.

H#

Harden: To configure code or systems to reduce security risk, such as disabling debug mode in production.
Hash function: A mathematical function that takes an input of any size and produces a fixed length output.
Hash value: The fixed length output produced by a hash function.
Hierarchical RBAC: RBAC where roles are arranged in a hierarchy and higher roles inherit the permissions of lower roles.
Historical bias: Bias caused by existing societal inequalities, stereotypes and discriminatory practices embedded in data.
HSTS: HTTP Strict Transport Security. A browser security policy that tells the browser to use HTTPS for a site.
HTML: HTML is the main language used to create and structure web pages.
HTML standard: The HTML standard is the shared set of rules for how HTML should be written and interpreted so that web pages work consistently across browsers and devices.
HTTP: HTTP is the protocol used by web browsers to request and load web pages from servers, allowing you to browse websites on the internet.
HTTP header: Metadata sent as part of an HTTP request or response.
HTTP method: See Method
HTTP request: An HTTP request is a message sent by a client asking a server for a resource or asking it to perform an action.
HTTP response: An HTTP response is a message sent by a server after processing a request, containing status information and, often, the requested resource.
HTTPS: Hypertext Transfer Protocol Secure. The secure version of HTTP that uses TLS to encrypt data between a web browser and web server.
Human bias: The unconscious or conscious preferences and assumptions people bring into the AI development process.
Hyperlink: A hyperlink is a link from one webpage or resource to another, commonly created with an anchor tag and an href attribute.

I#

if statement: An if statement runs a block of code only when its condition is true.
IMAP: IMAP is a protocol used to receive emails, allowing you to view your messages on multiple devices by keeping them stored on the email server.
Incident response: The process used to detect, contain, investigate, and recover from a security incident.
Increment: Increment means to increase a value, often by 1.
Infer: To work out information indirectly from clues or responses.
Inheritance: Inheritance is a way for objects or classes to reuse behaviour from another object or class.
Inline: An inline element is an HTML element that does not start on a new line and only takes up as much width as necessary, flowing within the surrounding content.
Inline script: An inline script is JavaScript written directly inside an HTML file.
Input layer: The layer in a neural network that receives information.
Input validation: Checking that input is in an expected format before using it.
Installation: The stage where completed software is deployed for use without causing security breaches, data leaks, or major disruption.
Instance: An instance is an object created from a class.
Integration: The stage where newly developed code is combined with an existing codebase or service.
Integration test: A test that checks broader modules or functions that combine multiple parts behave as expected.
Integrity: A security principle where data is kept accurate and unaltered during storage, transmission, or processing.
Intermediate CA: A Certificate Authority that sits between a Root CA and end users, issuing most certificates for individual entities.
Internationalisation: Internationalisation is designing software so it can work well for users of different languages, scripts, and cultures.
Internet Layer: The Internet Layer handles the routing of data packets across different networks, ensuring that they reach the correct destination using IP addresses.
Internet Protocol: Internet Protocol is a set of rules that governs how data is sent and received over the internet, using IP addresses to ensure data reaches the correct destination.
IP: See Internet Protocol
IP Address: An IP address is a unique number assigned to each device connected to the internet, acting like a home address to ensure data is sent to the right place.
IPv4: IPv4 (Internet Protocol version 4) is the most commonly used version of IP, which assigns unique addresses to devices using a format of four numbers separated by dots (e.g., 192.168.1.1).
Isolation: The transaction property where transactions do not interfere with each other.
Iteration: One repeat of the training update process.

J#

JavaScript: JavaScript is a programming language used in the browser to make webpages dynamic and interactive.
Jinja: Jinja is the templating language used by Flask to insert variables, loops, and other Python-like logic into HTML templates.
Jinja template: A template written using the Jinja templating language.
JOIN: JOIN is an SQL operation that combines rows from two tables by matching values in related columns.
JSON: JavaScript Object Notation. A lightweight, human-readable format for storing and exchanging data.

K#

k: The number of neighbours used by a K-nearest neighbours model to make an estimate.
K-means clustering: An unsupervised learning algorithm that automatically groups data using the distance between samples to measure similarity.
K-nearest neighbours: A machine learning algorithm that makes predictions using similar samples nearby in the training data.
Key pair: The two related keys used in asymmetric cryptography.
Key-value pair: A key-value pair connects a name, or key, to a value.
Keyword: A keyword is a reserved word in SQL that has a special meaning, such as SELECT or FROM.
KNN classification: A K-nearest neighbours model used for classification that predicts the majority class of the selected neighbours.

L#

Layout: Layout is the arrangement and spacing of elements on a webpage.
Leaf node: A node at the end of a decision tree that represents a final outcome or decision.
Learning rate: The amount used to scale how much neural network values are increased or decreased during training.
Least privilege: A security principle where users, programs, and services receive only the permissions they need to complete their task.
Linear regression: A supervised machine learning algorithm that fits a line to labelled data and uses that line to predict numerical values.
Local IP address: A local IP address identifies a device within a local network, such as a home or school network.
Logical operator: A logical operator combines or changes Boolean expressions to evaluate more complex conditions.
Login form: A form where a user submits credentials such as a username and password.
Logistic function: A function used in logistic regression that outputs a value between 0 and 1, interpreted as a probability.
Logistic regression: A supervised learning algorithm used for binary classification that predicts a probability using a logistic function.
Loop: A loop is code that repeats a block of code multiple times.
Loop iteration: An iteration is one repeat of a loop.
Loss curve: A curve showing how training error changes over time.

M#

Machine learning: A subset of AI that focuses on methods that allow computers and machines to learn from data.
Main thread: The browser thread that runs a web page’s JavaScript and rendering work.
Maintenance: The stage after launch where developers monitor software, update dependencies, apply security patches, and respond to new threats.
Manifest: See Web app manifest
Margin: Margin is the space outside an element’s border that separates it from other elements, adding space between elements on a webpage.
Mean squared error: A metric for measuring the performance of a regression model by squaring each error value and taking the average.
Measurement bias: Bias that occurs when data used to train a model is inaccurately or inconsistently measured.
Media query: A media query is a CSS rule that applies styles only when conditions such as screen width are met.
Memory management: Designing software so it uses memory and other system resources efficiently and safely.
Merging code: Combining completed development work into the main codebase.
Meta tag: A meta tag is an HTML element in the document head that provides metadata or instructions to the browser.
Metadata: Metadata is data that describes other data, such as tags, descriptions, creation dates, file properties, or system logs.
Method: An HTTP method is the action that the client wants to perform, such as GET to request data or POST to send data to the server.
MFA: Multi-Factor Authentication. Authentication that requires a user to provide two or more factors.
MITM attack: Man-in-the-middle attack. An attack where the attacker positions themselves between a user and a website to intercept, modify, or steal information.
MLOps: The automated process of designing, training and deploying machine learning models.
Model: A model is a Python class used by an ORM to represent a database table.
Model parameter: A value learned by a model, such as a neural network weight or bias.
Module: A smaller part of a codebase that can be assembled with other parts to form a larger application.
Monitoring system: Software or processes used to detect problems and unusual behaviour in running systems.
Multi-line comment: A multi-line comment starts with /* and ends with */, allowing a comment to span several lines.
Multiple linear regression: A linear regression model with multiple input variables.

N#

Native app: A native app is an application built for a specific operating system or platform.
Network Access Layer: The Network Access Layer is responsible for the physical transmission of data, using devices like routers and cables to send data over networks like Ethernet or Wi-Fi.
Network Protocol: A network protocol is a set of rules that allows devices to communicate over a network, ensuring data is transmitted and received correctly. Examples include HTTP, TCP, and IP.
Network request: A network request is a request made by the browser or app to fetch a resource from the network.
Neural network: An artificial brain-like model that can draw understanding or make decisions based on numerical data.
Neural network bias: A number associated with a neuron that affects the behaviour of the neuron.
Neuron: A unit in a neural network that passes information through the network.
Node: A node is one item in the DOM tree, such as an element, attribute, or piece of text.
Non-functional requirement: A requirement that describes qualities or constraints of the software, such as performance, reliability, usability, privacy, or security.
Non-void element: A non-void element is an HTML element that has an opening tag, content, and a matching closing tag.
Number: A number is a numeric value, such as an integer or decimal.

O#

Object: An object is a collection of related data and functionality.
Object method: An object method is a function stored as a property of an object.
Object property: An object property is a named value stored inside an object.
Object-oriented programming: Object-oriented programming is a way to organise programs around objects that combine data and behaviour.
Object-Relational Mapping: Object-Relational Mapping is a programming technique that connects classes and objects in code to tables and rows in a relational database.
Offline: Offline describes behaviour that works when the device does not have an internet connection.
One-way function: A mathematical problem that is simple to perform but infeasible to reverse without a secret key.
Open redirect: A vulnerability where an application redirects users to an attacker controlled location supplied in user input.
Open-source: See Open-source software
Open-source software: Open-source software is software whose source code is made available so people can use, inspect, modify, and distribute it.
Opening tag: An opening tag starts an HTML element and tells the browser where that element’s content begins, such as <p> for a paragraph.
Opt-in: A mechanism where users actively choose to allow something, such as data collection.
Opt-out: A mechanism where users choose to stop or reject something, such as data collection.
ORDER BY: SQL keyword used to sort rows by a given column.
ORM: See Object-Relational Mapping
Output layer: The layer in a neural network that returns the final result.

P#

Packet Routing: Packet routing is the process of directing data packets across different networks, using routers to ensure they take the best path to their destination.
Padding: Padding is the space between an element’s content and its border, adding internal spacing around the content within the element.
Parameter: A parameter is an input value named in a function definition.
Parameterised query: A way to insert values into an SQL statement without building the statement by string concatenation, so user input is treated as data rather than code.
Parent: A parent element is one that contains other elements (its children). For example, if a list item (<li>) is inside a <ul> (unordered list), the <ul> is the parent of the <li>.
Password authentication: Authentication where the server checks whether a submitted username and password match a stored user record.
Path traversal: A file attack where an attacker uses path elements such as .. to access files outside the intended directory.
Penetration testing: Security testing performed by specialists who simulate real-world attacks to find unforeseen vulnerabilities.
Permission: A rule that grants a user or role access to a feature, action, page, or item of data.
Persistent cookie: A cookie with an Expires or Max-Age value, stored until that time is reached.
PII: Personally identifiable information. Sensitive data that can identify a person, such as names or browsing history.
Placeholder: A marker in a parameterised query that is filled with a value safely by the database management system.
Plain text: Plain text refers to data that is not encrypted or formatted, such as regular text that can be easily read by both humans and machines.
Plaintext: Readable information before it has been encrypted.
Plugin: A plugin is an add-on that extends the features of a CMS or other software.
Policy: A set of instructions or strategy that tells an agent how to behave in its environment to maximise reward.
Polynomial regression: A supervised regression algorithm that fits a polynomial curve to labelled data so it can predict numerical values.
POP3: POP3 is a protocol used to receive emails, typically downloading messages from the server to your device and removing them from the server afterwards.
Port: A port is a virtual entry point on a computer that allows different services (like web browsing or email) to communicate over the internet.
Precision: The proportion of samples predicted as positive that were actually positive.
Precompute: To calculate values in advance so they can be looked up later.
Preimage resistance: A cryptographic hash property where it is infeasible to determine the original input from a hash value.
Privacy Act 1988: Australian privacy law covering personal information handling, disclosure, and consent.
Privacy by design: Building privacy protections into software from the start so users and organisations are protected from leaks and legal issues.
Privacy policy: A document that informs users how their data is collected, used, and stored.
Private key: The key in an asymmetric key pair that must be kept secret and used for decryption in this chapter’s example.
PRNG: Pseudorandom Number Generator. An algorithm that produces numbers that appear random but are generated using a fixed mathematical formula.
Production database: The database used by the live application.
Progressive Web App: A Progressive Web App, or PWA, is a web application that uses web technology to provide app-like features such as installation, offline behaviour, and fast loading.
Property: A CSS property is an aspect of an element that you want to style, like color, font-size, or margin. It defines what part of the element you are customising.
Protocol: A protocol is a set of rules for how data is exchanged over a network, like HTTP, which defines how web clients and servers communicate.
Public IP address: A public IP address identifies an entire network on the internet so data can be sent out and returned through a router.
Public key: The key in an asymmetric key pair that can be shared publicly and used for encryption in this chapter’s example.
PWA: See Progressive Web App

Q#

Query: A query is an instruction that tells a database what to do, such as display, add, update, or delete data.
Query String: A query string is the part of a URL that contains additional information or parameters that a web server can use to process a request, often appearing after a “?” in the URL (e.g., ?search=books).

R#

Race condition: A problem where multiple processes or threads access and change shared data at the same time, causing unexpected or incorrect behaviour.
Random forest: An ensemble of different decision trees that classifies based on the majority vote of the trees.
Rate limiting: Restricting how many requests a client can make in a period of time.
Raw SQL: Raw SQL is SQL written directly by the developer instead of being generated by an ORM or helper library.
RBAC: Role-Based Access Control. Access control where users are assigned roles, and roles define what actions they can perform.
Recall: The proportion of actually positive samples that were classified as positive.
Record: A record is one row of data in a database table.
Redirect: A response that sends the browser to a different URL.
Regression tree: A decision tree used for regression.
Reinforcement learning: A type of machine learning where a computer learns through trial and error.
Render: Rendering templates is the process of combining a predefined HTML template with dynamic data on the server to generate a complete web page that is then sent to the user’s browser. This allows for content to change while maintaining the same layout and structure.
Rendering: Rendering is the process by which a web browser interprets HTML, CSS, and JavaScript code to display a webpage on your screen. It turns the code into the visible elements you interact with, like text, images, and buttons.
Representation bias: Bias that occurs when certain groups are disproportionately included or excluded in a training dataset.
Request header field: A request header field is extra information sent by the client to the server, such as the type of browser being used or the desired content type.
Requirements definition: The stage where developers identify what the software must do for users and how it must protect their interests.
Resilience testing: Testing that checks whether software can resist problems, continue operating where possible, and recover safely after failures or attacks.
Resource: A resource is any data or content (like a webpage, image, or file) that is available on a server and can be requested by a client.
Responsive: Responsive design refers to making a website’s layout adapt to different screen sizes and devices, like phones, tablets, and desktops. This ensures that the website looks good and functions properly no matter what device it’s viewed on.
Responsive web design: Responsive web design is an approach where a website adapts its layout and presentation to different screen sizes and devices.
REST: Representational State Transfer. A set of conventions for naming, organising, and using web routes.
REST API: An API that follows REST conventions so developers can predict how to interact with its data.
Return value: A return value is the value sent back by a function when it finishes.
Reverse proxy: A server that receives client requests and forwards them to an application server such as Flask.
Reward: Feedback given to an agent after an action.
Role: A named group of permissions assigned to a user, such as admin, editor, or user.
Root CA: A Certificate Authority at the top of the certificate hierarchy.
Root node: The node at the top of a decision tree where the tree starts.
Round: One repetition of the substitution and permutation steps in a modern encryption algorithm.
Route: A route connects a URL in a Flask application to the Python function that should run when that URL is requested.
Router: A router is a networking device that forwards data packets between different parts of a network or the internet.
RSA: An asymmetric encryption algorithm named after Rivest, Shamir, and Adleman, based on the difficulty of factoring large prime numbers.

S#

Salt: A random value added to the start or end of a password before hashing, so the same password produces a different hash value.
SameSite cookie: A cookie configured so browsers do not include it on some or all cross-site requests.
Sandboxing: Running software in a restricted environment so it has limited access to the rest of the system.
Sanitisation: Cleaning or transforming input to reduce the chance it can be used maliciously.
Sass: Sass is a CSS preprocessor that adds features such as variables and nested rules to make stylesheets easier to write and maintain.
SAST: Static Application Security Testing. Tools that analyse code without running it to find potential security weaknesses.
Scope: Scope is the part of a program where a variable can be accessed.
Script: Code embedded in a web page that can run in the browser.
Script tag: A script tag is the HTML <script> element used to include or run JavaScript on a webpage.
Secret key: A private value used by Flask to sign session cookies and prevent tampering.
Secure development practice: A development practice that reduces security risk, such as preventing unauthorised access or data exposure.
Secure software: Software developed with security in mind so it protects data, reduces risks, and maintains user trust.
Security breach: An incident where an attacker or unauthorised person gains access to data, accounts, systems, or functionality.
Security by design: Building security considerations into every phase of the software development lifecycle instead of adding protections at the end.
Security feature: A part of a software system that protects users, data, or the organisation running the system.
Security patch: An update that fixes a security vulnerability.
SELECT: SELECT is the SQL command used to retrieve information from a database.
Selector: A CSS selector specifies which page elements a style should apply to, such as all elements of a type, a specific id, or a class.
Semi-supervised learning: A type of machine learning where the training set includes both labelled data and originally unlabelled data.
Semicolon: A semicolon is the ; character used to signal the end of a JavaScript statement.
Separation of content and presentation: This concept means keeping the structure and meaning of a webpage (the HTML) separate from how it looks (the CSS). HTML is used for content, while CSS is used to control the style and layout, making it easier to manage and update both independently.
Serialise: Convert Python data, such as a dictionary, to a string. Usually it is a JSON-encoded string.
Server: A server is a powerful computer that stores and delivers content (like web pages) to clients when they request it.
Server Side Scripting: Server-side scripting is the process of running code on the server to generate dynamic content for a webpage before sending it to the client, often using languages like Python, PHP, or Node.js.
Server-side session: A web session where the session record is stored on the server.
Service manager: Software used to run services automatically on startup.
Service worker: A service worker is JavaScript code that runs in the background between the browser and network so it can intercept requests, cache resources, and support offline behaviour.
Session: A SQLAlchemy object that represents a connection to the database and is used to create, query, edit, and delete model objects.
Session cookie: A cookie without an Expires or Max-Age value, deleted when the browser window closes.
Session hijacking: Stealing a user’s session token to impersonate the user during their current session.
Session identifier: A random, unique value used to find the matching session record.
Session token: A value stored by the browser, often in a cookie, and sent with requests to identify a session.
Side-channel attack: An attack that uses indirect information, such as timing, cache behaviour, or power use, to infer secret data.
Similarity: How alike samples are, often measured using distance.
Simple linear regression: A linear regression model with one input variable.
Single unit of work: A group of operations treated as one complete operation.
Single-line comment: A single-line comment starts with // and continues to the end of that line.
SMTP: SMTP is the protocol used for sending emails from your device to a mail server, which then forwards the message to the recipient’s server.
Social engineering: Attempting to influence people into disclosing information or granting access.
Software design: The stage where developers define how software will be structured to fulfill its specifications.
Software development: The stage where developers transform designs into code while following security and privacy best practices.
Software development lifecycle: The stages used to plan, build, test, install, and maintain software.
Software vulnerability: A weakness or flaw in a program that attackers can exploit.
Sort: Arrange rows of data in a particular order, such as alphabetical, numeric, or chronological order.
Specification: A detailed, technically measurable statement that refines a requirement into concrete technical instructions.
SQL: SQL, or Structured Query Language, is a language used to write structured commands for working with databases.
SQL Injection: An attack where an attacker manipulates a web application’s SQL queries to access, modify, or delete database data.
SQLAlchemy: SQLAlchemy is a Python ORM library that maps Python classes and objects to database tables and rows.
State: The current status of the environment that the agent uses when making decisions.
Stateless: In HTTP, stateless means that each request from a client to a server is independent, and the server does not remember previous interactions with the client.
Stateless protocol: A protocol where each client request to a server is independent of previous requests.
Statement: A statement is a complete instruction that JavaScript executes.
Static: Static refers to web content that does not change or interact with the user, like a simple HTML page without dynamic features.
Static file: A static file is a web resource such as an image, CSS file, or JavaScript file that does not change as users interact with the page.
Status Code: A status code is a three digit number returned by the server to indicate the result of a request, such as 200 for success or 404 when a page doesn’t exist.
String: A string is text enclosed in quotes.
String concatenation: String concatenation is the process of combining strings, such as with the + operator.
Style: Style describes how a webpage looks, including choices such as colour, layout, spacing, fonts, and other visual presentation.
Substitution cipher: A cipher where blocks of plaintext, such as letters or words, are replaced by another unit of text.
Supervised learning: A type of machine learning where the computer learns from labelled data.
Symmetric-key cryptography: Cryptography where the same key is used to encrypt plaintext and decrypt ciphertext.
System architecture: The high-level structure of a system, including components such as databases, application servers, and front ends.
System log: A record of system events that can be monitored for problems.

T#

Table: A table is a relation in a database that stores data in rows and columns.
Tag: A tag is a piece of code that tells the browser how to display content. Tags usually come in pairs: an opening tag (like <p>) to start the element and a closing tag (like </p>) to end it. Together, they define the start and end of a page element.
TCP: See Transmission Control Protocol
TCP/IP model: The TCP/IP model is a framework that organises how data is sent over the internet, dividing the process into four layers to ensure reliable and efficient communication.
Template: A template is an HTML file or structure that can be combined with dynamic data on the server to generate a complete web page.
Template literal: A template literal is a string written with backticks that can include multiple lines and embedded expressions.
Testing: The stage where developers and quality assurance teams check that the software works as specified and detect potential vulnerabilities.
Thread: A thread is a path of execution where code runs. Service workers run in a separate background thread from the main webpage.
Three-way handshake: The three-way handshake is the process TCP uses to establish a connection between two devices, involving three steps: SYN, SYN-ACK, and ACK to ensure both sides are ready to communicate.
TLS: Transport Layer Security. A protocol that implements secure communication by combining encryption, signing, and certificates.
TLS handshake: The process used before secure communication begins to establish a TLS session.
TLS session: A secure communication session established after a successful TLS handshake.
Transmission Control Protocol: Transmission Control Protocol (TCP) is a set of rules that makes sure data sent over the internet arrives correctly and in the right order.
Transport Layer: The Transport Layer ensures that data is delivered reliably between devices by breaking it into packets, sending them, and reassembling them correctly at the destination.
TRNG: True Random Number Generator. Hardware that uses physical randomness such as electrical noise to generate random numbers.
True negative: A sample predicted to be in class 0 that is actually in class 0.
True positive: A sample predicted to be in class 1 that is actually in class 1.
Type coercion: Type coercion is when JavaScript converts one value’s data type so it can be compared or used with another value.

U#

UBAC: User-Based Access Control. Access control where permissions are assigned to individual users.
UI/UX: User Interface and User Experience considered together.
Unit test: A test that checks an individual function or method behaves as expected for given inputs.
Unsupervised learning: A type of machine learning where the computer learns from data that does not have labels.
Untrusted user input: Data supplied by a user that should not be treated as safe until it has been checked or safely handled.
User authentication: The process where a user proves their identity before accessing restricted data.
User authorisation: The process of granting or restricting access to data after a user has authenticated.
User Experience: The overall experience of using a website, including how intuitive, fast, and satisfying it is to navigate.
User Interface: The look and feel of a website, including layout, buttons, colours, typography, and other things the user sees and interacts with.
User record: A database record that stores information about a user, such as their username and password.
User workflow sequence: A description or diagram of how users move through a system.

V#

Value: A CSS value is the setting you give to a property. For instance, if the property is color, the value might be blue or #0000FF, telling the browser what colour to use for the text.
Variable: A variable is a named place to store information so it can be used later in a program.
Viewport: The visible area of a webpage in the browser.
Viewport meta tag: The viewport meta tag tells the browser how to size and scale the webpage on different devices, especially mobile devices.
Void element: A void element is an HTML element that does not contain content and does not need a closing tag.
Vulnerability assessment: A structured review used to identify known weaknesses in software, configuration, dependencies, or infrastructure.

W#

W3C: The World Wide Web Consortium, an international community that develops and maintains web standards.
Web API: An API that works over the web using the HTTP protocol.
Web app manifest: A web app manifest is a JSON file that describes a PWA’s metadata, such as its name, icons, theme colours, and launch behaviour.
Web browser: A web browser is a software application that transforms HTML documents into interactive visual representations.
Web server: Server software connected to the internet that serves a web application.
Web session: A way for a web application to remember that a user is logged in across multiple requests.
Web standard: A web standard is a shared guideline or specification that helps websites and web applications work consistently across browsers, devices, and operating systems.
Weight: A number assigned to a connection between neurons that represents the strength of that connection.
while loop: A while loop repeats a block of code while its condition is true.
Window: See Window object
Window object: The global browser object that represents the browser window or tab and provides access to browser features and the document object.
Working group: A working group is a group of representatives who develop and review web standards or recommendations.
WSGI: WSGI is a standard interface between web servers and Python applications, allowing them to communicate so that Python web apps can serve dynamic content on the internet.

X#

XSS: Cross-Site Scripting. A security vulnerability where attackers inject malicious JavaScript into web pages viewed by other users.

Z#

Zero-indexed: Zero-indexed means the first item is at position 0.