Web

/ˌɛks-ɛs-ˈɛs/

n. “Sneaky scripts slipping where they shouldn’t.”

XSS, short for Cross-Site Scripting, is a class of web security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users. Unlike server-side attacks, XSS exploits the trust a user has in a website, executing code in their browser without their consent or knowledge.

/ˈdʌbəljuː-ˈeɪ-ɛf/

n. “A gatekeeper that filters the bad, lets the good pass, and occasionally throws tantrums.”

WAF, short for Web Application Firewall, is a specialized security system designed to monitor, filter, and block HTTP traffic to and from a web application. Unlike traditional network firewalls that focus on ports and protocols, a WAF operates at the application layer, understanding web-specific threats like SQL injection, cross-site scripting (XSS), and other attacks targeting the logic of web applications.

/ˌeɪtʃ-tiː-ɛs-tiː-ɛs/

n. “Never talk unencrypted, even if asked nicely.”

HSTS, short for HTTP Strict Transport Security, is a web security policy mechanism that tells browsers to always use HTTPS when communicating with a specific site. Once a browser sees the HSTS header from a site, it refuses to make any unencrypted HTTP requests for that domain, effectively preventing downgrade attacks and certain types of man-in-the-middle attacks.

/ˌɛs-ɛf-ti-ˈpi/

n. “Securely moving files without looking over your shoulder.”

SFTP, short for SSH File Transfer Protocol or sometimes Secure File Transfer Protocol, is a network protocol that provides secure file transfer capabilities over the SSH (Secure Shell) protocol. Unlike traditional FTP, which sends data in plaintext, SFTP encrypts both commands and data, ensuring confidentiality, integrity, and authentication in transit.

/ˌɛf-ti-ˈpi/

n. “Moving files, one connection at a time.”

FTP, short for File Transfer Protocol, is one of the oldest network protocols designed to transfer files between a client and a server over a TCP/IP network. Dating back to the 1970s, it established a standardized way for computers to send, receive, and manage files remotely, long before cloud storage and modern APIs existed.

/ˌɛks-ɛm-ɛl-ˌhɪt-ti-pi rɪˈkwɛst/

n. “Old school, but still gets the job done.”

XMLHttpRequest, often abbreviated as XHR, is a JavaScript API that enables web browsers to send HTTP requests to servers and receive responses without needing to reload the entire page. Introduced in the early 2000s, it became the backbone of what we now call AJAX (Asynchronous JavaScript and XML), allowing dynamic updates and interactive web applications.

/fɛtʃ/

v. “Go get it — straight from the source.”

fetch is a modern JavaScript API for making network requests, replacing older mechanisms like XMLHttpRequest. It provides a clean, promise-based interface to request resources such as HTML, JSON, or binary data from servers, making asynchronous operations much more readable and manageable.

/kərl/

n. “Talk to the internet without a browser.”

cURL, Client for URL, is a command-line tool and library (libcurl) for transferring data with URLs. It supports a vast array of protocols, including HTTP, HTTPS, FTP, SMTP, and more, making it a Swiss Army knife for internet communication and scripting.

/krʊd/

n. “Create, Read, Update, Delete — the alphabet of persistent data.”

CRUD is an acronym representing the four fundamental operations that can be performed on persistent storage or resources in a database or application: Create, Read, Update, and Delete. These operations form the backbone of most software systems, allowing users and applications to manage data effectively.

/rɛst/

n. “Architect it once, call it anywhere.”

REST, short for Representational State Transfer, is an architectural style for designing networked applications. It emphasizes a stateless client-server communication model where resources are identified by URIs, and interactions are carried out using standard HTTP methods like GET, POST, PUT, PATCH, and DELETE.