Terms and Concepts

Term	Definition
Application security	Application security is the general practice of adding features or functionality to software to prevent a range of different threats. These include, for example, denial of service attacks and unauthorized data access with malicious intents resulting in data breaches or theft. Application security is one of several levels of security that companies use to protect systems. Others include operating system security, network security, and end-point or mobile security.
IAST	Interactive application security testing (IAST) solutions help organizations identify and manage security risks associated with vulnerabilities discovered in running web applications by continuously analyzing all application interactions initiated by manual and/or automated tests to identify vulnerabilities in real time. IAST works through software instrumentation.
Instrumentation	The instrumentation mechanism enables monitoring and analysis of applications at runtime to provide a wealth of information and context about an application, such as data flow, runtime values of variables, access to database and file system, and more. Seeker Agents implement instrumentation to explore data flow within web applications and detect potential security vulnerabilities, using HTTP requests as data entry points.
Seeker	Black Duck® Seeker is an interactive application security testing (IAST) solution that enables development, DevOps, and QA teams to perform security testing concurrently with the automated testing of web applications by detecting vulnerabilities at runtime.
Vulnerability	A vulnerability is an unintended flaw in an application or a system that leaves it open to potential exploitation in the form of unauthorized access or malicious behavior, which might compromise the application's data integrity and/or privacy, and cause harm to its users and assets. For example: cross-site scripting, SQL injection, weak encryption.
Seeker Enterprise Server	The central component of the Seeker architecture that receives, aggregates, and stores the detected vulnerabilities reported by the Agents. The server provides visual tools for exploring the detected vulnerabilities as well as a set of administration UIs and REST APIs for configuring and managing Seeker.
Agent	A Seeker Agent is a component that uses instrumentation mechanisms to monitor and analyze running applications. An Agent instance, deployed on an application server alongside a tested application, analyzes the application at runtime and communicates with the Seeker Enterprise Server to report detected vulnerabilities and other analytics. Each Agent applies to a certain technology, such as Java or .NET.
Checker	A vulnerability checker is a Seeker component that detects a certain type of vulnerability by analyzing information collected by an Agent.
SCA	Software Composition Analysis (SCA) tools enable organizations to audit open-source software compliance, detect vulnerabilities in, and achieve governance over third-party and open source code. Black Duck® Binary Analysis is a Black Duck Software Composition Analysis (SCA) tool that is integrated with Seeker to detect known security vulnerabilities in third-party components included in applications.
CI/CD	Continuous integration/continuous delivery (CI/CD) is a set of software development practices that enable application development teams to integrate, test, package, and deliver code changes more frequently and reliably.
Project	A regular project is associated with a single web application or an application subcomponent such as a microservice.

Application security

Application security is the general practice of adding features or functionality to software to prevent a range of different threats. These include, for example, denial of service attacks and unauthorized data access with malicious intents resulting in data breaches or theft. Application security is one of several levels of security that companies use to protect systems. Others include operating system security, network security, and end-point or mobile security.

IAST

Interactive application security testing (IAST) solutions help organizations identify and manage security risks associated with vulnerabilities discovered in running web applications by continuously analyzing all application interactions initiated by manual and/or automated tests to identify vulnerabilities in real time. IAST works through software instrumentation.

Instrumentation

The instrumentation mechanism enables monitoring and analysis of applications at runtime to provide a wealth of information and context about an application, such as data flow, runtime values of variables, access to database and file system, and more. Seeker Agents implement instrumentation to explore data flow within web applications and detect potential security vulnerabilities, using HTTP requests as data entry points.

Seeker

Black Duck® Seeker is an interactive application security testing (IAST) solution that enables development, DevOps, and QA teams to perform security testing concurrently with the automated testing of web applications by detecting vulnerabilities at runtime.

Vulnerability

A vulnerability is an unintended flaw in an application or a system that leaves it open to potential exploitation in the form of unauthorized access or malicious behavior, which might compromise the application's data integrity and/or privacy, and cause harm to its users and assets. For example: cross-site scripting, SQL injection, weak encryption.

Seeker Enterprise Server

The central component of the Seeker architecture that receives, aggregates, and stores the detected vulnerabilities reported by the Agents. The server provides visual tools for exploring the detected vulnerabilities as well as a set of administration UIs and REST APIs for configuring and managing Seeker.

Agent

A Seeker Agent is a component that uses instrumentation mechanisms to monitor and analyze running applications. An Agent instance, deployed on an application server alongside a tested application, analyzes the application at runtime and communicates with the Seeker Enterprise Server to report detected vulnerabilities and other analytics. Each Agent applies to a certain technology, such as Java or .NET.

Checker

A vulnerability checker is a Seeker component that detects a certain type of vulnerability by analyzing information collected by an Agent.

SCA

Software Composition Analysis (SCA) tools enable organizations to audit open-source software compliance, detect vulnerabilities in, and achieve governance over third-party and open source code.

Black Duck® Binary Analysis is a Black Duck Software Composition Analysis (SCA) tool that is integrated with Seeker to detect known security vulnerabilities in third-party components included in applications.

CI/CD

Continuous integration/continuous delivery (CI/CD) is a set of software development practices that enable application development teams to integrate, test, package, and deliver code changes more frequently and reliably.

Project

A regular project is associated with a single web application or an application subcomponent such as a microservice.