Log In Join Free

Cybersecurity Glossary

1506 essential cybersecurity terms explained. Your reference guide from A to Z.

1506Terms

A–ZIndexed

All A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

#

Two-Factor Authentication. An authentication method that requires two different types of verification, such as a password combined with a one-time code from a mobile app.

An IEEE standard for port-based network access control that provides authentication for devices connecting to wired or wireless networks.

Security considerations specific to fifth-generation cellular networks, including network slicing vulnerabilities, expanded attack surface, and IoT integration risks.

3-2-1 Backup Rule

A data protection strategy recommending three copies of data on two different media types with one copy stored offsite for disaster recovery.

802.1X Authentication

A network access control standard that provides port-based authentication for wired and wireless networks using RADIUS.

A

An attack where a malicious actor sends falsified ARP messages to link their MAC address with a legitimate IP address, enabling man-in-the-middle attacks on a local network.

The practice of protecting application programming interfaces from attacks and misuse, including authentication, authorization, rate limiting, and input validation.

Advanced Encryption Standard. A symmetric block cipher adopted as the encryption standard by the US government, widely used for securing sensitive data with 128, 192, or 256-bit keys.

Asymmetric Encryption

An encryption method using a pair of mathematically related keys where one encrypts and the other decrypts, enabling secure communication without prior key exchange.

A modern password hashing algorithm that won the Password Hashing Competition, designed to be resistant to GPU and ASIC-based attacks using memory-hard operations.

Software that automatically displays or downloads advertising material, often bundled with free software and sometimes collecting user data for targeted advertising.

Advanced Persistent Threat. A sophisticated, long-term cyberattack campaign where an intruder gains and maintains unauthorized access to a network, often state-sponsored.

The process of verifying the identity of a user, device, or system, typically through credentials like passwords, tokens, biometrics, or certificates.

The process of determining what resources and actions an authenticated user is permitted to access, enforced through policies and access control mechanisms.

Active Directory

Microsoft directory service that provides authentication and authorization for Windows domain networks, managing users, computers, and security policies.

Attribute-Based Access Control. An access control model that evaluates attributes of users, resources, and environment conditions to make authorization decisions.

A network security suite for assessing Wi-Fi network security, including monitoring, attacking, testing, and cracking WEP and WPA/WPA2 encryption.

A piece of digital evidence found during forensic analysis, such as log entries, file metadata, registry entries, or network traffic captures.

Acceptable Use Policy

A document defining the acceptable ways employees and users can use organizational IT resources, establishing boundaries and consequences for violations.

The total sum of all possible entry points or vulnerabilities through which an attacker could potentially gain unauthorized access to a system or network.

The specific path, method, or scenario an attacker uses to gain unauthorized access to a system or network, such as phishing emails or unpatched vulnerabilities.

A physical and logical isolation of a computer or network from unsecured networks, including the internet, used to protect highly sensitive systems.

A mobile OS security mechanism that isolates each application in its own restricted environment, preventing unauthorized access to other apps and system resources.

Attachment Sandboxing

The practice of opening email attachments in an isolated virtual environment to detect malicious behavior before delivering them to the recipient inbox.

AI-Powered Attacks

Cyberattacks that leverage artificial intelligence and machine learning to automate reconnaissance, generate convincing phishing content, or evade detection systems.

Adversarial Machine Learning

Techniques that exploit vulnerabilities in machine learning models by crafting inputs designed to cause the model to make incorrect predictions.

AI Jailbreaking

Techniques used to bypass the safety restrictions and content policies of AI systems, causing them to produce outputs they are designed to refuse.

Asset Management

The practice of tracking and managing all IT assets within an organization, essential for understanding and protecting the complete attack surface.

After-Action Report

A structured review document completed after a security incident or exercise that captures lessons learned, successes, and areas for improvement.

Access Control System

Hardware and software systems that manage and restrict physical access to facilities, rooms, and equipment using cards, biometrics, or PINs.

Techniques used to circumvent the Antimalware Scan Interface in Windows, allowing malicious scripts to execute without being detected by security software.

AS-REP Roasting

An attack targeting Active Directory accounts that do not require Kerberos preauthentication, allowing offline password cracking of their AS-REP responses.

A penetration testing approach that begins with the assumption that an attacker already has internal access, focusing on lateral movement and impact assessment.

Adaptive Authentication

A security method that adjusts authentication requirements based on risk assessment, requiring additional verification for suspicious login attempts.

A condition where security analysts become desensitized to security alerts due to the high volume of false positives, potentially missing genuine threats.

A conceptual diagram showing how a system can be attacked, with the root representing the attacker's goal and branches representing different attack paths.

Adversary Simulation

The practice of mimicking the tactics, techniques, and procedures of specific threat actors to test an organization's detection and response capabilities.

A server that acts as a single entry point for API requests, handling authentication, rate limiting, request routing, and security enforcement.

Adversarial Machine Learning

The study of attacks on machine learning systems and defenses against them, including evasion, poisoning, and model extraction attacks.

The practice of systematically testing AI systems for vulnerabilities, biases, and failure modes using adversarial techniques and creative probing.

AI Supply Chain Attack

An attack targeting the AI development pipeline, including compromised training data, poisoned pre-trained models, and malicious dependencies.

Autonomous Threat

AI-powered malware or attack tools that can independently make decisions, adapt to defenses, and pursue objectives without human operator input.

AI Hallucination Exploit

An attack that exploits AI model hallucinations by registering domain names, package names, or resources that AI systems falsely recommend.

AI-Powered Phishing

Phishing attacks enhanced by AI to generate highly personalized and convincing messages, automatically adapting content based on target profiles.

Security solutions that monitor and filter AI model inputs and outputs to detect prompt injections, data leaks, and other AI-specific threats.

APK Decompilation

The process of reverse engineering Android application packages to analyze source code, identify vulnerabilities, and understand application behavior.

Android Rooting

The process of gaining root access on Android devices to bypass manufacturer restrictions and access system files for security testing.

A mobile security approach that applies a management layer to mobile applications without modifying the underlying code, enforcing security policies.

Authenticated Received Chain. An email authentication system that preserves authentication results across intermediaries like mailing lists and forwarding services.

Active Reconnaissance

Information gathering that involves direct interaction with the target system, such as port scanning, service enumeration, and vulnerability probing.

Techniques used to prevent or hinder digital forensic analysis, including data wiping, encryption, log tampering, and timestamp manipulation.

AppLocker Bypass

Techniques for circumventing Windows AppLocker application whitelisting policies to execute unauthorized programs.

Self-propagating malware that uses AI to adapt its behavior, evade detection, and automatically spread across systems without human direction.

The unauthorized extraction or replication of proprietary machine learning models through techniques like model extraction or side-channel attacks.

Adversarial Example

Intentionally crafted inputs designed to cause machine learning models to make incorrect predictions while appearing normal to humans.

Frameworks and practices for managing the development and deployment of AI systems responsibly, including security, ethics, and compliance.

AI Supply Chain Risk

Security risks in the AI development pipeline including compromised pre-trained models, poisoned datasets, and malicious dependencies.

Account Takeover

An attack where a malicious actor gains unauthorized access to a user account, typically through credential theft or session hijacking.

The exploitation of API endpoints beyond their intended use, including excessive requests, parameter manipulation, and business logic exploitation.

Advanced Message Queuing Protocol. An application layer protocol for message-oriented middleware, requiring security considerations for authentication and encryption.

Assume Breach Mentality

A security mindset that operates under the assumption that attackers are already inside the network, driving more resilient security practices.

The sequence of steps an attacker takes from initial reconnaissance to achieving their final objective, used for understanding and disrupting attacks.

A network addressing and routing method where multiple servers share the same IP address, used for DDoS mitigation and content delivery.

Application Layer Gateway

A firewall component that provides protocol-specific filtering at the application layer, understanding application-level commands.

API Rate Limit Bypass

Techniques for circumventing API rate limiting controls, including header manipulation, IP rotation, and parameter pollution.

An open-source full packet capture and search system that indexes network traffic for forensic analysis and threat hunting.

Asset Discovery

The automated process of identifying all hardware and software assets connected to an organization network for security management.

An open-source digital forensics platform with a graphical interface built on The Sleuth Kit for hard drive and smartphone analysis.

American Institute of CPAs Service Organization Controls. Audit frameworks for evaluating service provider security controls.

An AWS threat detection service that continuously monitors for malicious activity and unauthorized behavior in AWS accounts.

AI Code Generation Risk

Security risks from AI-generated code including vulnerable patterns, outdated libraries, and hallucinated package names.

AI Social Engineering

The use of AI to automate and enhance social engineering attacks through personalized phishing, voice cloning, and deepfakes.

Adversarial Patch

A physical pattern designed to fool computer vision systems when placed in a camera field of view, potentially evading surveillance.

AI Bias Exploitation

Attacks that deliberately exploit known biases in AI systems to achieve favorable outcomes or bypass security decisions.

API Security Testing

The process of testing APIs for vulnerabilities including authentication flaws, injection attacks, and business logic errors.

Automatic Certificate Management Environment. A protocol for automating certificate issuance and management, used by Let us Encrypt.

App Store Malware

Malicious applications that bypass app store security reviews and are distributed through official channels to reach victims.

Anti-Spoofing Controls

Technical measures including SPF, DKIM, DMARC, and MTA-STS that prevent unauthorized parties from sending email as your domain.

ARP Cache Poisoning

Corrupting the ARP table of a target device to associate the attacker MAC address with a legitimate IP, enabling traffic interception.

Assumed Compromise Assessment

A penetration test starting from the assumption of initial access to evaluate internal defenses, detection, and response capabilities.

API Penetration Testing

Security testing specifically targeting application programming interfaces to identify authentication, authorization, and injection vulnerabilities.

Active Directory Penetration Testing

Security assessment focused on Active Directory environments, testing Kerberos attacks, trust relationships, and privilege escalation paths.

A periodic process of validating that users access rights are appropriate for their current roles, removing unnecessary permissions.

Authorization Server

A component that authenticates resource owners and issues access tokens to clients after receiving valid authorization grants.

Attribute Certificate

A digital document that binds a set of attributes to an entity, used for fine-grained authorization without bundling identity.

A unique identifier used to authenticate requests to an API, providing a simple but less secure alternative to OAuth tokens.

Attack Surface Management

The continuous discovery, monitoring, and management of an organization external-facing digital assets and their vulnerabilities.

The challenge of ensuring artificial intelligence systems behave in accordance with human values and intentions.

Research and practices focused on preventing AI systems from causing unintended harm, including alignment and robustness.

AI Data Extraction

Techniques for recovering training data from machine learning models through memorization exploitation and inference attacks.

AI Watermarking

Techniques for embedding detectable signals in AI-generated content to identify its synthetic origin.

AI Incident Response

Procedures for handling security incidents involving AI systems including model compromise, data poisoning, and adversarial attacks.

AI Penetration Testing

Security assessment of AI and machine learning systems for vulnerabilities including adversarial robustness and data extraction.

API Endpoint Discovery

The process of identifying undocumented or hidden API endpoints that may lack proper security controls.

API Versioning Security

Security risks arising from maintaining multiple API versions, where older versions may contain unpatched vulnerabilities.

Assumed Breach Assessment

A security engagement starting from simulated internal access to test detection, response, and containment capabilities.

Adversary Emulation Plan

A detailed plan for simulating specific threat actor techniques during red team engagements, based on threat intelligence.

Atomic Red Team

A library of simple, focused tests mapped to the MITRE ATT&CK framework for validating security detection capabilities.

Attack Path Analysis

The identification and visualization of potential routes an attacker could take from initial access to critical assets.

Alert Correlation

The process of analyzing multiple security alerts to identify related events that together indicate a larger attack pattern.

Access Control Policy

A policy defining how access to systems and data is granted, managed, reviewed, and revoked within an organization.

AI-Powered Deception

Using artificial intelligence to create more convincing social engineering attacks, including personalized phishing and voice impersonation.

AI Explainability

The ability to understand and explain how AI systems reach their decisions, critical for identifying bias and detecting adversarial manipulation.

Attribute-Based Access

An access control model where authorization decisions are based on attributes of users, resources, and environmental conditions.

Attack Tree Analysis

A systematic method for describing and analyzing the security of systems using a tree structure showing how a target can be attacked.

Automated Penetration Testing

Tools that automate discovery, enumeration, and exploitation phases of penetration testing for consistent and repeatable results.

API Key Leakage

The accidental exposure of API keys in source code repositories, client-side code, or public documentation.

Attack Campaign

A coordinated series of related cyberattacks conducted by a threat actor against specific targets over a defined period.

Anti-Analysis Technique

Malware capabilities that detect and evade analysis environments including debugger detection, VM detection, and timing checks.

A chronological record of system activities that provides documentary evidence of the sequence of events for regulatory review.

AI-Powered Threat Detection

Using machine learning algorithms to identify security threats by analyzing patterns in network traffic, user behavior, and system logs.

Autonomous Security

AI-driven security systems that can independently detect, analyze, and respond to threats without human intervention.

AI Model Poisoning

Deliberately corrupting AI model training data or processes to introduce vulnerabilities or biases that can be exploited later.

Access Certification

A periodic review process where managers verify that users access rights are still appropriate for their current roles.

Attack Emulation Plan

A detailed blueprint for simulating specific threat actor campaigns during red team engagements.

AI Content Detection

Technologies that identify whether text, images, or media were generated by artificial intelligence systems.

B

Border Gateway Protocol. The routing protocol that manages how packets are routed across the internet between autonomous systems, critical to internet infrastructure.

Banner Grabbing

A technique used to gather information about a computer system on a network by reading the banner messages displayed by network services when a connection is established.

Broken Authentication

A category of vulnerabilities where authentication mechanisms are improperly implemented, allowing attackers to compromise passwords, tokens, or session management.

Broken Access Control

A vulnerability where restrictions on authenticated users are not properly enforced, allowing users to access unauthorized functions or data.

A symmetric encryption algorithm that encrypts data in fixed-size blocks, with modes of operation like CBC, CTR, and GCM determining how multiple blocks are processed.

A password hashing function based on the Blowfish cipher, designed to be computationally expensive to resist brute-force attacks, with a configurable work factor.

A type of rootkit that infects the master boot record or volume boot record, loading before the operating system and evading detection by security software.

A network of compromised computers controlled remotely by an attacker, commonly used for DDoS attacks, spam distribution, and cryptocurrency mining.

Business Email Compromise

A sophisticated scam where attackers compromise or impersonate business email accounts to redirect financial transactions or steal sensitive data.

A method of bypassing normal authentication or encryption in a system, often installed by malware or intentionally built in by developers for maintenance access.

Brute Force Attack

An attack method that systematically tries every possible combination of characters to crack passwords or encryption keys until the correct one is found.

Biometric Authentication

Authentication using unique biological characteristics such as fingerprints, facial recognition, iris patterns, or voice recognition to verify user identity.

The defensive security team responsible for maintaining and improving an organization security posture by detecting, responding to, and mitigating attacks.

A program where organizations offer monetary rewards to security researchers who discover and responsibly disclose vulnerabilities in their systems.

A comprehensive web application security testing platform that includes tools for intercepting proxies, scanning, and exploiting web vulnerabilities.

An Active Directory reconnaissance tool that uses graph theory to reveal hidden relationships and attack paths within AD environments.

Business Continuity

The planning and preparation to ensure that critical business functions can continue during and after a disaster or significant disruption.

Bluetooth Hacking

The exploitation of vulnerabilities in Bluetooth implementations, including bluejacking, bluesnarfing, and bluebugging attacks on paired devices.

A class of attacks exploiting the inherent trust computers place in USB devices by reprogramming USB firmware to act as keyboards or network adapters.

A classification of vulnerability impact ranging from informational to critical, determining the urgency of remediation based on potential damage and exploitability.

Blockchain Security

Security practices for blockchain and cryptocurrency systems, addressing smart contract vulnerabilities, 51% attacks, and wallet security.

Backup Strategy

A planned approach to creating and managing copies of data to ensure recovery in case of data loss, corruption, or ransomware attacks.

A shell session where the compromised target machine opens a listening port and waits for the attacker to connect, requiring inbound firewall access.

Bug Bounty Hunter

An independent security researcher who discovers and reports vulnerabilities in software and systems for monetary rewards through bug bounty programs.

A special-purpose computer on a network specifically designed and configured to withstand attacks, serving as a gateway between trusted and untrusted networks.

Breach Notification

The legal requirement to inform affected individuals and regulatory authorities when personal data has been compromised in a security breach.

A social engineering attack that uses a false promise to entice victims, such as leaving infected USB drives in public places.

Bluetooth Attack

Security attacks targeting Bluetooth connections, including BlueBorne, KNOB, BIAS, and Bluetooth impersonation attacks.

Bring Your Own Device. A policy that allows employees to use personal devices for work, creating security challenges around data protection and device management.

Bluetooth Sniffing

The interception and analysis of Bluetooth communications using specialized hardware, potentially capturing sensitive data transmitted between devices.

Business Email Compromise. A sophisticated scam targeting businesses that regularly perform wire transfers, using compromised or spoofed email accounts.

Brand Indicators for Message Identification. A standard that enables organizations to display their logo next to authenticated emails in supporting email clients.

A short vertical post designed to prevent vehicle access to pedestrian areas and protect buildings from vehicle-borne attacks.

A specially crafted key that can open pin tumbler locks through a technique called lock bumping, a concern for physical security assessments.

Bug Bounty Career

A career path focused on finding and reporting security vulnerabilities in organizations' systems for monetary rewards through bug bounty programs.

Backup Security

Security practices for protecting data backups, including encryption, access controls, offsite storage, and regular testing of recovery procedures.

An attack where malicious actors announce ownership of IP prefixes they do not control, redirecting internet traffic through their infrastructure.

Blind SQL Injection

A type of SQL injection where the attacker asks the database true or false questions and determines the answer based on application response differences.

Business Logic Flaw

A vulnerability arising from flawed application design rather than coding errors, allowing attackers to abuse legitimate functionality.

Malware specifically designed to steal financial credentials and intercept banking transactions through web injection and form grabbing techniques.

A symmetric-key block cipher designed as a fast replacement for DES, using variable-length keys up to 448 bits.

Breach and Attack Simulation

Automated platforms that continuously simulate attacks against an organization to validate security controls and identify gaps.

Business Logic Attack

An attack that exploits flaws in the design and implementation of business processes rather than technical vulnerabilities.

Browser Fingerprinting

A technique that collects information about a browser configuration to create a unique identifier for tracking users without cookies.

Security considerations for Bluetooth Low Energy including pairing vulnerabilities, GATT profile attacks, and tracking through BLE beacons.

Blue Team Certifications

Security certifications focused on defensive skills including CompTIA CySA+, GIAC GSEC, and Certified SOC Analyst.

Billion Laughs Attack

A type of XML bomb that uses nested entity definitions to expand exponentially, consuming server memory and causing denial of service.

Broken Function Level Authorization

A vulnerability where API endpoints fail to properly enforce authorization checks, allowing users to access administrative functions.

Broken Object Level Authorization. An API vulnerability where endpoints expose object IDs without proper access control validation.

Blockchain Forensics

The analysis of blockchain transactions to trace cryptocurrency movements, identify wallet owners, and investigate financial crimes.

An open-source hacking tool for communicating with hardware devices through protocols like SPI, I2C, UART, and JTAG.

Biometric Spoofing

Techniques for defeating biometric authentication systems using fake fingerprints, photos, voice recordings, or 3D-printed faces.

Broken Cryptography

The use of weak, outdated, or improperly implemented cryptographic algorithms that can be exploited to decrypt protected data.

Buffer Overflow

A vulnerability where a program writes more data to a buffer than it can hold, potentially overwriting adjacent memory and enabling code execution.

Browser Exploit

An attack targeting vulnerabilities in web browsers to execute arbitrary code, escape sandboxes, or steal data.

Blind Signature

A form of digital signature where the content of a message is disguised before signing, providing signer privacy.

An access token that grants access to a protected resource to whoever possesses it, requiring secure transmission and storage.

Breach Simulation

Automated testing that simulates real-world attack scenarios to validate the effectiveness of security controls.

A tool that combines a legitimate program with malware into a single executable, executing both when the user runs the file.

Bucket Enumeration

Discovering exposed cloud storage buckets through predictable naming patterns and misconfigurations.

The unauthorized duplication of access badges using RFID readers, allowing physical access to secured facilities.

Bandwidth Throttling

Intentionally slowing network traffic to manage congestion or enforce usage policies on specific services or users.

A spanning tree protocol feature that disables switch ports receiving unexpected bridge protocol data units to prevent STP manipulation attacks.

Bug Bounty Platform

Online services like HackerOne and Bugcrowd that connect organizations with security researchers for vulnerability discovery programs.

Backup Encryption

Encrypting backup data to protect it from unauthorized access even if backup media is lost, stolen, or improperly disposed of.

Biometric Template

A digital reference of biometric characteristics stored for comparison during authentication, requiring secure storage.

C

Cross-Site Request Forgery. An attack that tricks authenticated users into executing unwanted actions on a web application by exploiting the trust a site has in the user browser.

Command Injection

A vulnerability where an attacker can execute arbitrary operating system commands on the server by injecting them through application input that is passed to a system shell.

Content Security Policy

An HTTP security header that helps prevent XSS and data injection attacks by specifying which content sources the browser should consider valid.

Cross-Origin Resource Sharing. A browser security mechanism that controls which external domains can access resources on a web server, preventing unauthorized cross-origin requests.

Cookie Poisoning

The manipulation of cookie values to bypass security controls, escalate privileges, or impersonate other users in a web application.

A technique where an attacker tricks a user into clicking on something different from what they perceive by overlaying invisible or disguised elements on a legitimate page.

Certificate Authority

A trusted organization that issues digital certificates, verifying the identity of certificate holders and enabling trusted encrypted communications across the internet.

A set of cryptographic algorithms used together to secure a network connection, typically specifying key exchange, encryption, and message authentication algorithms.

Command and Control server. A centralized server used by attackers to send commands to and receive data from compromised systems in a botnet or malware campaign.

The unauthorized use of someone computer resources to mine cryptocurrency, typically through malicious scripts running in web browsers or compromised systems.

Credential Stuffing

An automated attack that uses stolen username-password pairs from data breaches to attempt logins across multiple services, exploiting password reuse.

A commercial penetration testing tool that provides advanced attack simulation capabilities including beacon payloads, lateral movement, and command-and-control.

Common Vulnerabilities and Exposures. A standardized system for identifying and naming publicly known cybersecurity vulnerabilities with unique identifiers.

Common Vulnerability Scoring System. A framework for rating the severity of security vulnerabilities on a scale from 0 to 10 based on exploitability and impact.

Common Weakness Enumeration. A community-developed catalog of common software and hardware weakness types that can lead to security vulnerabilities.

Chain of Custody

The documented and chronological record of the seizure, custody, control, and analysis of digital evidence, ensuring its integrity for legal proceedings.

The incident response phase focused on limiting the spread and impact of a security incident by isolating affected systems and blocking attack channels.

The set of policies, technologies, and controls deployed to protect cloud computing environments, including data, applications, and infrastructure.

Cloud Access Security Broker. A security policy enforcement point placed between cloud service consumers and providers to enforce security policies and monitor activity.

Cloud Security Posture Management. Tools that continuously monitor cloud infrastructure for misconfigurations, compliance violations, and security risks.

Container Security

The practice of protecting containerized applications and their infrastructure, including image scanning, runtime protection, and orchestration security.

Cloud Workload Protection

Security solutions that protect workloads running across cloud environments, including virtual machines, containers, and serverless functions.

Cloud-Native Security

Security approaches designed specifically for cloud-native architectures, integrating security into the development and deployment pipeline.

Cloud Workload Protection Platform. A security solution that provides threat detection and prevention for workloads across multiple cloud environments.

Cloud Forensics

The application of digital forensics techniques to cloud computing environments, addressing unique challenges like data volatility and shared infrastructure.

Center for Internet Security Controls. A prioritized set of cybersecurity best practices and defensive actions that provide specific and actionable ways to reduce cyber risk.

California Consumer Privacy Act. A state privacy law giving California consumers rights over their personal information collected by businesses.

Compliance Audit

A formal examination of an organization adherence to regulatory requirements, industry standards, and internal security policies.

The practice of protecting systems, networks, programs, and data from digital attacks, unauthorized access, damage, or theft through multiple layers of defense.

The three core principles of information security: Confidentiality (restricting access), Integrity (ensuring accuracy), and Availability (ensuring reliable access).

Cyber Kill Chain

A model developed by Lockheed Martin describing the seven stages of a cyberattack: reconnaissance, weaponization, delivery, exploitation, installation, C2, and actions.

Cyber Insurance

Insurance coverage designed to help organizations mitigate the financial impact of cybersecurity incidents, including data breaches and ransomware attacks.

Cyber Resilience

An organization ability to continuously deliver intended outcomes despite adverse cyber events, combining prevention, detection, response, and recovery capabilities.

The requirement under privacy laws like GDPR for websites to obtain user permission before storing cookies that track browsing behavior.

Certificate Pinning

A mobile security technique that associates a host with its expected certificate or public key, preventing man-in-the-middle attacks using fraudulent certificates.

The systematic examination of application source code to identify security vulnerabilities, logic errors, and coding practices that could lead to exploits.

Change Management

The structured process for managing modifications to IT systems and infrastructure, ensuring changes do not introduce security vulnerabilities.

Configuration Management

The process of maintaining systems in a desired and consistent state, ensuring security configurations are properly applied and maintained.

A simulated environment for cybersecurity training and exercises, providing realistic scenarios for practicing attack and defense techniques safely.

Capture the Flag

A cybersecurity competition where participants solve security challenges to find hidden flags, developing practical hacking and defense skills.

Closed-Circuit Television. Video surveillance systems used to monitor physical spaces for security purposes, often integrated with access control and alarm systems.

Clean Desk Policy

A security policy requiring employees to clear their desks of sensitive documents and lock computer screens when leaving their workspace unattended.

A collaborative command and control framework for red team operations, providing an alternative to Cobalt Strike with a web-based management interface.

A post-exploitation tool for Active Directory environments that automates the assessment of large networks through credential testing and enumeration.

A fast TCP/UDP tunnel tool used during penetration testing to pivot through compromised hosts and access internal network segments.

Certified Ethical Hacker. An EC-Council certification validating knowledge of ethical hacking methodologies, tools, and techniques for security assessment.

Certified Information Systems Security Professional. An advanced ISC2 certification covering eight domains of information security management and practice.

Certified Information Security Manager. An ISACA certification focused on information security governance, risk management, and incident response for management roles.

Certified Information Systems Auditor. An ISACA certification for professionals who audit, control, monitor, and assess information technology and business systems.

Certified Red Team Professional. A certification focused on Active Directory attack and defense techniques, including Kerberos attacks and lateral movement.

Chief Information Security Officer. The senior executive responsible for establishing and maintaining the enterprise vision, strategy, and program for information security.

A communication channel that transfers information using a method not intended for communication, often used to exfiltrate data while evading detection.

Content Security Policy. A security standard that helps prevent cross-site scripting, clickjacking, and other code injection attacks by specifying approved content sources.

An attack where Carriage Return Line Feed characters are injected into HTTP headers, potentially enabling response splitting and cross-site scripting.

Malware that hijacks computing resources to mine cryptocurrency without the owner's consent, degrading system performance and increasing electricity costs.

Credential Harvesting

The process of collecting usernames and passwords through phishing pages, keyloggers, or network interception for unauthorized access.

Certificate-Based Authentication

An authentication method that uses digital certificates to verify the identity of users or devices before granting access to resources.

Cloud-Native Application Protection Platform. An integrated security platform that combines CSPM, CWPP, and other cloud security capabilities into a unified solution.

Cloud Access Security Broker. A security policy enforcement point between cloud service consumers and providers that enforces security policies.

Cloud Misconfiguration

Security vulnerabilities arising from improperly configured cloud services, such as open S3 buckets, excessive permissions, or disabled encryption.

Cloud Encryption

The process of transforming data before it is stored in cloud services, using encryption keys managed by the provider, customer, or a third party.

A web application firewall delivered as a cloud service, protecting web applications from common attacks without on-premises hardware.

A tripwire mechanism that alerts when accessed, such as a decoy file, URL, or credential planted to detect unauthorized access or data theft.

Configuration guidelines from the Center for Internet Security that provide prescriptive security recommendations for hardening systems and applications.

Cybersecurity Maturity Model Certification. A US Department of Defense framework that measures cybersecurity capabilities of defense contractors.

Consent Management

The process of obtaining, recording, and managing user consent for data collection and processing in compliance with privacy regulations.

Cross-Border Data Transfer

The movement of personal data between countries or jurisdictions, subject to legal requirements ensuring adequate data protection levels.

The process of digitally signing executables and scripts to confirm the software author's identity and guarantee the code has not been altered.

Code Obfuscation

The process of making source code or binary difficult to understand through deliberate complexity, used to protect intellectual property and hinder reverse engineering.

Cold Boot Attack

An attack that exploits data remanence in RAM chips, cooling them to slow data decay and extracting encryption keys after a system is powered off.

Certificate Transparency

An internet security standard for monitoring and auditing the issuance of digital certificates, helping detect misissued or malicious certificates.

Captive Portal Attack

An attack that creates a fake login page on a rogue wireless network to harvest credentials from users who attempt to authenticate.

CompTIA Security+

A vendor-neutral certification covering foundational cybersecurity knowledge, including threats, architecture, operations, and incident response.

Cisco Certified Network Associate Security. A certification validating knowledge of network security concepts and Cisco security technologies.

A value derived from a block of data for the purpose of detecting errors or verifying that data has not been altered during transmission or storage.

Basic security practices that individuals and organizations should routinely follow to maintain system health and improve online security.

Techniques for circumventing Content Security Policy restrictions to execute unauthorized scripts, including JSONP endpoints and unsafe configurations.

Cyber Espionage

The use of computer networks to gain illicit access to confidential information held by governments, organizations, or individuals.

A stream cipher designed as an alternative to AES, offering high performance on systems without hardware AES acceleration.

Certificate Revocation List. A list of digital certificates that have been revoked by the certificate authority before their scheduled expiration.

Context-Aware Access

An access control approach that considers factors like user location, device health, time, and behavior patterns when making authorization decisions.

Continuous Monitoring

The ongoing awareness maintenance of information security, vulnerabilities, and threats to support organizational risk management decisions.

Credential Dumping

The process of extracting authentication credentials from operating systems and software, including passwords, hashes, and Kerberos tickets.

Cloud Security Assessment

A comprehensive evaluation of cloud infrastructure security including configuration review, access control audit, and compliance verification.

Cloud Penetration Testing

Security testing specifically targeting cloud environments, including testing IAM policies, storage access, and service configurations.

Cloud Compliance

Ensuring cloud infrastructure and services meet regulatory requirements and industry standards for data protection and security.

Cloud Identity Management

Managing user identities and access permissions across cloud services, including federation, SSO, and multi-cloud identity governance.

Data Loss Prevention solutions designed for cloud environments that monitor and protect sensitive data stored in and transmitted through cloud services.

Hardware Security Module services provided by cloud providers that offer dedicated cryptographic key management in a tamper-resistant environment.

Cloud Posture Assessment

An evaluation of cloud security configurations against best practices and compliance requirements to identify misconfigurations and risks.

Consent Fatigue

The phenomenon where users become overwhelmed by frequent privacy consent requests and begin accepting them without reading.

Container Escape

A security vulnerability that allows code running inside a container to break out and access the host system or other containers.

Security practices for continuous integration and continuous deployment pipelines, including secure build processes and artifact verification.

Cryptographic Erasure

A data destruction method that renders encrypted data unrecoverable by securely deleting the encryption keys.

Column-Level Encryption

Database encryption that protects specific columns containing sensitive data, allowing other columns to remain in plaintext for performance.

Constrained Application Protocol. A specialized web transfer protocol for constrained IoT devices and networks, designed for machine-to-machine applications.

Compensating Control

An alternative security measure employed when the primary control cannot be implemented, providing equivalent protection.

Corrective Control

A security control designed to restore systems to normal after a security incident, including patch management and backup restoration.

A hidden device attached to legitimate card readers that captures credit card data during normal transactions.

Callback Phishing

A phishing technique where the email contains a phone number instead of a malicious link, directing victims to call a fake support center.

Cloud Security Certifications

Certifications for cloud security professionals including CCSP, AWS Security Specialty, and Azure Security Engineer.

CORS Misconfiguration

Overly permissive Cross-Origin Resource Sharing configurations that allow unauthorized domains to access sensitive API responses.

Command and Control framework. Software used by red teams and attackers to maintain communication with and control compromised systems.

Clipper Malware

Malware that monitors the clipboard for cryptocurrency wallet addresses and replaces them with attacker-controlled addresses to redirect transactions.

Conti Ransomware

A notorious ransomware-as-a-service operation known for double extortion tactics and targeting critical infrastructure organizations.

Cobalt Strike Beacon

The payload component of Cobalt Strike that provides command-and-control functionality, commonly found in both red team and real-world attacks.

A cloud-native endpoint security platform that combines EDR, threat intelligence, and managed hunting services.

An open-source automated malware analysis system that executes suspicious files in an isolated environment and reports observed behavior.

Control Objectives for Information and Related Technologies. A framework for governance and management of enterprise information technology.

Cyber Essentials

A UK government-backed scheme that helps organizations protect against common cyber threats through five basic security controls.

An AWS service that records API calls and account activity, providing audit trails for governance, compliance, and security.

Google Cloud DDoS protection and web application firewall service that protects applications from attacks.

Cloud Key Management

Services provided by cloud platforms for creating, storing, and managing cryptographic keys used for data encryption.

Cloud-Native Firewall

Firewall services built into cloud platforms that provide network security controls for cloud workloads without additional hardware.

Confidential Computing

Cloud computing technology that protects data during processing using hardware-based trusted execution environments.

ChatGPT Security Risks

Security implications of large language models including data leakage, prompt injection, and use in generating attack tools.

Continuous Authentication

Ongoing verification of user identity throughout a session using behavioral biometrics, device signals, and risk assessment.

Certificate Lifecycle Management

The process of managing digital certificates from issuance through renewal and revocation across an organization infrastructure.

A simulated exercise that tests an organization defensive and offensive cybersecurity capabilities against realistic attack scenarios.

A visual display of key security metrics and indicators designed to give executive leadership visibility into security posture.

Cloud Forensics Challenges

Unique difficulties in cloud investigations including data volatility, jurisdiction issues, multi-tenancy, and provider cooperation.

The process of removing the packaging of an integrated circuit to expose the die for visual inspection and analysis.

Attacks targeting the Controller Area Network bus in vehicles, potentially enabling remote control of automotive systems.

Physical penetration testing techniques for gaining unauthorized access to facilities without detection, including lock picking and bypass.

Certified Red Team Operator. A certification focused on adversary simulation using Cobalt Strike and modern red team techniques.

CASB Proxy Mode

A Cloud Access Security Broker deployment that intercepts traffic inline to enforce real-time security policies on cloud application usage.

An attack that injects malicious CSS code to exfiltrate data, modify page content, or perform UI redressing attacks.

Cross-Origin Attack

A category of attacks that exploit trust relationships between different web origins to access unauthorized resources or perform actions.

A UK framework for intelligence-led penetration testing of financial sector firms, governed by the Bank of England.

Cloud Penetration Testing

Security testing of cloud infrastructure, services, and configurations to identify vulnerabilities and misconfigurations.

The exploitation of a vulnerability to inject and execute malicious code within the context of a running application or process.

Code-Based Cryptography

Post-quantum cryptographic systems based on error-correcting codes, offering resistance to quantum computing attacks.

Claims-Based Identity

An identity model where identity attributes are expressed as claims, allowing flexible authorization decisions across systems.

Cyber Resilience Act

EU legislation establishing cybersecurity requirements for products with digital elements throughout their lifecycle.

Credential Management

Systems and practices for securely storing, distributing, and managing user credentials across an organization.

Content-Type Confusion

An attack exploiting discrepancies between declared and actual content types to bypass security filters.

An automated adversary emulation system developed by MITRE that runs autonomous red team operations based on the ATT&CK framework.

Continuous Security Validation

Ongoing automated testing of security controls to ensure they remain effective against evolving threats.

Crown Jewel Analysis

The identification and mapping of an organization most critical assets to prioritize their protection in security testing.

Callback Server

An attacker-controlled server that receives connections from compromised systems, used for data exfiltration and command delivery.

A tool that encrypts malware to make it undetectable by antivirus software, often using custom encryption routines.

Control Framework

A structured set of security controls organized into categories that provides a systematic approach to managing cybersecurity risk.

Cloud Security Alliance. An organization that defines best practices for secure cloud computing through research and education.

Cloud Controls Matrix. A cybersecurity control framework from CSA that maps cloud security controls to regulations and standards.

Cloud Workload Security

Security measures protecting workloads in cloud environments including runtime protection, vulnerability management, and configuration monitoring.

Exploiting vulnerabilities in cloud infrastructure to break out of isolated environments and access other tenants or the hypervisor.

Cloud Enumeration

The process of discovering and cataloging cloud resources, configurations, and permissions during security assessments.

Cloud Privilege Escalation

Exploiting misconfigurations in cloud IAM to gain higher permissions than initially granted.

Cloud Persistence

Techniques for maintaining unauthorized access in cloud environments including backdoor accounts and modified security groups.

Changes in the statistical properties of data over time that can degrade machine learning model performance and security effectiveness.

Certificate Management

The lifecycle management of digital certificates including issuance, deployment, monitoring, renewal, and revocation.

Credential Rotation

The regular changing of passwords, keys, and tokens to limit the window of opportunity if credentials are compromised.

Cyber Mercenary

Private sector entities that develop and sell offensive cyber capabilities including surveillance tools and exploit services.

An unused region of memory within an executable where malicious code can be injected without increasing the file size.

Commitment Scheme

A cryptographic protocol that allows one party to commit to a chosen value while keeping it hidden until a later reveal phase.

Compliance Automation

Using technology to automate the monitoring, reporting, and enforcement of regulatory compliance requirements.

Cloud-Native WAF

A web application firewall built specifically for cloud environments with auto-scaling and integration with cloud services.

Cloud Identity Governance

Managing identities and access permissions across cloud services to ensure least privilege and compliance.

Cloud Data Classification

Identifying and labeling data stored in cloud services based on sensitivity to apply appropriate protection controls.

Cloud Incident Response

Incident response procedures adapted for cloud environments including log collection, snapshot preservation, and provider coordination.

Cognitive Security

Security measures protecting against manipulation of human cognition through disinformation, deepfakes, and AI-generated content.

Cyber Threat Framework

A structured model for categorizing and analyzing cyber threats based on their objectives, methods, and targets.

Cloud Security Benchmark

Published standards and recommended configurations for securing cloud services from providers like AWS, Azure, and GCP.

Cyber Deception

A defensive strategy that deploys decoy assets, fake credentials, and honeypots throughout an environment to mislead attackers and detect intrusions early.

D

Demilitarized Zone. A physical or logical subnet that separates an internal network from untrusted external networks, typically hosting public-facing services like web servers.

An attack that corrupts DNS cache data to redirect domain name queries to malicious IP addresses, sending users to fake websites.

Distributed Denial of Service. An attack that overwhelms a target server or network with traffic from multiple compromised systems, rendering it unavailable to legitimate users.

Denial of Service. An attack designed to make a machine or network resource unavailable by flooding it with superfluous requests or exploiting vulnerabilities.

Domain Name System. The hierarchical distributed naming system that translates human-readable domain names into IP addresses that computers use to identify each other.

Dynamic Host Configuration Protocol. A network management protocol that automatically assigns IP addresses and other network configuration parameters to devices on a network.

Deep Packet Inspection

A form of network packet filtering that examines the data payload of packets passing through a checkpoint, enabling more sophisticated traffic analysis and threat detection.

A type of XSS where the vulnerability exists in client-side JavaScript code that processes data from an untrusted source without proper sanitization.

Deserialization Attack

An attack that exploits vulnerabilities in how applications reconstruct objects from serialized data, potentially achieving remote code execution.

The reverse process of encryption that converts ciphertext back into readable plaintext using the appropriate key and algorithm.

Digital Signature

A cryptographic mechanism that proves the authenticity and integrity of a digital message or document, created using the signer private key.

Digital Certificate

An electronic document issued by a Certificate Authority that binds a public key to an entity identity, enabling trust in encrypted communications.

A key exchange protocol that allows two parties to establish a shared secret over an insecure channel without prior shared secrets, foundational to modern cryptography.

A type of malware designed to install other malware on a target system, often disguised as legitimate software to bypass initial security controls.

Drive-By Download

A malware delivery method where malicious software is automatically downloaded to a user device simply by visiting a compromised or malicious website.

Dictionary Attack

A password cracking technique that tries words from a predefined list of common passwords and dictionary words rather than trying every possible combination.

A web content scanner that discovers hidden directories and files on web servers by dictionary-based brute-forcing of URL paths.

Digital Forensics

The application of scientific investigation techniques to digital evidence, recovering and analyzing data from electronic devices for legal proceedings.

The process of creating an exact bit-for-bit copy of a storage device for forensic analysis, preserving all data including deleted files and slack space.

Digital Forensics and Incident Response. The combined discipline of investigating security incidents and collecting digital evidence for analysis and legal proceedings.

Docker Security

Security measures for Docker container environments, including image vulnerability scanning, runtime protection, and daemon configuration hardening.

Data Classification

The process of categorizing data based on its sensitivity level and the impact of unauthorized disclosure, guiding appropriate security controls.

Data Loss Prevention

Technologies and strategies used to prevent sensitive data from being lost, misused, or accessed by unauthorized users through monitoring and enforcement.

Disaster Recovery

The process, policies, and procedures for recovering critical technology infrastructure and systems following a natural or human-induced disaster.

Defense in Depth

A cybersecurity strategy that employs multiple layers of security controls throughout a system, so that if one layer fails, others continue to provide protection.

An approach that integrates security practices into the DevOps pipeline, making security a shared responsibility throughout the software development and deployment process.

A security incident where sensitive, protected, or confidential data is accessed, disclosed, or stolen by an unauthorized individual or entity.

Data Exfiltration

The unauthorized transfer of data from within an organization to an external destination, often the final objective of a cyberattack.

Data Anonymization

The process of removing or modifying personally identifiable information from data sets so individuals cannot be readily identified.

Data Pseudonymization

Replacing directly identifying information with artificial identifiers while maintaining a separate mapping, allowing re-identification when necessary.

The process of obscuring sensitive data by replacing it with realistic but fictitious data, commonly used in non-production environments.

Data Sovereignty

The concept that data is subject to the laws and governance structures of the country where it is collected, stored, or processed.

De-identification

The process of removing or obscuring personal identifiers from data to prevent the identification of individuals while preserving data utility.

Digital Footprint

The trail of data created by a user online activities, including websites visited, emails sent, social media interactions, and online purchases.

The malicious practice of researching and publicly broadcasting private or identifying information about an individual without their consent.

DomainKeys Identified Mail. An email authentication method that allows the receiver to verify that an email was sent by the domain it claims and was not altered in transit.

Domain-based Message Authentication, Reporting and Conformance. An email authentication protocol that builds on SPF and DKIM to prevent email spoofing and phishing.

Deauthentication Attack

A wireless denial-of-service attack that sends forged deauthentication frames to disconnect clients from their access point, often preceding other attacks.

Dynamic Application Security Testing. A method of testing running applications for security vulnerabilities by simulating attacks against the live application.

Dependency Scanning

The automated process of checking third-party libraries and frameworks used in an application for known vulnerabilities and outdated versions.

Synthetic media created using deep learning that convincingly replaces a person likeness in video or audio, used in social engineering and disinformation.

An attack that compromises the integrity of a machine learning model by injecting malicious or misleading data into its training dataset.

Data stored on physical media such as hard drives, databases, or backup tapes, requiring encryption and access controls to protect against unauthorized access.

Data in Transit

Data actively moving between locations, such as across the internet or through a private network, protected by transport encryption like TLS.

Data currently being processed in memory or CPU, requiring protection through techniques like encrypted memory and trusted execution environments.

Data Retention Policy

A policy defining how long different types of data should be stored, when it should be deleted, and the procedures for secure data disposal.

Database Security

The measures and controls used to protect database management systems from attacks, unauthorized access, and data breaches.

Data Governance

The overall management of data availability, usability, integrity, and security within an organization, ensuring data is consistent and trustworthy.

Dumpster Diving

The practice of searching through discarded materials to find sensitive information like passwords, network diagrams, or financial data.

A technique for running code within the address space of another process by forcing it to load a dynamic-link library containing malicious code.

An attack where a malicious DLL is placed in a location where a legitimate application will load it instead of the intended library.

A technique that encodes data within DNS queries and responses to establish a covert communication channel, often used to bypass firewalls.

A type of cross-site scripting where the vulnerability exists in client-side code rather than server-side, with the payload executed by modifying the DOM environment.

Directory Listing

A web server misconfiguration that displays the contents of a directory when no index file is present, potentially exposing sensitive files.

An attack that uses the Directory Replication Service protocol to request password hashes from a domain controller, simulating the behavior of a legitimate DC.

Deception Technology

Security tools that deploy decoy assets like fake credentials, files, and systems to detect, analyze, and defend against attacks.

The process of acquiring, examining, and analyzing data from storage devices to recover evidence, including deleted files and file system artifacts.

Dead Box Forensics

Forensic analysis performed on a powered-off system, typically involving disk imaging and offline analysis of persistent storage.

Digital Operational Resilience Act. An EU regulation that strengthens the IT security of financial entities and ensures operational resilience against cyber threats.

Data Minimization

The principle of collecting and retaining only the minimum amount of personal data necessary for a specific purpose.

An attack that modifies DNS settings to redirect users to malicious websites, often targeting router DNS settings or DNS registrar accounts.

A small, concealed computing device planted in a target's physical environment to provide persistent remote access to their network.

Differential Privacy

A mathematical framework for sharing information about a dataset while limiting exposure of individual records, adding calibrated noise to query results.

Data Subject Rights

The legal rights of individuals regarding their personal data, including access, rectification, erasure, portability, and objection to processing.

Policies governing how long an organization stores data before it is deleted or archived, balancing business needs with privacy requirements and legal obligations.

Dependency Confusion

A supply chain attack that exploits how package managers resolve dependencies, tricking systems into downloading malicious packages from public repositories.

Deauthentication Attack

A wireless denial-of-service attack that sends forged deauthentication frames to disconnect clients from an access point.

A set of vulnerabilities in the WPA3 Dragonfly handshake that allow password recovery through side-channel attacks and protocol downgrade attacks.

DNS-based Authentication of Named Entities. A protocol that uses DNSSEC to associate TLS certificates with domain names, enhancing email security.

Database Encryption

The process of encrypting data stored in databases using transparent data encryption, column-level encryption, or application-level encryption.

Data Lifecycle Management

The process of managing data from creation through storage, use, sharing, archiving, and eventual destruction.

The maintenance and assurance of data accuracy and consistency throughout its lifecycle, ensuring it has not been altered by unauthorized parties.

Data Exfiltration Prevention

Security measures designed to detect and prevent unauthorized transfer of data outside an organization's network boundaries.

Database Activity Monitoring

A security technology that monitors and analyzes database activity in real time to detect unauthorized access, SQL injection, and policy violations.

The process of identifying and classifying sensitive data across an organization's systems and storage to understand exposure and apply appropriate protections.

Domain Name System Security Extensions. A suite of specifications that adds security to the DNS protocol by enabling DNS responses to be validated.

DNS over TLS. A protocol that encrypts DNS queries using TLS, preventing eavesdropping and manipulation of DNS traffic between clients and resolvers.

DNS over HTTPS. A protocol for performing DNS resolution via the HTTPS protocol, encrypting DNS queries and making them indistinguishable from regular web traffic.

DNS Amplification

A DDoS attack that exploits open DNS resolvers to flood a target with amplified DNS response traffic using spoofed source addresses.

Darknet Monitoring

The practice of monitoring dark address space for backscatter traffic, worm propagation, and misconfigured systems.

A type of malware whose primary purpose is to download and install additional malicious payloads from remote servers after initial infection.

Double Extortion

A ransomware tactic where attackers both encrypt data and threaten to publish stolen information if the ransom is not paid.

Data Encryption Standard. A formerly predominant symmetric-key algorithm for data encryption, now considered insecure due to its 56-bit key length.

Digital Signature Algorithm. A federal standard for digital signatures based on the mathematical concept of modular exponentiation and discrete logarithm.

A security framework that evaluates the security posture of a device before granting access to organizational resources.

Detection Engineering

The practice of designing, building, testing, and maintaining detection rules and analytics for identifying security threats.

Data Breach Response

The coordinated process of investigating, containing, and remediating a data breach while meeting notification requirements.

DLL Sideloading

An attack that exploits the Windows DLL search order to load a malicious DLL by placing it alongside a legitimate application.

Decentralized Identity

A digital identity model where individuals control their identity data without relying on centralized authorities, often using blockchain.

Deceptive user interface designs that trick users into making choices that benefit the company at the expense of user privacy.

Dependency Vulnerability

A security weakness in a third-party library or package that an application depends on, potentially introducing risk through the supply chain.

Data Classification Levels

Standardized categories for organizing data by sensitivity, typically including public, internal, confidential, and restricted levels.

Requirements specifying the physical or geographic location where data must be stored and processed, often driven by regulation.

The tracking of data from its origin through its lifecycle, documenting transformations and movements for compliance and security.

Detective Control

A security control designed to identify and alert on security events that have already occurred, such as intrusion detection and log monitoring.

A threat intelligence framework that describes intrusion events using four core features: adversary, capability, infrastructure, and victim.

Digital Forensics Certifications

Certifications for forensics professionals including GCFE, EnCE, CFCE, and AccessData Certified Examiner.

A DNS server that returns false results for specific domains, used to block access to known malicious sites and disrupt malware communications.

Domain Fronting

A technique that routes network traffic through a trusted domain to disguise the true destination, often used to evade censorship and security controls.

Data Fabric Security

Security architecture that provides consistent data protection across distributed environments including cloud, on-premises, and edge.

Data Clean Room

A secure environment where multiple parties can analyze combined datasets without exposing raw data to each other.

Data Mesh Security

Security practices for data mesh architectures where domain teams own their data products with federated governance.

Security measures for protecting against and using unmanned aerial vehicles, including counter-drone technology and surveillance capabilities.

A security service that filters DNS queries to block access to malicious domains, phishing sites, and command-and-control servers.

DDoS Mitigation

Technologies and services that detect and absorb volumetric denial-of-service attacks before they reach the target infrastructure.

DHCP Starvation

An attack that exhausts the DHCP server address pool by flooding it with requests using spoofed MAC addresses.

An attack where a rogue DHCP server provides false network configuration to clients, redirecting their traffic through attacker-controlled systems.

The process of distinguishing penetration testing activities from real attacks during an engagement to prevent unnecessary incident responses.

A lattice-based digital signature scheme selected by NIST as a post-quantum cryptography standard.

Digital Risk Protection

Services that monitor the internet for threats targeting an organization including brand impersonation, data leaks, and phishing.

Detection as Code

An approach where security detection rules are managed like software code with version control, testing, and automated deployment.

Digital Services Act

EU regulation establishing obligations for online platforms regarding illegal content, transparency, and user protection.

Deepfake Detection

Technologies and methods for identifying AI-generated synthetic media including facial inconsistencies and artifact analysis.

Detection Gap Analysis

An assessment comparing current detection capabilities against known attack techniques to identify areas needing improvement.

Differential Privacy in ML

Applying differential privacy techniques to machine learning to prevent training data from being extracted from models.

Delegated Administration

The practice of distributing administrative responsibilities to specific individuals or teams for their areas of authority.

DREAD Risk Model

A risk assessment model rating threats on Damage, Reproducibility, Exploitability, Affected Users, and Discoverability.

A comprehensive inventory of data assets that provides metadata about data location, ownership, sensitivity, and lineage.

Data Access Governance

Policies and processes controlling who can access specific data, under what conditions, and how access is monitored.

Database Firewall

A security tool that monitors database traffic and blocks unauthorized queries, SQL injection, and privilege escalation attempts.

The process of obscuring sensitive data in documents or databases by replacing it with placeholders while preserving document structure.

Database Forensics

The forensic analysis of database contents, logs, and transactions to investigate unauthorized access and data manipulation.

Device Attestation

The process of verifying the identity and integrity of hardware devices before granting them access to resources.

Defensive Security Career Path

Career progression from SOC analyst through incident responder, threat hunter, and security architect roles.

Dynamic ARP Inspection

A switch security feature that validates ARP packets against a trusted binding table to prevent ARP spoofing attacks.

The duration between an initial compromise and its detection, often measured in days, indicating detection capability effectiveness.

The process of revoking user access rights and disabling accounts when employees leave or change roles within an organization.

Data Sovereignty Compliance

Ensuring data storage and processing complies with the legal requirements of the jurisdictions where data subjects reside.

Data Sanitization

The process of deliberately and permanently removing data from storage media to prevent recovery using standard forensic techniques.

Data Tokenization Service

A service that replaces sensitive data with non-sensitive tokens for storage and processing while maintaining a secure token vault.

Data Privacy Officer

A designated individual responsible for overseeing data protection strategy and compliance with privacy regulations.

E

Evil Twin Attack

A type of Wi-Fi attack where an attacker sets up a rogue access point that mimics a legitimate one to intercept wireless communications.

Egress Filtering

The practice of monitoring and controlling outbound network traffic to prevent data exfiltration, malware communication, and unauthorized data transfers.

The process of converting plaintext data into ciphertext using an algorithm and a key, making it unreadable to anyone without the corresponding decryption key.

Elliptic Curve Cryptography

A public-key cryptography approach based on the algebraic structure of elliptic curves, offering equivalent security to RSA with significantly smaller key sizes.

A measure of randomness or unpredictability in data, critical in cryptography for generating strong keys, passwords, and nonces that resist guessing attacks.

End-to-End Encryption

A communication system where only the communicating parties can read the messages, with encryption and decryption occurring at the endpoints rather than in transit.

A piece of code, software, or technique that takes advantage of a vulnerability in a system or application to cause unintended behavior or gain unauthorized access.

A toolkit used by attackers to automatically exploit known vulnerabilities in software, typically delivered through compromised websites or malicious advertisements.

The process of actively probing a target system to extract detailed information about users, groups, shares, services, and configurations.

The phase of a penetration test where identified vulnerabilities are actively exploited to gain unauthorized access or demonstrate the impact of the weakness.

The unauthorized transfer of data from a compromised system to an attacker-controlled location, often using covert channels to avoid detection.

The incident response phase focused on removing the root cause of an incident, including malware removal, vulnerability patching, and account remediation.

Endpoint Detection and Response. A cybersecurity solution that continuously monitors endpoints to detect, investigate, and respond to cyber threats in real time.

Endpoint Security

The practice of securing end-user devices such as laptops, desktops, and mobile devices from cyber threats through software and policy enforcement.

Electromagnetic Emanations

Unintentional electromagnetic signals emitted by electronic devices that can be intercepted to reconstruct displayed information or cryptographic keys.

The creation of emails with a forged sender address to deceive recipients into believing the message came from a trusted source.

A security solution that filters incoming and outgoing email traffic to block spam, phishing, malware, and other email-borne threats.

An attack that floods a victim email inbox with a massive volume of messages, causing denial of service and potentially masking important notifications.

Encryption at Rest

The encryption of stored data on disk or in databases to protect against unauthorized access if physical storage media is compromised or stolen.

eLearnSecurity Junior Penetration Tester. An entry-level practical penetration testing certification with a hands-on exam environment.

East-West Traffic

Network traffic that moves laterally between servers or applications within a data center, as opposed to north-south traffic entering or leaving the network.

Elliptic Curve Cryptography

A public-key cryptography approach based on the algebraic structure of elliptic curves, providing equivalent security to RSA with smaller key sizes.

Evidence Preservation

The process of protecting digital evidence from modification, damage, or destruction to maintain its integrity for investigation and legal proceedings.

A rogue wireless access point that masquerades as a legitimate one, tricking users into connecting and allowing the attacker to intercept their traffic.

Electromagnetic Emanation

Unintentional electromagnetic signals emitted by electronic devices that can be intercepted and analyzed to reconstruct processed data.

Emulator Detection

Techniques used by mobile applications to detect when they are running in an emulated environment, often to prevent security analysis.

Email Header Analysis

The examination of email message headers to trace the path of an email, identify the sending server, and detect potential spoofing.

Email Encryption

The process of encrypting email messages and attachments to protect their contents from unauthorized access during transit and storage.

Email Sandboxing

The practice of executing email attachments in an isolated environment to detect malicious behavior before delivering them to the recipient.

Email Impersonation

An attack where the sender disguises their email to appear as if it comes from a trusted contact or organization without technically spoofing the address.

Email Quarantine

An area where suspicious emails are held for review rather than being delivered to the recipient's inbox or permanently deleted.

Environmental Controls

Physical security measures protecting IT equipment from environmental threats including fire, flood, temperature extremes, and humidity.

eLearnSecurity Web Application Penetration Tester eXtreme. An advanced web application security certification requiring exploitation of complex vulnerabilities.

Error-Based SQL Injection

A SQL injection technique that uses database error messages to extract information about the database structure and content.

Elliptic Curve Digital Signature Algorithm. A variant of DSA that uses elliptic curve cryptography, providing equivalent security with smaller keys.

A defense evasion technique that patches Event Tracing for Windows functions to prevent security tools from receiving telemetry data.

Evil Maid Attack

A physical attack where an adversary gains brief physical access to an unattended device to install implants or extract encryption keys.

Electromagnetic Shielding

Physical barriers that block electromagnetic fields to prevent eavesdropping on electronic emissions from computing equipment.

Email Authentication

The combination of SPF, DKIM, and DMARC protocols working together to verify the authenticity of email senders and prevent spoofing.

Techniques used by attackers to avoid detection by Endpoint Detection and Response solutions, including unhooking, direct syscalls, and memory manipulation.

A highly sophisticated modular banking trojan that evolved into a malware distribution service, known for its polymorphic capabilities and email spreading.

Elastic Security

A SIEM and endpoint security solution built on the Elastic Stack that provides threat detection, investigation, and response capabilities.

Essential Eight

An Australian cybersecurity framework recommending eight mitigation strategies to protect against the most common cyber threats.

An adversarial machine learning attack that crafts inputs to cause a deployed model to make incorrect predictions at inference time.

Security implications of embedded SIM technology including remote provisioning vulnerabilities and profile manipulation risks.

Email Thread Hijacking

A phishing technique where attackers reply to existing email conversations using a compromised account to deliver malware or phishing links.

Email Forensics

The examination of email messages and headers to trace origins, detect forgery, and gather evidence for security investigations.

Email Security Gateway

A dedicated security appliance that inspects all inbound and outbound email for threats including malware, phishing, and data leakage.

Email Header Injection

An attack that exploits web contact forms to inject additional email headers, potentially turning the form into a spam relay.

Exposure Management

A proactive approach to identifying and prioritizing an organization most critical security exposures across the entire attack surface.

European Union regulation establishing a legal framework for artificial intelligence, including requirements for high-risk AI systems.

Enterprise Passwordless

The organizational transition from password-based authentication to passwordless methods like FIDO2, biometrics, and certificates.

Evidence Collection

The systematic gathering of digital evidence following forensic procedures to maintain integrity and chain of custody.

Escalation Procedure

Defined criteria and processes for escalating security incidents to higher tiers of analysis, management, or external parties.

Encryption Policy

A policy establishing when and how encryption must be used to protect data at rest, in transit, and in use.

Emergency Access

Predefined procedures for granting temporary elevated access during critical incidents, with full audit logging.

Email Forensic Analysis

Examining email artifacts including headers, attachments, and metadata to investigate phishing, fraud, and data theft.

Data Loss Prevention controls applied to email to prevent sensitive information from being sent outside the organization.

Email Archive Security

Security measures for protecting stored email archives including encryption, access controls, and tamper detection.

Email Continuity

Systems that ensure email service availability during outages, providing emergency mailbox access when primary servers are down.

Email Threat Intelligence

Threat data specifically related to email-based attacks including phishing campaigns, malware distribution, and BEC schemes.

Extendable Output Function

A cryptographic function like SHAKE that produces output of arbitrary length, useful for key derivation and random generation.

A tamper-evident container used to store and transport physical digital evidence while maintaining chain of custody.

Evidence of Compliance

Documentation and artifacts that demonstrate an organization adherence to regulatory requirements and security standards.

Embedded Systems Security

Security practices for protecting embedded computing systems including secure boot, firmware validation, and hardware tamper resistance.

Enterprise Mobility Management

A comprehensive approach to securing mobile devices and applications in enterprise environments including MDM, MAM, and MCM.

F

A network security device or software that monitors and controls incoming and outgoing network traffic based on predetermined security rules, acting as a barrier between trusted and untrusted networks.

File Upload Vulnerability

A security weakness where a web application fails to properly validate uploaded files, allowing attackers to upload malicious scripts or executables.

Fileless Malware

Malware that operates entirely in memory without writing files to disk, making it difficult to detect with traditional antivirus solutions that scan file systems.

An authentication standard that enables passwordless login using hardware security keys or platform authenticators, providing strong phishing-resistant authentication.

The process of gathering maximum information about a target system, network, or organization during the reconnaissance phase of a penetration test.

Family Educational Rights and Privacy Act. A US federal law protecting the privacy of student education records at institutions receiving federal funding.

Federal Risk and Authorization Management Program. A US government program providing a standardized approach to security assessment for cloud products and services.

Federal Information Security Modernization Act. US legislation requiring federal agencies to develop, document, and implement information security programs.

Full Disclosure

A vulnerability disclosure approach where details of security vulnerabilities are published immediately and publicly, without giving the vendor advance notice.

Firmware Analysis

The process of examining device firmware to identify vulnerabilities, backdoors, and hardcoded credentials that could be exploited by attackers.

Flash Loan Attack

A DeFi exploit where attackers use uncollateralized flash loans to manipulate cryptocurrency prices and drain liquidity pools in a single transaction.

An enclosure made of conductive material that blocks electromagnetic signals, used to prevent electronic eavesdropping and protect sensitive equipment.

File Transfer Protocol. A standard network protocol used for transferring files between a client and server, considered insecure without encryption.

Forensic Imaging

The process of creating an exact bit-for-bit copy of a storage device for forensic analysis, preserving the original evidence.

A forensic technique that recovers files from unallocated disk space based on file signatures and structure, without relying on file system metadata.

An automated software testing technique that provides invalid, unexpected, or random data to program inputs to discover vulnerabilities and crashes.

Federated Learning Attack

Attacks targeting distributed machine learning systems where malicious participants manipulate local model updates to corrupt the global model.

Fault Injection

An attack technique that introduces faults into hardware through voltage glitching, clock manipulation, or laser stimulation to bypass security mechanisms.

Full Disk Encryption

A security method that encrypts all data on a storage drive, protecting information even if the device is lost or stolen.

File Integrity Monitoring

A security process that validates the integrity of operating system and application files by comparing current states against known good baselines.

The examination of network flow data like NetFlow or sFlow to identify anomalies, detect threats, and understand traffic patterns.

File Upload Attack

An attack exploiting file upload functionality to upload malicious files like web shells, achieving remote code execution on the server.

Format-Preserving Encryption

An encryption scheme where the ciphertext has the same format and length as the plaintext, useful for encrypting structured data.

Firmware Malware

Malware that infects device firmware to persist below the operating system, surviving OS reinstallation and most security measures.

Malicious JavaScript code injected into payment forms on websites to steal credit card information as customers enter their details.

A Windows-based malware analysis distribution maintained by Mandiant, providing a curated collection of reverse engineering and analysis tools.

Firmware Forensics

The extraction and analysis of device firmware for evidence of tampering, backdoors, or malicious modifications.

A denial-of-service attack similar to Smurf that uses UDP echo instead of ICMP to amplify traffic against a target.

Forced Browsing

An attack where a user manually accesses web pages not linked from the application, potentially finding unprotected administrative functions.

Format String Attack

A vulnerability exploiting format string functions like printf to read or write memory, potentially leading to code execution.

Fileless Attack

An attack technique that executes malicious code entirely in memory using legitimate system tools without writing files to disk.

False Positive Tuning

The process of refining detection rules and thresholds to reduce false alerts while maintaining detection effectiveness.

Forensic Readiness

The organizational preparation to efficiently conduct digital forensic investigations, including log retention and tool availability.

Forensic Report

A detailed document presenting findings from a digital forensic investigation, suitable for legal proceedings and management review.

Federated Learning Security

Security considerations for distributed machine learning where models are trained across decentralized devices without sharing raw data.

First Responder

The initial person to arrive at a digital crime scene or security incident, responsible for preserving volatile evidence.

Forensic Toolkit

A collection of hardware and software tools used by digital forensic investigators to acquire, analyze, and report on evidence.

Forensic Workstation

A dedicated computer system configured specifically for digital forensic analysis with appropriate tools and write-blocking capabilities.

Forensic Imaging Tool

Specialized software or hardware for creating bit-for-bit copies of storage devices while maintaining forensic integrity.

G

GraphQL Injection

An attack targeting GraphQL APIs where malicious queries are crafted to extract unauthorized data, perform denial of service, or bypass access controls.

A forged Kerberos ticket-granting ticket that provides an attacker with unlimited access to any resource in an Active Directory domain for an extended period.

A fast directory and DNS brute-forcing tool written in Go, used during penetration testing to discover hidden content on web servers.

General Data Protection Regulation. European Union regulation governing data protection and privacy that gives individuals control over their personal data.

A curated list of Unix binaries that can be exploited by attackers to bypass local security restrictions and escalate privileges on Linux systems.

GIAC Penetration Tester. A SANS certification validating the ability to properly conduct penetration tests using best practice techniques and methodologies.

Generic Routing Encapsulation. A tunneling protocol that encapsulates a wide variety of network layer protocols inside virtual point-to-point links.

GPT Exploitation

The use of generative AI models to automate and scale cyberattack components like writing malware, generating phishing content, and discovering vulnerabilities.

A high-performance remote procedure call framework that uses Protocol Buffers and HTTP/2, requiring security review for authentication and data protection.

GraphQL Security

Security practices specific to GraphQL APIs including query depth limiting, introspection control, and authorization enforcement.

A free software reverse engineering framework developed by the NSA that provides binary analysis, disassembly, and decompilation capabilities.

GCP Security Command Center

Google Cloud comprehensive security management and data risk platform for identifying vulnerabilities and threats.

Generative AI Threats

Emerging security risks from generative AI including automated malware creation, phishing at scale, and synthetic identity fraud.

GitOps Security

Security practices for GitOps workflows including branch protection, signed commits, and automated security scanning in pull requests.

GIAC Security Essentials. A SANS certification validating knowledge of information security concepts and hands-on security skills.

GIAC Certified Intrusion Analyst. A certification validating skills in network traffic analysis, intrusion detection, and incident handling.

GRC Career Path

Career path in Governance, Risk, and Compliance covering policy development, risk assessment, and regulatory compliance.

GraphQL Introspection Attack

Exploiting enabled GraphQL introspection to discover the complete API schema including hidden queries and sensitive fields.

Garbled Circuit

A cryptographic protocol enabling secure two-party computation where a boolean circuit is encrypted to hide the inputs and computation.

H

A security mechanism set up as a decoy to attract and detect attackers, allowing security teams to study attack methods and gather threat intelligence.

A network of honeypots designed to simulate a real network environment, providing a broader view of attacker behavior and techniques than a single honeypot.

HTTP Request Smuggling

An attack that exploits discrepancies in how front-end and back-end servers process HTTP requests, allowing attackers to bypass security controls.

HTTP Strict Transport Security. A security header that instructs browsers to only connect to a website using HTTPS, preventing protocol downgrade attacks and cookie hijacking.

A one-way mathematical function that converts input data of any size into a fixed-size output, used for password storage, data integrity verification, and digital signatures.

Hash-based Message Authentication Code. A mechanism that combines a cryptographic hash function with a secret key to verify both data integrity and message authenticity.

Homomorphic Encryption

A form of encryption that allows computations to be performed on encrypted data without decrypting it, enabling secure cloud computing on sensitive data.

A high-performance password recovery tool that leverages GPU acceleration to crack password hashes using various attack methods at extremely high speeds.

A fast and flexible online password cracking tool that supports numerous protocols including SSH, FTP, HTTP, RDP, and many database services.

Health Insurance Portability and Accountability Act. US federal law establishing standards for protecting sensitive patient health information from disclosure.

The process of securing a system by reducing its attack surface through disabling unnecessary services, applying patches, and configuring security settings.

Hardware Security Module

A dedicated crypto-processing device that manages and protects digital keys, providing tamper-resistant storage for sensitive cryptographic operations.

Hardware Implant

A physical device covertly installed in hardware to provide persistent backdoor access, intercept communications, or exfiltrate data.

Header Analysis

The examination of email message headers to trace the path of delivery, verify sender authenticity, and identify potential spoofing or manipulation.

An online platform providing vulnerable virtual machines and challenges for practicing penetration testing and offensive security skills.

HyperText Transfer Protocol. The foundation protocol of the World Wide Web for transmitting web pages and data between clients and servers.

HTTP Secure. The encrypted version of HTTP that uses TLS to secure communication between web browsers and servers, protecting data integrity and confidentiality.

HTTP Parameter Pollution

An attack technique that exploits how web applications handle multiple HTTP parameters with the same name, potentially bypassing input validation.

HMAC-based One-Time Password. An algorithm that generates one-time passwords using a counter value and shared secret, incrementing with each use.

Human-Machine Interface. The user interface in industrial control systems that allows operators to interact with and control automated processes.

Mobile security tools like Frida and Xposed that inject code into running processes to intercept and modify function calls for dynamic analysis.

Homoglyph Attack

A deception technique using characters that look identical to standard letters but are from different character sets, commonly used in phishing domain names.

Hardware Security Module. A dedicated crypto processor that manages digital keys, performs encryption and decryption, and provides tamper-resistant key storage.

The second major version of the HTTP protocol that improves web performance through multiplexing, header compression, and server push capabilities.

The third major version of HTTP that uses QUIC transport protocol instead of TCP, providing improved performance and built-in encryption.

Host Header Injection

An attack that manipulates the HTTP Host header to affect server-side behavior, potentially enabling cache poisoning or password reset hijacking.

HTTP Verb Tampering

An attack that bypasses security controls by changing the HTTP method of a request to one that is not properly validated.

An individual or group that uses hacking techniques to promote political or social causes, often through website defacement or data leaks.

Horizontal Privilege Escalation

Accessing resources belonging to another user with the same privilege level, such as viewing another customer account.

A malicious HTML Application file that executes outside the browser security sandbox, providing full system access when run.

Hardware Backdoor

An unauthorized modification to hardware that provides covert access to a system, potentially introduced during manufacturing or supply chain.

Hardware Supply Chain Attack

Attacks that compromise hardware components during manufacturing, shipping, or installation to implant surveillance or backdoor capabilities.

HTTP Response Splitting

An attack that injects malicious content into HTTP response headers, potentially enabling cache poisoning and cross-site scripting.

A modern, collaborative command and control framework providing advanced evasion and post-exploitation capabilities for red team operations.

Health Information Trust Alliance. A security framework combining HIPAA, NIST, and ISO requirements for healthcare organizations.

Hardware Trojan

A malicious modification to the circuitry of an integrated circuit, potentially introducing backdoors or causing malfunction.

An attack where malicious HTML content is injected into a web page, potentially modifying page appearance or behavior.

HTTP Desync Attack

An advanced form of request smuggling that exploits differences in how HTTP components process messages.

HTTP/2 Rapid Reset

A DDoS attack technique exploiting HTTP/2 stream multiplexing to generate massive request volumes with minimal resources.

HTTP Header Injection

An attack that inserts malicious content into HTTP response headers through unsanitized user input.

HTTP Verb Abuse

Exploiting web servers that respond differently to various HTTP methods, using PUT, DELETE, or TRACE to bypass access controls.

An exploitation technique that writes large amounts of data to the heap memory to increase the reliability of code execution.

Host-based Intrusion Detection System. An IDS that monitors a single host for suspicious activity including file changes and process behavior.

Hardware Security Key

A physical device used for multi-factor authentication that generates or stores cryptographic credentials.

I

Intrusion Detection System. A device or software that monitors network traffic for suspicious activity and known threats, generating alerts when potential intrusions are detected.

Intrusion Prevention System. A network security tool that monitors traffic and actively blocks or prevents detected threats in real time, going beyond passive detection.

Internet Control Message Protocol. A network protocol used by network devices to send error messages and operational information, commonly used by ping and traceroute.

Insecure Direct Object Reference. A vulnerability where an application exposes internal object references that allow attackers to access unauthorized data by manipulating object identifiers.

Insecure Deserialization

A vulnerability where untrusted data is used to abuse the logic of an application, inflict denial of service, or execute arbitrary code during deserialization.

Initialization Vector. A random value used with encryption algorithms to ensure that encrypting the same plaintext multiple times produces different ciphertext outputs.

Malware specifically designed to collect sensitive information from infected systems, including credentials, cookies, cryptocurrency wallets, and personal documents.

Incident Response

The organized approach to addressing and managing the aftermath of a security breach or cyberattack, with the goal of minimizing damage and recovery time.

Indicator of Compromise. Observable artifacts such as IP addresses, file hashes, domain names, or registry keys that indicate a system has been compromised.

Indicator of Attack. Behavioral patterns and techniques that indicate an active attack is in progress, focusing on attacker intent rather than static artifacts.

Infrastructure as a Service. A cloud computing model where virtualized computing resources are provided over the internet, with the customer managing OS and applications.

Identity and Access Management. The framework for managing digital identities and controlling access to resources in cloud environments through policies and roles.

An international standard for information security management systems that specifies requirements for establishing, implementing, and continually improving security management.

Information Security

The practice of protecting information by mitigating information risks, encompassing the protection of data confidentiality, integrity, and availability.

A security risk originating from within an organization, posed by current or former employees, contractors, or partners with legitimate access to systems.

The fraudulent acquisition and use of another person personal identifying information, typically for financial gain or to commit crimes.

The practice of securing Internet of Things devices and networks, addressing unique challenges like limited processing power and default credentials.

Industrial Control System security. The protection of operational technology systems that manage physical processes in manufacturing, utilities, and infrastructure.

Interactive Application Security Testing. A method that combines static and dynamic analysis by monitoring applications from within during testing for comprehensive vulnerability detection.

Input Validation

The process of verifying that user-supplied data meets expected formats and constraints before processing, preventing injection attacks and data corruption.

Internet Message Access Protocol. An email retrieval protocol that allows clients to access and manage messages stored on a mail server from multiple devices.

A collection of Python classes for working with network protocols, widely used in penetration testing for authentication attacks and lateral movement.

Techniques used by attackers to avoid detection by intrusion detection systems, including fragmentation, encryption, and protocol-level manipulation.

Internet Protocol Security. A framework of open standards for securing IP communications by authenticating and encrypting each IP packet in a communication session.

Identity Federation

A system that allows users to use the same identification data to obtain access across multiple organizations and security domains.

Identity and Access Management security in cloud environments, ensuring proper user permissions, least privilege, and credential management.

Security practices for Infrastructure as Code, scanning Terraform, CloudFormation, and other templates for misconfigurations before deployment.

Immutable Infrastructure

An approach where servers are never modified after deployment, replaced entirely with new instances when changes are needed, reducing configuration drift.

Incident Response Plan

A documented set of procedures describing the actions an organization takes when a security incident is detected, containing, and recovering from it.

The process of identifying and documenting indicators of compromise from forensic evidence, including file hashes, IP addresses, and behavioral patterns.

Identity Governance

The policy-based centralized management of digital identities, including access provisioning, certification, and separation of duties enforcement.

Indirect Prompt Injection

An attack where malicious instructions are embedded in external content that an AI system processes, causing unintended actions without direct user input.

A network of compromised Internet of Things devices controlled by an attacker, often used for large-scale DDoS attacks like the Mirai botnet.

The process of removing software restrictions imposed by Apple on iOS devices, enabling root access and installation of unauthorized applications.

Insecure Data Storage

A mobile security vulnerability where sensitive data is stored without proper encryption on the device, accessible through forensic analysis or rooting.

Intrusion Alarm

An electronic security system that detects unauthorized entry into a protected area and alerts security personnel through audible or silent alarms.

Incident Responder

A cybersecurity specialist who leads the investigation and remediation of security incidents, containing threats and restoring normal operations.

Information Rights Management. Technology that controls access to and usage of digital content, enforcing policies even after data leaves the organization.

The creation of IP packets with a falsified source IP address to impersonate another system or hide the sender identity.

Incident Classification

The process of categorizing security incidents by type and severity to determine appropriate response actions and resource allocation.

Insider Threat Program

A formal program designed to detect, deter, and mitigate risks posed by insiders who may intentionally or unintentionally harm the organization.

An attack strategy where adversaries compromise smaller partner organizations to use as stepping stones to reach their primary target.

IoT Firmware Security

Security practices for IoT firmware including secure boot, signed updates, encrypted storage, and vulnerability patching.

Identity Proofing

The process of verifying that a person is who they claim to be before issuing credentials, using documents, biometrics, or knowledge factors.

Immutable Storage

Storage systems that prevent data modification or deletion for a specified period, protecting against ransomware and insider threats.

Internet Key Exchange version 2. A VPN tunneling protocol that provides secure key exchange and supports MOBIKE for seamless VPN reconnection.

Indicator of Attack. Behavioral evidence that an attack is currently occurring, focusing on attacker intent and activities rather than static artifacts.

Ingress Filtering

Filtering incoming network traffic at the network perimeter to block spoofed IP addresses and known malicious sources.

Invisible Internet Project. An anonymous network layer that allows applications to communicate with each other without revealing their IP addresses.

IoT Network Security

Security measures specific to networks containing IoT devices, including segmentation, monitoring, and device authentication.

A collection of Python classes for working with network protocols, widely used in penetration testing for executing remote commands and dumping credentials.

Information Technology Infrastructure Library. A set of practices for IT service management that includes security management processes.

Identity Fabric

An integrated identity infrastructure that provides consistent authentication and authorization across all environments and applications.

Identity Attack Surface

The total set of identity-related vulnerabilities in an organization including SSO misconfigurations, stale accounts, and excessive permissions.

Digital forensic analysis of Internet of Things devices, addressing challenges of diverse platforms, limited storage, and volatile data.

A covert channel technique that encapsulates data within ICMP echo request and reply packets to bypass firewall restrictions.

Insufficient Logging

A security weakness where applications fail to log security-relevant events adequately, hampering incident detection and investigation.

IoT Penetration Testing

Security assessment of Internet of Things devices including firmware analysis, network protocol testing, and hardware interface exploitation.

Identity Provider

A system that creates, maintains, and manages identity information while providing authentication services to applications.

Incident Ticketing System

A system for tracking, managing, and documenting security incidents from detection through resolution and closure.

Identity Threat Detection

Security solutions that monitor identity infrastructure for signs of attack including credential theft and privilege abuse.

Identity Lifecycle Management

The process of managing digital identities from creation through modification to eventual deactivation and deletion.

Security considerations specific to IPv6 networks including larger address space reconnaissance, extension header attacks, and dual-stack vulnerabilities.

Indicator Management

The process of collecting, validating, enriching, and operationalizing indicators of compromise across security tools.

Incident Commander

The person responsible for managing all aspects of an incident response, making decisions and coordinating team activities.

Incident Metrics

Quantitative measurements of incident response performance including detection time, response time, and resolution effectiveness.

Incident Communication Plan

A documented strategy for internal and external communications during security incidents, including notification procedures and templates.

Incident Response Policy

An organizational policy defining requirements for detecting, responding to, and recovering from cybersecurity incidents.

Instance Metadata Attack

Exploiting cloud instance metadata services to obtain credentials, configuration data, and other sensitive information.

IoT Authentication

Security mechanisms for verifying the identity of IoT devices connecting to networks and cloud services.

IoT Gateway Security

Security controls for IoT gateways that bridge device networks to cloud services, including traffic filtering and protocol translation.

Input Sanitization

The process of cleaning user-supplied data by removing or encoding potentially dangerous characters before processing.

Initial Access Broker

A cybercriminal who specializes in gaining unauthorized access to networks and selling that access to other threat actors.

The process of adding context to indicators of compromise using threat intelligence sources to improve detection accuracy.

Identity Analytics

Using data analytics to detect anomalous identity and access patterns that may indicate compromised accounts or insider threats.

Identity Bridge

Technology that connects modern cloud identity services with legacy on-premises systems for unified authentication.

J

JSON Web Token. A compact, URL-safe token format used for securely transmitting claims between parties, commonly used for authentication and authorization in web applications.

John the Ripper

An open-source password cracking tool that supports various hash formats and attack modes including dictionary, brute-force, and hybrid attacks.

Joint Test Action Group. A hardware debugging interface that can be exploited to extract firmware, bypass security controls, or gain root access to embedded devices.

The process of removing software restrictions imposed by iOS on Apple devices, allowing installation of unauthorized applications and system modifications.

A hardened server used to access and manage devices in a separate security zone, providing a controlled access point for administrative tasks.

JWT Vulnerability

Security weaknesses in JSON Web Token implementations, including algorithm confusion, weak secrets, and improper signature validation.

Just-in-Time Access

A security practice that provides elevated access only when needed and for the minimum duration required to complete a specific task.

JWT None Algorithm Attack

An attack exploiting JWT implementations that accept the none algorithm, allowing attackers to forge tokens without a valid signature.

An attack that manipulates JSON data structures sent to an application to modify behavior or extract unauthorized data.

Just-in-Time Provisioning

Automatically creating user accounts and access rights at the moment they are needed rather than pre-provisioning.

K

The method by which cryptographic keys are exchanged between parties, with protocols like Diffie-Hellman enabling secure key agreement over insecure channels.

Software or hardware that records keystrokes made by a user, often used maliciously to capture passwords, credit card numbers, and other sensitive information.

A network authentication protocol that uses tickets to allow nodes to prove their identity securely over non-secure networks, widely used in Active Directory environments.

An attack technique that targets Active Directory service accounts by requesting Kerberos service tickets and cracking them offline to obtain plaintext passwords.

A model describing the stages of a cyberattack from reconnaissance to objective completion, used to understand and disrupt attack progression.

Kubernetes Security

Security practices for Kubernetes container orchestration platforms, including cluster hardening, pod security, network policies, and secrets management.

Key Reinstallation Attack. A vulnerability in the WPA2 protocol that allows attackers to intercept and decrypt Wi-Fi traffic by manipulating the four-way handshake.

A Debian-based Linux distribution designed for digital forensics and penetration testing, pre-loaded with hundreds of security tools and utilities.

The administration of cryptographic keys throughout their lifecycle, including generation, distribution, storage, rotation, and destruction.

Key Reinstallation Attack. A vulnerability in the WPA2 protocol that allows attackers to decrypt wireless traffic by manipulating and replaying handshake messages.

A wireless attack where a rogue access point responds to all probe requests, tricking devices into connecting by advertising any network name they seek.

Key Management System

A system that manages the lifecycle of cryptographic keys, including generation, distribution, storage, rotation, and destruction.

Malware specifically designed to cause physical harm or endanger human life by targeting critical infrastructure and medical systems.

A technique that makes a potentially weak cryptographic key more secure by increasing the resources needed to test each possible key.

Key Derivation Function

A cryptographic algorithm that derives one or more secret keys from a master key, password, or other source of entropy.

Kerberos Protocol

A network authentication protocol that uses symmetric key cryptography and a trusted third party to authenticate users and services.

A lattice-based key encapsulation mechanism selected by NIST for post-quantum cryptography standardization.

A formal process for generating cryptographic keys with multiple witnesses and security controls to ensure key integrity.

L

Lateral Movement

The techniques attackers use to progressively move through a network after initial compromise, searching for sensitive data and escalating privileges.

Local File Inclusion. A vulnerability that allows an attacker to include files already present on the server through the web application, potentially exposing sensitive configuration files.

Malicious code inserted into a program that remains dormant until triggered by a specific condition such as a date, user action, or system event.

Lightweight Directory Access Protocol. A protocol for accessing and managing distributed directory information services, commonly used for centralized authentication.

Least Privilege

A security principle that grants users and processes only the minimum permissions necessary to perform their required tasks, reducing attack surface.

Lessons Learned

The post-incident review process that analyzes what happened, what worked, what failed, and what improvements should be made to prevent future incidents.

The examination of system, application, and security logs to identify suspicious activities, reconstruct events, and support incident investigation.

The practice of securing large language models against attacks including prompt injection, data extraction, jailbreaking, and training data poisoning.

Living off the Land

An attack technique that uses legitimate system tools and features already present on the target system to perform malicious activities, evading detection.

Living Off the Land Binaries, Scripts, and Libraries. A catalog of legitimate Windows binaries that can be used for malicious purposes by attackers.

A reverse tunneling tool used by penetration testers to establish encrypted tunnels through compromised hosts for pivoting into internal networks.

Living Off the Land Binaries. Legitimate system executables that can be abused by attackers for malicious purposes, such as certutil, mshta, or regsvr32 on Windows.

Malware that downloads and executes additional payloads from remote servers after initial infection, allowing attackers to deploy various tools post-compromise.

The process of collecting, storing, analyzing, and retaining log data from across an organization's infrastructure for security monitoring.

The collection and analysis of digital evidence from a running system, capturing volatile data that would be lost if the system were powered off.

A technique that circumvents the safety restrictions of large language models to produce outputs the model was designed to refuse.

The practice of opening a lock by manipulating its components without the original key, used in physical penetration testing and security assessment.

An attack that exploits applications constructing LDAP queries from user input, potentially accessing unauthorized directory information.

A legitimate system binary that can be misused for malicious purposes such as downloading payloads, executing code, or bypassing security.

LLM Data Leakage

The unintentional disclosure of sensitive training data by large language models through carefully crafted prompts or interactions.

LDAP over SSL. A secure version of LDAP that encrypts the communication between client and directory server using SSL/TLS.

LoRaWAN Security

Security architecture for Long Range Wide Area Network IoT protocol including AES-128 encryption, device authentication, and key management.

Lookalike Domain

A domain name that closely resembles a legitimate domain through character substitution or addition, used in phishing attacks.

Load Balancer Security

Security considerations for load balancers including SSL termination, DDoS protection, health checks, and access control.

A prominent ransomware-as-a-service group known for fast encryption, automated lateral movement, and their leak site for publishing stolen data.

LLM Agent Attack

Attacks targeting autonomous AI agents that can take actions, exploiting their decision-making to perform unauthorized operations.

Security considerations for Long-Term Evolution mobile networks including IMSI catching, downgrade attacks, and protocol vulnerabilities.

Lattice-Based Cryptography

Post-quantum cryptographic algorithms based on lattice problems, considered resistant to quantum computer attacks.

Safety mechanisms implemented around large language models to prevent harmful outputs, prompt injection, and data leakage.

Living Off the Land attack using legitimate system administration tools for malicious purposes to avoid detection.

Lock Bypass Technique

Methods for opening locks without picking including shimming, bumping, and using bypass tools on specific lock designs.

M

Man-in-the-Middle attack. An attack where the adversary secretly intercepts and potentially alters communications between two parties who believe they are communicating directly.

Media Access Control address. A unique hardware identifier assigned to a network interface controller, used for communication within a network segment.

Message Digest Algorithm 5. A widely used but cryptographically broken hash function that produces a 128-bit hash value, no longer considered secure for sensitive applications.

Malicious software designed to damage, disrupt, or gain unauthorized access to computer systems, encompassing viruses, worms, trojans, ransomware, and spyware.

Metamorphic Malware

Malware that completely rewrites its own code with each propagation while maintaining the same functionality, making signature-based detection nearly impossible.

Multi-Factor Authentication. A security method requiring two or more independent verification factors from different categories: something you know, have, or are.

An open-source penetration testing framework that provides tools for developing, testing, and executing exploit code against target systems.

A post-exploitation tool that extracts plaintext passwords, hashes, PIN codes, and Kerberos tickets from Windows memory for credential theft and privilege escalation.

Malware Analysis

The process of studying malware behavior, code, and capabilities to understand its purpose, origin, and impact for incident response and defense improvement.

Memory Forensics

The analysis of volatile memory (RAM) to discover evidence of malicious activity, running processes, network connections, and encryption keys.

Multi-Cloud Security

Security strategies and tools designed to protect data and applications distributed across multiple cloud service providers simultaneously.

Managed Detection and Response. A cybersecurity service that provides organizations with threat monitoring, detection, and response capabilities delivered by external experts.

Malicious software specifically designed to target mobile devices, including trojans, spyware, adware, and ransomware for Android and iOS platforms.

Mobile Device Management

Enterprise software that manages, monitors, and secures mobile devices used by employees, enforcing security policies and enabling remote wipe.

Man-in-the-Browser

A trojan that modifies web page content and transaction data in real time within the browser, intercepting communications between the user and web applications.

Model Extraction

An attack where an adversary queries a machine learning model systematically to reconstruct a functionally equivalent copy of the proprietary model.

Mean Time to Detect

The average time between the occurrence of a security incident and its detection, a key metric for evaluating security monitoring effectiveness.

Mean Time to Respond

The average time from detection of a security incident to its containment and resolution, measuring incident response team efficiency.

A physical security access control system consisting of a small space with two interlocking doors, ensuring only one door opens at a time to prevent tailgating.

Microsegmentation

A security technique that divides a network into small, isolated segments to limit lateral movement and contain breaches within a single segment.

Mass Assignment

A vulnerability where an application automatically binds HTTP request parameters to model attributes, allowing attackers to modify fields they should not access.

Malware Sandbox

An isolated virtual environment used to safely execute and analyze suspicious files, observing their behavior without risking the host system.

A globally accessible knowledge base of adversary tactics and techniques based on real-world observations, used as a framework for threat modeling and detection.

The initial rapid assessment of a malware sample to determine its type, capabilities, and potential impact before committing to full analysis.

Model Inversion

An attack that exploits a machine learning model to recover sensitive training data by analyzing the model's predictions and confidence scores.

Membership Inference Attack

An attack that determines whether a specific data record was used in training a machine learning model, potentially revealing private information.

Mobile Device Management. Software that enables IT administrators to control, secure, and enforce policies on smartphones, tablets, and other mobile devices.

Mobile Application Security

The practice of securing mobile applications against threats including data leakage, insecure storage, improper session handling, and reverse engineering.

Mobile Code Signing

The process of digitally signing mobile applications to verify the developer's identity and ensure the app has not been tampered with.

Mobile Threat Defense

Security solutions that protect mobile devices from network-based, device-based, and application-based threats using on-device detection.

An isolated environment on mobile devices that restricts application access to system resources and other applications' data for security.

Mobile Penetration Testing

Security testing specifically targeting mobile applications and their backend APIs, including static analysis, dynamic analysis, and network interception.

Mesh Network Security

Security considerations for mesh wireless networks where devices relay data for each other, including routing attacks and data interception.

Mail Transfer Agent Strict Transport Security. A mechanism that enables mail service providers to declare their ability to receive TLS-secured connections.

Message Queuing Telemetry Transport. A lightweight messaging protocol used in IoT applications that requires security considerations for authentication and encryption.

An attack that overwhelms a network switch CAM table with fake MAC addresses, forcing it to broadcast all traffic like a hub.

Malware that uses document macros in office applications to execute malicious code when a user opens an infected document.

A tool that compresses and obfuscates malware executables to evade antivirus detection by changing the file signature.

A hash-based data structure where every leaf node contains a data hash and every non-leaf node contains a hash of its children, used for efficient data verification.

Malicious code embedded in document macros that executes when a user opens the document and enables macro execution.

Using the Microsoft Build Engine to compile and execute malicious code inline from project files, bypassing application whitelisting.

A hidden vulnerability inserted into a machine learning model during training that causes specific misclassification when a trigger pattern is present.

Multimodal Attack

Adversarial attacks targeting AI systems that process multiple types of input like text, images, and audio simultaneously.

Microservice Security

Security practices for microservice architectures including service mesh, mutual TLS, API gateway security, and distributed authentication.

Multiprotocol Label Switching. A routing technique that directs data using short path labels rather than long network addresses, improving traffic flow.

A rootkit designed for mobile operating systems that provides persistent privileged access while hiding its presence from the user.

Man-in-the-Disk

An Android attack where malicious apps exploit external storage access to tamper with data used by other applications.

Mobile Reverse Engineering

The process of analyzing compiled mobile applications to understand their functionality, find vulnerabilities, and extract sensitive data.

An open-source command and control framework designed for collaborative red team operations with extensible agent support.

Configurable command and control profiles that modify network traffic indicators to mimic legitimate services and evade detection.

Mobile Banking Trojan

Malware targeting mobile banking applications to steal financial credentials through overlay attacks, SMS interception, and screen recording.

A collective term for cybercriminal groups that specialize in web skimming attacks, injecting malicious code into e-commerce checkout pages.

Malware Information Sharing Platform. An open-source threat intelligence platform for sharing, storing, and correlating indicators of compromise.

Microsoft Sentinel

A cloud-native SIEM and SOAR solution that uses AI to provide intelligent security analytics across the enterprise.

Microsoft Defender for Cloud

A cloud security posture management and workload protection platform for Azure, AWS, and GCP environments.

An attack that extracts a copy of a machine learning model by systematically querying it and training a replica from the responses.

A TLS configuration where both client and server authenticate each other using certificates, providing stronger identity verification.

Medical Device Security

Security practices for protecting medical devices from cyber threats, addressing patient safety and regulatory compliance.

Mobile Threat Landscape

The current state of threats targeting mobile devices including malware distribution, network attacks, and application vulnerabilities.

Mobile Banking Security

Security measures protecting mobile banking applications and transactions, including biometric authentication and fraud detection.

Mobile Forensics

The science of recovering digital evidence from mobile devices under forensically sound conditions for legal proceedings.

MIME Sniffing Attack

An attack exploiting browser content type sniffing behavior to execute malicious content uploaded with innocent file extensions.

Microsegmentation Policy

Fine-grained security policies applied at the workload level to control east-west traffic between individual applications.

A lightweight first-stage malware designed to download and execute heavier payloads from command-and-control infrastructure.

A malicious document containing embedded macros that download and execute malware when the user enables macro execution.

Mean Time to Contain. A metric measuring the average time from threat detection to successful containment of the security incident.

ML Pipeline Security

Security practices for protecting the end-to-end machine learning development pipeline from data collection through model deployment.

Model Monitoring

Continuous observation of deployed machine learning models for performance degradation, data drift, and adversarial manipulation.

Machine Identity

Digital credentials used to authenticate non-human entities like servers, applications, and IoT devices.

Malware Forensics

The detailed examination of malware samples to determine functionality, origin, communication patterns, and potential remediation steps.

Mobile Device Forensics

Specialized forensic techniques for extracting and analyzing evidence from smartphones, tablets, and wearable devices.

Mobile Code Injection

Attacks that inject malicious code into mobile applications at runtime through hooking frameworks, debugging, or memory manipulation.

Mobile API Security

Security measures protecting the backend APIs that mobile applications communicate with, including certificate pinning and token management.

Mobile Biometric Bypass

Techniques for circumventing biometric authentication on mobile devices including fingerprint spoofing and face mask attacks.

Mobile Certificate Pinning

An implementation that associates a host with its expected certificate to prevent man-in-the-middle attacks on mobile traffic.

Mobile Device Encryption

Full-device encryption on smartphones and tablets that protects all stored data if the device is lost or stolen.

Malware Staging

The process of preparing and positioning malware payloads on infrastructure before deploying them against targets.

Mean Time to Acknowledge. A metric measuring the average time between an alert firing and an analyst beginning investigation.

Multi-Tenant Security

Security controls ensuring data isolation and access separation between different customers sharing the same cloud infrastructure.

N

Network Access Control. A security approach that enforces policies on devices seeking to access network resources, verifying compliance before granting access.

Network Segmentation

The practice of dividing a computer network into smaller subnetworks to improve security by limiting lateral movement and containing breaches.

Network Address Translation. A method of modifying network address information in IP packet headers while in transit, commonly used to map private addresses to public ones.

Network Forensics

The capture, recording, and analysis of network traffic to investigate security incidents, policy violations, and criminal activity.

A network protocol developed by Cisco for collecting IP traffic information and monitoring network flow, widely used for network traffic analysis and security monitoring.

Number used once. A random or pseudo-random value used in cryptographic communications to prevent replay attacks and ensure that old communications cannot be reused.

An attack that captures NTLM authentication attempts and relays them to another server, allowing the attacker to authenticate as the victim on the target system.

Network Mapper. An open-source tool used for network discovery and security auditing, capable of host discovery, port scanning, service detection, and OS fingerprinting.

An open-source web server scanner that performs comprehensive tests against web servers for multiple known vulnerabilities, misconfigurations, and outdated software.

National Institute of Standards and Technology. A US agency that develops cybersecurity standards, guidelines, and best practices for federal and private sector organizations.

NIST Cybersecurity Framework. A voluntary framework providing guidance for managing and reducing cybersecurity risk based on existing standards and best practices.

A hardware device inserted at a specific point in a network to monitor traffic in real time, providing a copy of network data for analysis and security monitoring.

Network Time Protocol. A protocol for synchronizing clocks of computer systems over packet-switched networks, critical for accurate security log timestamps.

North-South Traffic

Network traffic that flows between a data center and external networks, typically passing through perimeter security controls.

Network Topology

The arrangement of nodes and connections in a computer network, including physical and logical layouts that affect security posture.

Access Control List. A set of rules applied to network interfaces that filter traffic based on source and destination addresses, ports, and protocols.

Next-Generation Firewall

An advanced firewall that combines traditional firewall capabilities with application awareness, intrusion prevention, and cloud-delivered threat intelligence.

Network Pivoting

A technique where an attacker uses a compromised system as a relay point to access other systems on the same network that are not directly accessible.

NT LAN Manager. A suite of Microsoft security protocols for authentication, integrity, and confidentiality, largely superseded by Kerberos but still present in legacy systems.

NIST Cybersecurity Framework

A voluntary framework developed by NIST that provides guidelines for managing and reducing cybersecurity risk based on existing standards.

Network and Information Security Directive 2. An EU directive that establishes cybersecurity requirements for essential and important entities across member states.

Attacks targeting Near Field Communication technology, including eavesdropping, data manipulation, and relay attacks on contactless payments and access cards.

A security principle where access to information is restricted to individuals who require it to perform their specific duties or roles.

NTP Amplification

A DDoS attack leveraging Network Time Protocol servers to amplify traffic directed at a target using the monlist command.

Network Telescope

A large block of unused IP addresses monitored to observe unsolicited traffic patterns, scanning activity, and malware propagation.

Network Enumeration

The process of systematically identifying and cataloging hosts, services, and resources on a target network during reconnaissance.

Nation-State Actor

A government-sponsored threat actor that conducts cyber operations to advance national interests including espionage and sabotage.

Network Detection and Response. A security solution that monitors network traffic in real time to detect threats, investigate incidents, and automate responses.

Network Behavior Analysis

Security technology that monitors network traffic patterns to detect anomalies indicative of threats, policy violations, or operational issues.

Network Isolation

The practice of separating critical systems from general network access to reduce the attack surface and contain potential breaches.

Network Deception

Security techniques that deploy decoy systems, services, and data to mislead attackers and detect intrusion attempts.

Null Byte Injection

An attack using null byte characters to truncate strings in web applications, bypassing file extension checks and other validations.

NoSQL Injection

An attack targeting NoSQL databases through injection of malicious queries, exploiting the query language of databases like MongoDB.

Neural Network Trojan

A backdoor embedded in a neural network model during training that activates when specific trigger patterns are present in the input.

Security considerations for Network Function Virtualization where network services run as software on commodity hardware.

Network Sandbox

An isolated network environment used to safely detonate and analyze suspicious files and URLs without risking production systems.

Network Access Broker

Cybercriminals who specialize in gaining unauthorized access to corporate networks and selling that access to other threat actors.

Self-replicating malware that spreads across networks by exploiting vulnerabilities in network services without requiring user interaction.

A catalog of security and privacy controls for federal information systems, providing comprehensive security requirements.

Security requirements for protecting controlled unclassified information in nonfederal systems and organizations.

Network-based Intrusion Detection System. An IDS deployed at strategic network points to monitor all traffic flowing through that segment.

Network Access Control

Security technology that enforces endpoint compliance policies before allowing devices to connect to the network.

Network Quarantine

The automatic isolation of non-compliant or infected devices into a restricted network segment until remediated.

The rapid assessment of network security incidents to determine scope, severity, and priority of response actions.

Network Packet Broker

A device that aggregates, filters, and distributes network traffic from TAPs and SPAN ports to monitoring tools.

NetBIOS Enumeration

The process of gathering information from Windows networks using NetBIOS name resolution and session queries.

Network Implant

A covert device or software placed on a target network during a penetration test to provide persistent access.

Neural Backdoor

A hidden vulnerability implanted in a neural network during training that causes targeted misclassification when a specific trigger is present.

Network Monitoring Tool

Software that continuously watches network traffic and device status to detect performance issues and security anomalies.

Network Baseline

A documented snapshot of normal network behavior including traffic patterns and performance metrics used for anomaly detection.

Natural Language Attack

Using carefully crafted text to manipulate AI systems that process natural language, including prompt injection and jailbreaking.

Network Visibility

The ability to see and understand all traffic, devices, and activities across a network for security monitoring.

O

Open Web Application Security Project. A nonprofit organization that produces freely available methodologies, tools, and documentation for web application security.

A regularly updated report outlining the ten most critical web application security risks, serving as a standard awareness document for developers and security professionals.

A vulnerability where a web application redirects users to an attacker-controlled URL, commonly exploited in phishing attacks to make malicious links appear legitimate.

An open authorization framework that allows third-party applications to access user resources without exposing credentials, widely used for social login and API authorization.

OAuth Token Theft

An attack where OAuth access tokens or refresh tokens are stolen through vulnerabilities, enabling unauthorized access to protected resources and APIs.

Open Source Intelligence. The collection and analysis of publicly available information from sources like social media, websites, and public records for security assessment.

Operational Technology security. The practice of protecting hardware and software that monitors and controls physical devices and processes in industrial environments.

OWASP Mobile Top 10

A list of the ten most critical security risks facing mobile applications, maintained by OWASP as a guide for mobile application developers.

Output Encoding

The practice of converting special characters in output data to their safe equivalents, preventing injection attacks like XSS when data is rendered in browsers.

Offensive Security Certified Professional. A hands-on penetration testing certification from Offensive Security requiring a 24-hour practical exam.

OSINT Reconnaissance

The process of gathering publicly available information about a target organization to support penetration testing, including domains, employees, and technologies.

A theoretically unbreakable encryption technique using a random key the same length as the message, used only once and then discarded.

OpenID Connect. An identity layer built on top of OAuth 2.0 that allows clients to verify user identity and obtain basic profile information.

Offensive Security Web Expert. An advanced certification focused on white-box web application penetration testing requiring source code analysis skills.

Offensive Security Experienced Penetration Tester. An advanced certification covering evasion techniques, custom exploits, and advanced lateral movement.

Online Certificate Status Protocol. A protocol for checking the revocation status of X.509 digital certificates in real time.

An open-source tool that exposes operating system information through SQL queries, enabling security monitoring and endpoint visibility.

An open-source VPN protocol that uses SSL/TLS for key exchange and supports multiple encryption algorithms and authentication methods.

Open Shortest Path First. An interior gateway routing protocol that uses link-state information to construct a topology map for optimal packet routing.

A mobile attack where a malicious app displays a fake interface on top of a legitimate app to steal credentials or intercept actions.

OAuth Misconfiguration

Security weaknesses in OAuth implementations including open redirectors, insecure token storage, and improper scope validation.

Offensive Security Exploit Developer. An advanced certification covering Windows exploit development including reverse engineering and shellcoding.

Objective-Based Penetration Testing

Testing focused on achieving specific business-impact objectives rather than finding all vulnerabilities.

Open Source Security Testing Methodology Manual. A comprehensive methodology for security testing covering all aspects of operational security.

OWASP API Security Top 10

A list of the most critical security risks to APIs, including broken object-level authorization, authentication failures, and excessive data exposure.

Origin Validation

The server-side practice of verifying the Origin header in HTTP requests to prevent cross-origin attacks.

Orphaned Account

A user account that remains active after the associated person has left the organization, creating a security risk.

Offensive Security Career Path

The professional progression from junior pentester through senior consultant, red team lead, and offensive security director.

Output Escaping

Converting special characters to their safe equivalents when rendering user data in HTML, JavaScript, or SQL contexts.

Security considerations when using Object-Relational Mapping frameworks, including injection risks and query optimization.

Oblivious Transfer

A cryptographic protocol where a sender transfers information to a receiver without knowing which pieces were received.

Open Source Security

Practices for managing security risks in open-source software including vulnerability monitoring and license compliance.

P

Packet Sniffing

The practice of intercepting and examining data packets as they travel across a network, used both for legitimate network analysis and malicious eavesdropping.

The process of sending packets to specific ports on a host to determine which services are running and potentially vulnerable, a common reconnaissance technique.

An intermediary server that acts as a gateway between a user and the internet, providing additional security, privacy, and content filtering capabilities.

A network scanning technique that sends ICMP echo requests to a range of IP addresses to determine which hosts are alive and reachable on a network.

Packet Filtering

A firewall technique that examines each packet passing through and accepts or rejects it based on predefined rules such as source/destination IP, port, and protocol.

A vulnerability that allows attackers to access files and directories outside the intended directory by manipulating file path references with sequences like ../ in user input.

A secret value added to passwords before hashing, stored separately from the hash and salt, providing an additional layer of protection if the password database is compromised.

The publicly shared component of an asymmetric key pair, used to encrypt data that only the corresponding private key can decrypt, or to verify digital signatures.

The secretly held component of an asymmetric key pair, used to decrypt data encrypted with the corresponding public key or to create digital signatures.

Public Key Infrastructure. The framework of policies, hardware, software, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates.

Pretty Good Privacy. An encryption program that provides cryptographic privacy and authentication for data communication, commonly used for email encryption and file signing.

Post-Quantum Cryptography

Cryptographic algorithms designed to be secure against attacks by both classical and quantum computers, preparing for the era of quantum computing threats.

The component of malware that performs the malicious action, such as encrypting files, establishing backdoors, or exfiltrating data after successful exploitation.

Polymorphic Malware

Malware that constantly changes its identifiable features such as code patterns and encryption keys to evade detection by signature-based security tools.

A social engineering attack that uses deceptive emails, messages, or websites to trick individuals into revealing sensitive information or installing malware.

Privilege Escalation

The act of exploiting a vulnerability or misconfiguration to gain higher-level permissions than originally granted, either vertically or horizontally.

Password Spraying

An attack technique that tries a small number of commonly used passwords against many accounts simultaneously to avoid account lockout thresholds.

An attack technique where an attacker captures a password hash and uses it directly to authenticate without needing to crack or know the actual password.

Passwordless Authentication

Authentication methods that eliminate traditional passwords, using alternatives like biometrics, hardware security keys, magic links, or push notifications.

Privileged Access Management. A cybersecurity strategy for controlling and monitoring access to critical systems by privileged users and accounts.

Penetration Testing

An authorized simulated cyberattack performed to evaluate the security of a system, identifying vulnerabilities that could be exploited by real attackers.

A collaborative approach where red and blue teams work together, with the red team sharing attack techniques and the blue team improving defenses in real time.

Post-Exploitation

Activities performed after gaining initial access to a system, including privilege escalation, persistence establishment, lateral movement, and data exfiltration.

Techniques used by attackers to maintain access to a compromised system across reboots, password changes, and other disruptions.

A technique where an attacker uses a compromised system as a stepping stone to reach other systems on the internal network that are not directly accessible.

A social engineering technique where an attacker creates a fabricated scenario to engage a victim and trick them into providing information or performing actions.

Platform as a Service. A cloud computing model that provides a platform for developing and deploying applications without managing the underlying infrastructure.

Payment Card Industry Data Security Standard. A set of security standards designed to ensure that all companies processing credit card information maintain a secure environment.

Patch Management

The systematic process of identifying, acquiring, testing, and installing software updates and patches to fix known vulnerabilities and improve security.

Personally Identifiable Information. Any data that can be used to identify a specific individual, such as name, SSN, email address, or biometric records.

Protected Health Information. Any health-related information that can be linked to a specific individual, protected under HIPAA regulations.

Privacy by Design

An approach to systems engineering that considers privacy throughout the entire development process rather than as an afterthought.

Privacy Impact Assessment

A systematic process for evaluating the potential effects that a project or system may have on the privacy of individuals.

A method for cracking WPA/WPA2 passwords that captures the Pairwise Master Key Identifier from a single frame without requiring a full handshake capture.

Parameterized Queries

A database query technique that separates SQL code from data values, preventing SQL injection by ensuring user input is treated as data rather than executable code.

Prompt Injection

An attack against AI language models where malicious instructions are embedded in input to override the model intended behavior or extract sensitive data.

The informal name for the second Tuesday of each month when Microsoft releases security updates, widely used as a patching schedule benchmark.

Penetration Test Report

A document detailing the findings, methodologies, and recommendations from a penetration test, including severity ratings and remediation guidance.

Phishing Simulation

A controlled exercise where simulated phishing emails are sent to employees to assess their ability to recognize and report social engineering attacks.

A comprehensive document outlining response strategies and procedures for various security scenarios, often automated through SOAR platforms.

A Linux distribution designed for security, privacy, and development, offering a lightweight alternative to Kali Linux with similar penetration testing tools.

Physical Security

Measures designed to protect personnel, hardware, software, networks, and data from physical actions and events that could cause serious loss or damage.

Physical Penetration Testing

A security assessment that tests physical security controls by attempting to gain unauthorized access to facilities through social engineering and bypass techniques.

Post Office Protocol version 3. An email retrieval protocol that downloads messages from a server to a local client, typically removing them from the server.

Process Hollowing

A code injection technique where a legitimate process is created in a suspended state, its memory is replaced with malicious code, and then resumed.

PowerShell Empire

A post-exploitation framework that provides a pure PowerShell agent for offensive security operations, including credential gathering and lateral movement.

Penetration Tester

A cybersecurity professional who performs authorized simulated attacks on systems and applications to identify security vulnerabilities.

Prototype Pollution

A JavaScript vulnerability where an attacker can modify the prototype of a base object, potentially leading to property injection and remote code execution.

Persistence Mechanism

A technique used by attackers or testers to maintain access to a compromised system across reboots, updates, and credential changes.

Pass the Ticket

An attack that uses stolen Kerberos tickets to authenticate to services, bypassing the need for credentials.

Password-Based Key Derivation Function 2. An algorithm that applies a pseudorandom function to a password with a salt, iterating many times to slow down brute-force attacks.

Perfect Forward Secrecy

A cryptographic property ensuring that session keys will not be compromised even if the server's private key is compromised in the future.

A passwordless authentication credential based on FIDO2 standards, using public-key cryptography and stored securely on the user's device.

Privileged Access Control. Security measures specifically designed to manage, monitor, and audit access by users with elevated privileges.

Penetration Testing Compliance

Regulatory requirements for periodic penetration testing, mandated by standards like PCI DSS, HIPAA, and various industry frameworks.

Pseudonymization

The processing of personal data so that it can no longer be attributed to a specific individual without the use of additional information kept separately.

Privacy-Enhancing Technology

Technologies designed to protect personal privacy, including encryption, anonymization, secure computation, and privacy-preserving analytics.

Power Analysis Attack

A side-channel attack that analyzes the power consumption patterns of a device during cryptographic operations to extract secret keys.

Programmable Logic Controller. An industrial computer used to control manufacturing processes, which can be targeted to disrupt physical operations.

A physical security breach where an authorized person knowingly allows an unauthorized person to enter a secured area, unlike tailgating which is covert.

Perimeter Security

Physical security measures designed to prevent unauthorized access to the boundary of a facility, including fences, barriers, and detection systems.

Penetration Testing Career Path

The professional progression in penetration testing from junior tester through senior consultant, team lead, and security architect.

Penetration Test Report

A detailed document presenting the findings, methodologies, and recommendations from a penetration testing engagement.

Packet Crafting

The creation of custom network packets with specific header values and payloads for testing network security controls and responses.

Passive Reconnaissance

Information gathering about a target without directly interacting with their systems, using public sources and third-party data.

Passwordless Authentication

Authentication methods that verify identity without traditional passwords, using biometrics, hardware tokens, or cryptographic keys instead.

A collaborative cybersecurity approach where red team attackers and blue team defenders work together in real time to improve detection and response.

Privacy-Preserving Computation

Technologies that enable data analysis while keeping the underlying data confidential, including secure multi-party computation and homomorphic encryption.

Privacy Engineering

The systematic application of engineering practices to ensure that systems and products protect user privacy throughout their lifecycle.

Preventive Control

A security control designed to prevent security incidents from occurring, such as firewalls, access controls, and encryption.

Permission Abuse

Mobile malware that requests excessive permissions to access sensitive data and functionality beyond what is needed for its stated purpose.

Physical Keylogger

A hardware device placed between a keyboard and computer that records all keystrokes, often disguised as a USB adapter.

A method of externally opening ports on a firewall by making connection attempts to a sequence of closed ports in a specific order.

An NTLM relay attack that abuses the MS-EFSRPC protocol to coerce Windows domain controllers into authenticating to attacker-controlled servers.

Print Spooler Attack

Attacks exploiting the Windows Print Spooler service, including PrintNightmare, allowing remote code execution and privilege escalation.

An open-source super timeline tool that extracts timestamps from various sources to create comprehensive forensic timelines.

Defining and enforcing security policies through code, enabling automated validation and consistent application across infrastructure.

A specialized database designed to isolate and protect sensitive personal data, providing tokenization and access controls.

Physical Red Team

A team that simulates physical security threats including unauthorized building access, device theft, and social engineering of staff.

Practical Network Penetration Tester. A certification by TCM Security covering practical penetration testing skills including OSINT and Active Directory attacks.

Physical Social Engineering

In-person social engineering techniques used during penetration tests including impersonation, pretexting, and tailgating.

Penetration Test Scoping

The process of defining targets, methods, and boundaries for a penetration testing engagement to ensure appropriate coverage.

Payload Obfuscation

Techniques for disguising malicious payloads to evade signature-based detection, including encoding, encryption, and polymorphism.

Process Injection

A technique where malicious code is inserted into the address space of a legitimate running process to evade detection.

Phishing-Resistant MFA

Multi-factor authentication methods that cannot be intercepted or replayed through phishing attacks, such as FIDO2 and hardware tokens.

Penetration Testing Automation

Tools and frameworks that automate portions of the penetration testing process, from reconnaissance to exploitation.

A framework for transatlantic data transfers between the EU and US, replaced by the EU-US Data Privacy Framework.

Penetration Testing Execution Standard. A framework defining the methodology and phases for conducting professional penetration tests.

An attack that extracts the system prompt or hidden instructions from an AI chatbot through carefully crafted queries.

Privileged Identity Management

The management and monitoring of accounts with elevated access rights to prevent misuse and detect compromised privileged credentials.

Protocol Analysis

The detailed examination of network protocol behavior to identify anomalies, misconfigurations, and potential security issues.

Permissions Policy

An HTTP header that allows websites to control which browser features and APIs can be used, reducing the attack surface.

Purple Team Exercise

A collaborative security exercise where red and blue teams work together in real-time to test and improve detection capabilities.

A series of proxy servers used to route traffic through multiple hops, increasing anonymity during penetration testing.

A tool that compresses and encrypts executable files to change their signature and evade antivirus detection.

PowerShell Attack

Attacks leveraging Windows PowerShell for execution, download, and lateral movement while evading traditional file-based detection.

Policy-Based Access Control

Access control that uses centrally managed policies to determine authorization, enabling consistent enforcement across systems.

Password Policy

Organizational rules governing password creation, complexity, rotation, and handling to reduce credential-based attacks.

Physical Social Engineering

In-person manipulation techniques including impersonation, pretexting, and building rapport to bypass physical security controls.

Physical Security Assessment

A comprehensive evaluation of an organization physical security controls including access points, surveillance, and guard procedures.

A switch feature that limits the number of MAC addresses allowed on a port to prevent MAC flooding and unauthorized connections.

A VLAN configuration that restricts communication between ports in the same VLAN, providing host isolation within a broadcast domain.

Parameterized Query

A database query technique that separates SQL code from data values, preventing SQL injection by treating input as data only.

Payload Delivery

The mechanism used to transport and deploy malicious code to a target system, including email attachments, web downloads, and USB drives.

Q

Quantum Cryptography

Cryptographic systems that leverage quantum mechanical properties to secure communication, theoretically immune to computational attacks including quantum computing.

Quantum Computing Threat

The potential for quantum computers to break current encryption algorithms, particularly RSA and ECC, threatening the security of encrypted data.

Quick UDP Internet Connections. A transport protocol developed by Google that provides multiplexed connections over UDP with built-in TLS 1.3 encryption.

QR Code Phishing

Phishing attacks that use QR codes to direct victims to malicious websites, bypassing traditional email security link scanning.

R

A type of XSS where the malicious script is reflected off a web server via URL parameters or form submissions and immediately returned to the user.

Remote Code Execution. A critical vulnerability that allows an attacker to execute arbitrary code on a target system remotely, typically leading to full system compromise.

Remote File Inclusion. A vulnerability that allows an attacker to include remote files through the web application, potentially executing malicious code hosted on external servers.

Rivest-Shamir-Adleman. An asymmetric cryptographic algorithm widely used for secure data transmission, based on the mathematical difficulty of factoring large prime numbers.

A precomputed table of hash values for common passwords and their corresponding plaintext, used to crack password hashes by performing reverse lookups.

Malware that encrypts victim files or locks system access, demanding payment in cryptocurrency for the decryption key or restoration of access.

A collection of malicious tools that provides continued privileged access to a computer while actively hiding its presence from users and security software.

Remote Access Trojan. Malware that gives an attacker remote control over an infected system, enabling file access, screen capture, webcam activation, and command execution.

Ransomware-as-a-Service

A cybercrime business model where ransomware developers lease their malware to affiliates who carry out attacks, sharing the ransom payments.

Role-Based Access Control. An access control method that assigns permissions to roles rather than individual users, simplifying management of user privileges.

An independent security team that simulates real-world attacks against an organization to test its defensive capabilities and identify security weaknesses.

The initial phase of penetration testing where information about the target is gathered through passive and active techniques to identify potential attack vectors.

A network tool that poisons LLMNR, NBT-NS, and MDNS responses to capture authentication hashes on local networks for offline cracking.

Rules of Engagement

The formal document that defines the scope, methods, timing, and constraints of a penetration test, establishing legal and operational boundaries.

The incident response phase focused on restoring affected systems and services to normal operation while implementing additional monitoring to prevent recurrence.

Risk Assessment

The process of identifying, analyzing, and evaluating cybersecurity risks to determine their potential impact and likelihood of occurrence.

Responsible Disclosure

A vulnerability disclosure model where the discoverer reports the vulnerability privately to the vendor and allows a reasonable time for a fix before public disclosure.

Right to be Forgotten

A legal concept giving individuals the right to request deletion of their personal data from databases and search engine results.

The process of copying data from one RFID tag to another, potentially enabling unauthorized access to buildings or payment systems.

The process of gaining root access on Android devices, providing administrative control but potentially exposing the device to security risks.

Rogue Access Point

An unauthorized wireless access point connected to a network, potentially installed by an attacker to intercept traffic or gain network access.

Remote Authentication Dial-In User Service. A networking protocol providing centralized authentication, authorization, and accounting for network access.

Runtime Application Self-Protection. A security technology that runs within an application to detect and block attacks in real time by analyzing application behavior.

A cryptocurrency scam where developers abandon a project and steal investor funds after artificially inflating the value of a token or NFT.

Red Team Exercise

A comprehensive security assessment where skilled attackers simulate a real-world adversary to test an organization detection and response capabilities.

A documented set of procedures for responding to specific types of security incidents, providing step-by-step guidance for security operations teams.

Remote Desktop Protocol. A Microsoft protocol that allows users to remotely access and control Windows computers, frequently targeted in brute-force and ransomware attacks.

A shell session established from the target machine back to the attacker machine, bypassing firewall restrictions that block incoming connections.

A vulnerability that occurs when the outcome of a process depends on the timing of events, allowing attackers to exploit the gap between check and use operations.

Reverse Engineering

The process of analyzing software or hardware to understand its design, architecture, and functionality, commonly used in malware analysis and vulnerability research.

An asymmetric cryptographic algorithm that uses the mathematical difficulty of factoring large prime numbers to secure data transmission and digital signatures.

A document that lists identified risks, their severity, likelihood, and planned mitigations, used to track and manage an organization's risk posture.

A USB device that emulates a keyboard when plugged in, rapidly executing pre-programmed keystroke sequences to compromise systems.

Red Team Infrastructure

The technical infrastructure used by red teams during engagements, including C2 servers, redirectors, phishing domains, and payload hosting.

Right to Access

The legal right of individuals to obtain confirmation of whether their personal data is being processed and to access that data.

A technique that controls the number of requests a user can make to an API or service within a specified time period, preventing abuse and denial-of-service attacks.

An attack targeting Retrieval-Augmented Generation systems by injecting malicious content into the knowledge base that the AI retrieves and trusts.

RFID Access Control

A physical access control system using radio frequency identification technology to grant or deny entry based on credential proximity.

Request Forgery

A category of attacks where an attacker induces a system to make requests to unintended locations, including both SSRF and CSRF variants.

An asymmetric encryption algorithm using large prime number factoring for key generation, widely used for secure data transmission.

Rootkit Detection

Techniques and tools used to identify rootkits on compromised systems, including memory analysis, integrity checking, and behavioral detection.

Ransomware Response

Specialized incident response procedures for handling ransomware attacks, including containment, negotiation considerations, and recovery strategies.

Recovery Time Objective. The maximum acceptable time between a disruption and the restoration of a business process to an acceptable service level.

Recovery Point Objective. The maximum acceptable amount of data loss measured in time, determining how frequently backups must be performed.

The level of risk remaining after security controls have been applied, representing the gap between total risk and mitigated risk.

The amount and type of risk an organization is willing to accept in pursuit of its objectives.

A server that sits in front of web servers and forwards client requests to the appropriate backend, providing security and load balancing.

Regular Expression Denial of Service. An attack exploiting poorly written regex patterns that cause catastrophic backtracking and excessive CPU usage.

Responder Attack

Using the Responder tool to capture authentication credentials by poisoning LLMNR, NBT-NS, and MDNS responses on a local network.

A Linux distribution designed for reverse-engineering malware, providing pre-installed tools for static and dynamic analysis.

An open-source reverse engineering framework providing disassembly, debugging, analysis, and patching of binary files.

Runtime Protection

Security measures that protect applications during execution, detecting and blocking exploitation attempts in real time.

The examination of radio frequency signals to identify, characterize, and potentially exploit wireless communications and devices.

Red Team Operations

Comprehensive adversary simulation engagements that test an organization entire security posture including people, processes, and technology.

Reflective DLL Injection

A technique that loads a DLL directly from memory without using the Windows loader, avoiding detection by security tools.

Return-Oriented Programming chain. An exploitation technique that chains together small instruction sequences from existing code to execute arbitrary operations.

Race Condition Exploit

Exploiting the timing gap between a security check and the use of a resource to gain unauthorized access.

A digital signature that can be performed by any member of a group, providing anonymity as the actual signer is indistinguishable.

Risk-Based Authentication

An authentication approach that dynamically adjusts security requirements based on assessed risk from factors like location and behavior.

The practice of developing and deploying AI systems that are fair, transparent, accountable, and respectful of privacy.

Referrer Policy

An HTTP header that controls how much referrer information is sent with requests, preventing sensitive URL leakage.

Registry Persistence

Modifying Windows registry keys to ensure malware automatically executes during system startup or user login.

Recovery Procedure

Step-by-step instructions for restoring affected systems and data to normal operations after a security incident.

Root Cause Analysis

A systematic process for identifying the fundamental reason a security incident occurred, informing prevention measures.

Red Team Automation

Frameworks and tools that automate adversary simulation techniques for continuous security validation.

Remediation SLA

Service Level Agreements defining maximum time allowed to fix vulnerabilities based on their severity level.

Rogue AP Detection

The process of identifying unauthorized wireless access points connected to an organization network.

Rate Limit Bypass

Techniques attackers use to circumvent request rate limiting including distributed requests, header manipulation, and endpoint variation.

Regulatory Compliance

The adherence to laws, regulations, guidelines, and specifications relevant to an organization business operations and data handling.

Responsible Disclosure Policy

An organization published guidelines for security researchers to report vulnerabilities, including expected response times and safe harbor provisions.

S

A logical subdivision of an IP network that divides a larger network into smaller, more manageable segments for improved security and performance.

Secure Sockets Layer / Transport Layer Security. Cryptographic protocols that provide secure communication over a computer network, commonly used to encrypt web traffic.

Security Information and Event Management. A solution that aggregates and analyzes log data from across an organization to detect security threats and compliance violations in real time.

Security Operations Center. A centralized facility where a team of security professionals monitors, detects, analyzes, and responds to cybersecurity incidents around the clock.

Simple Network Management Protocol. A protocol for managing and monitoring network devices, which can be a security risk if improperly configured with default community strings.

A code injection technique that exploits vulnerabilities in web applications by inserting malicious SQL statements into input fields to manipulate backend databases.

A type of XSS where the malicious script is permanently stored on the target server and executed whenever a user loads the affected page.

Server-Side Request Forgery. A vulnerability where an attacker can make the server perform requests to unintended locations, potentially accessing internal services or cloud metadata.

Same-Origin Policy. A critical browser security concept that restricts how documents or scripts from one origin can interact with resources from another origin.

Session Hijacking

An attack where an adversary takes over a valid user session by stealing or predicting the session token, gaining unauthorized access to the user account.

Session Fixation

An attack that forces a user to use a session ID chosen by the attacker, allowing the attacker to hijack the session after the user authenticates.

Security Misconfiguration

A vulnerability resulting from insecure default configurations, incomplete setups, or overly permissive settings in applications, servers, or cloud services.

Server-Side Template Injection. A vulnerability that occurs when user input is embedded into server-side templates in an unsafe manner, potentially leading to remote code execution.

Subresource Integrity

A security feature that allows browsers to verify that fetched resources like scripts and stylesheets have not been tampered with by comparing cryptographic hashes.

Secure Hash Algorithm. A family of cryptographic hash functions that produces a fixed-size digest from variable-length input, used for data integrity verification and digital signatures.

Random data added to a password before hashing to ensure that identical passwords produce different hash values, protecting against rainbow table and precomputed hash attacks.

Symmetric Encryption

An encryption method where the same key is used for both encryption and decryption, offering fast processing but requiring secure key distribution.

A symmetric encryption algorithm that encrypts data one bit or byte at a time by combining plaintext with a pseudorandom keystream, suitable for real-time encryption.

The practice of hiding secret information within ordinary, non-secret data such as images, audio, or video files, concealing the very existence of the hidden message.

Malware that secretly monitors user activity, collecting personal information, browsing habits, and keystrokes without the user knowledge or consent.

A targeted phishing attack directed at specific individuals or organizations, using personalized content to increase the likelihood of success.

SMS phishing. A social engineering attack that uses text messages to trick recipients into clicking malicious links or providing personal information.

Supply Chain Attack

An attack that targets less-secure elements in the supply chain, such as third-party vendors or software dependencies, to compromise the ultimate target.

Single Sign-On. An authentication scheme that allows users to log in once and gain access to multiple connected systems without re-authenticating for each one.

Security Assertion Markup Language. An XML-based standard for exchanging authentication and authorization data between identity providers and service providers.

A forged Kerberos service ticket that provides unauthorized access to a specific service in an Active Directory environment without contacting the domain controller.

Social Engineering

The psychological manipulation of people into performing actions or divulging confidential information, exploiting human trust rather than technical vulnerabilities.

An open-source tool that automates the detection and exploitation of SQL injection vulnerabilities, supporting various database management systems and injection techniques.

A search engine that lets users find specific types of internet-connected devices and systems, revealing exposed services, default credentials, and vulnerable configurations.

The defined boundaries of a penetration test that specify which systems, networks, and attack methods are authorized, protecting both the tester and the organization.

Sandbox Analysis

The technique of executing suspicious files or code in an isolated virtual environment to observe their behavior without risking the production network.

Shared Responsibility Model

A framework defining the division of security responsibilities between cloud service providers and their customers based on the service model used.

Software as a Service. A cloud delivery model where applications are hosted by a provider and accessed by customers over the internet on a subscription basis.

Serverless Security

Security practices specific to serverless computing environments, addressing function-level vulnerabilities, permissions, and event injection attacks.

S3 Bucket Misconfiguration

A common cloud security issue where Amazon S3 storage buckets are accidentally left publicly accessible, exposing sensitive data to the internet.

System and Organization Controls 2. An auditing standard that evaluates an organization controls related to security, availability, processing integrity, and confidentiality.

Sarbanes-Oxley Act. US federal law establishing auditing and financial regulations for public companies, including requirements for IT security controls.

Security Policy

A formal document that defines an organization approach to managing and protecting its information assets, establishing rules and procedures for security.

Security by Design

An approach where security considerations are integrated into every phase of system development rather than being added as an afterthought.

Shift Left Security

The practice of integrating security testing and practices earlier in the software development lifecycle to catch vulnerabilities before they reach production.

A security mechanism that isolates running programs in a restricted environment to prevent them from affecting the broader system if they contain malicious code.

Security Awareness Training

Educational programs designed to teach employees about cybersecurity threats, safe practices, and their role in protecting organizational assets.

Security Orchestration

The coordination and automation of security tools and processes to streamline incident response and improve the efficiency of security operations.

Security Orchestration, Automation, and Response. Platforms that help organizations collect security threat data and automate responses to low-level security events.

Secure Access Service Edge. A cloud-delivered framework combining network security functions with WAN capabilities to support the dynamic secure access needs of organizations.

A security standard that ensures a device boots using only software trusted by the manufacturer, preventing rootkits from loading during startup.

Side-Channel Attack

An attack that exploits information gained from the physical implementation of a system, such as timing, power consumption, or electromagnetic emissions.

Security measures for Supervisory Control and Data Acquisition systems that control industrial processes in critical infrastructure like power grids and water treatment.

SMS Interception

The unauthorized capture of SMS messages in transit, often used to steal two-factor authentication codes or sensitive communications.

A social engineering attack where an attacker convinces a mobile carrier to transfer a victim phone number to a SIM card controlled by the attacker.

Sender Policy Framework. An email authentication protocol that allows domain owners to specify which mail servers are authorized to send email on their behalf.

Secure/Multipurpose Internet Mail Extensions. A standard for public key encryption and signing of email messages, providing confidentiality and authentication.

Static Application Security Testing. A method of analyzing application source code for security vulnerabilities without executing the program.

The practice of writing software code in a way that protects against the introduction of security vulnerabilities through input validation, error handling, and access controls.

Software Composition Analysis

The process of identifying open-source components in a codebase and detecting known vulnerabilities, license compliance issues, and outdated dependencies.

Security Champion

A developer or team member who acts as a security advocate within their team, promoting secure coding practices and bridging the gap between development and security.

Secure Software Development Lifecycle. An approach that integrates security activities and best practices into every phase of software development from design to deployment.

Synthetic Identity Fraud

A type of fraud where attackers combine real and fake personal information to create new identities for financial crimes and account creation.

Smart Contract Vulnerability

Security flaws in self-executing blockchain contracts that can be exploited to drain funds, manipulate outcomes, or cause unintended contract behavior.

Security Baseline

A minimum set of security controls and configurations established as the foundation for system hardening and compliance across an organization.

Security Metrics

Quantitative measurements used to evaluate the effectiveness of security controls and programs, such as mean time to detect and mean time to respond.

Security Awareness

The knowledge and understanding that members of an organization have regarding cybersecurity threats and their role in protecting organizational assets.

Security Automation

The use of technology to perform repetitive security tasks automatically, improving efficiency and reducing human error in security operations.

Secure Deletion

The process of permanently destroying data on storage media so it cannot be recovered, using techniques like overwriting, degaussing, or physical destruction.

SQL Audit Trail

A chronological record of database activities including queries, modifications, and access attempts, essential for security monitoring and compliance.

Shoulder Surfing

A social engineering technique where an attacker observes a victim entering sensitive information by looking over their shoulder or using remote viewing.

Social Engineering Toolkit

A collection of tools and techniques used for social engineering attacks, including the popular SET framework for penetration testing.

SSH File Transfer Protocol. A secure file transfer protocol that provides file access, transfer, and management over a reliable data stream using SSH encryption.

Secure Shell. A cryptographic network protocol for operating network services securely over an unsecured network, commonly used for remote server administration.

Simple Mail Transfer Protocol. The standard protocol for sending email messages between servers, operating on port 25 or 587 with optional TLS encryption.

Session Initiation Protocol. A signaling protocol used for initiating and managing voice and video communication sessions over IP networks.

Server Message Block. A network file sharing protocol that allows applications to read, write, and request services from server programs, historically vulnerable to exploits like EternalBlue.

A cybersecurity professional who monitors and analyzes security events in a Security Operations Center, detecting and responding to threats.

Security Architect

A senior cybersecurity role responsible for designing, building, and maintaining the security infrastructure and policies of an organization.

Software-Defined Networking. An approach to network management that enables programmatic control of network behavior, improving agility and security policy enforcement.

A sampling technology for monitoring traffic in data networks, providing real-time visibility into network utilization and performance.

Stateful Firewall

A firewall that monitors the state of active connections and makes decisions based on the context of traffic rather than just individual packets.

The process of intercepting and decrypting SSL/TLS encrypted traffic for inspection before re-encrypting and forwarding it, used by security devices to detect threats.

Subdomain Takeover

A vulnerability where an attacker gains control over a subdomain that points to an expired or unclaimed service, allowing them to serve malicious content.

The uncontrolled expansion of penetration testing activities beyond the originally agreed-upon scope, potentially causing unintended damage.

Sandbox Evasion

Techniques used by malware to detect when it is running in a sandbox environment and alter its behavior to avoid analysis and detection.

Secure Hash Algorithm 256-bit. A cryptographic hash function that produces a fixed 256-bit output, widely used for data integrity verification and digital signatures.

S3 Bucket Exposure

A common cloud security issue where Amazon S3 storage buckets are configured with public access, potentially exposing sensitive data.

Security measures for Software as a Service applications, including data protection, access control, and monitoring of third-party cloud services.

Secrets Management

The practice of securely storing, distributing, and rotating sensitive configuration data like API keys, passwords, and certificates in cloud environments.

Security Monitoring

The continuous observation and analysis of an organization's IT environment to detect suspicious activities, threats, and policy violations.

The process of detecting hidden information in files, images, or communications that have been concealed using steganographic techniques.

Service Organization Control 2. An auditing procedure that ensures service providers securely manage data to protect the interests and privacy of their clients.

A systematic evaluation of an organization's security policies, procedures, and controls to assess compliance and identify weaknesses.

Software Composition Analysis. A process that identifies open-source components in a codebase and checks them for known vulnerabilities and license compliance.

Software Bill of Materials. A comprehensive inventory of all components, libraries, and dependencies used in a software application, essential for supply chain security.

Synthetic Identity Attack

Using AI-generated personas including fake photos, voices, and backstories to conduct social engineering, fraud, or disinformation campaigns.

Serial Peripheral Interface Flash memory used in embedded systems to store firmware, which can be read and written with specialized tools for analysis.

SSL Pinning Bypass

A technique used in mobile security testing to intercept HTTPS traffic by bypassing certificate pinning mechanisms in mobile applications.

A class of critical Android vulnerabilities in the media playback engine that could allow remote code execution through crafted multimedia messages.

Spectrum Analysis

The examination of radio frequency signals in an area to identify wireless devices, interference sources, and potential security threats.

Software that identifies and blocks unwanted email messages before they reach the user's inbox, using rules, machine learning, and reputation systems.

Spear Phishing Detection

Security techniques that identify targeted phishing emails through analysis of sender reputation, content patterns, and behavioral anomalies.

A trained professional responsible for protecting people and property by maintaining a visible presence and monitoring for security threats.

Secure Destruction

The process of permanently destroying physical media and documents to prevent data recovery, including shredding, degaussing, and incineration.

A fortified room within a building designed to provide protection during emergencies, including physical attacks and natural disasters.

Security Convergence

The integration of physical security and cybersecurity practices into a unified security program, addressing the interconnected nature of modern threats.

Social Engineering Defense

Physical and procedural countermeasures against social engineering attacks, including security awareness training and verification protocols.

Security Analyst

A cybersecurity professional who monitors security systems, analyzes threats, investigates incidents, and recommends improvements to security posture.

Secure File Transfer

Protocols and systems for transferring files securely between parties, including SFTP, SCP, and managed file transfer solutions.

A standard for message logging that allows separation of the software that generates messages from the system that stores and reports them.

Separation of Duties

A security principle that distributes critical tasks among multiple people to prevent fraud and errors, requiring collusion to compromise the system.

Security Posture

The overall strength of an organization's cybersecurity defenses, including policies, tools, training, and incident response capabilities.

A denial-of-service attack that exploits the TCP handshake by sending numerous SYN requests without completing the connection, exhausting server resources.

An attack targeting the Spanning Tree Protocol to manipulate network topology, potentially enabling traffic interception.

Second-Order SQL Injection

A SQL injection attack where malicious input is stored in the database and executed later when used in a different query context.

Server-Side Include Injection. An attack that exploits server-side include directives to execute commands or include unauthorized files.

Session Puzzling

An attack that exploits session variable overloading, where the same session variable serves different purposes in different application contexts.

Stealer Malware

Specialized malware designed to harvest stored credentials, cookies, cryptocurrency wallets, and other sensitive data from infected systems.

Security Data Lake

A centralized repository that stores security-related data from multiple sources at scale for advanced analytics and threat detection.

A generic signature format for SIEM systems that allows writing detection rules once and converting them to various SIEM query languages.

Detection rules for the Snort intrusion detection system that define traffic patterns to alert on or block.

An open-source network threat detection engine capable of real-time intrusion detection, inline intrusion prevention, and network security monitoring.

Security Chaos Engineering

The practice of intentionally introducing security failures in controlled conditions to test and improve an organization's security resilience.

Security Framework

A structured set of guidelines and best practices for managing cybersecurity risk, such as NIST CSF, ISO 27001, or CIS Controls.

Supply Chain Risk Management

The process of identifying, assessing, and mitigating risks associated with third-party vendors, suppliers, and service providers.

SIM Swap Attack

A social engineering attack targeting mobile carriers to transfer a victim phone number to an attacker-controlled SIM card.

Smart Card Attack

Attacks targeting smart card security including side-channel analysis, fault injection, and protocol-level vulnerabilities.

Information technology systems and solutions built and used inside organizations without explicit organizational approval, creating security blind spots.

Secrets Scanning

Automated detection of sensitive information like API keys, passwords, and tokens accidentally committed to source code repositories.

Security Header

HTTP response headers that provide security controls in web browsers, including HSTS, X-Content-Type-Options, and X-Frame-Options.

Shamir Secret Sharing

A cryptographic algorithm that divides a secret into parts distributed among participants, requiring a threshold number of parts to reconstruct.

Secure Data Deduplication

Eliminating duplicate copies of data while maintaining security controls, reducing storage costs without compromising data protection.

The accumulation of security issues and deferred fixes over time, similar to technical debt, which increases risk exposure.

Security Control

A safeguard or countermeasure designed to protect the confidentiality, integrity, and availability of information systems and data.

Security Clearance

Government-granted authorization to access classified information, required for many cybersecurity roles in defense and intelligence.

A general-purpose proxy protocol that routes network packets between a client and server through a proxy, supporting any type of traffic.

Site-to-Site VPN

A VPN connection that connects two networks together over the internet, commonly used to link branch offices to a corporate network.

A virtual private network that uses SSL/TLS protocols to provide secure remote access through a web browser without specialized client software.

A payload delivered in stages where a small initial component downloads the full exploit code, reducing detection probability.

Stageless Payload

A self-contained payload that includes all exploit code in a single package, requiring only one network connection.

Supply Chain Malware

Malware distributed through compromised software supply chains, infecting legitimate update mechanisms to reach many targets simultaneously.

Structured Threat Information eXpression. A standardized language for representing cyber threat intelligence in a machine-readable format.

A platform for searching, monitoring, and analyzing machine-generated big data, widely used as a SIEM for security operations.

An autonomous AI-powered endpoint security platform that provides prevention, detection, and response capabilities.

The use of automated tools and workflows to handle repetitive security operations tasks, improving efficiency and response time.

Sarbanes-Oxley Act compliance requirements for financial reporting, including IT controls for data integrity and access management.

A cybersecurity compliance framework specifically for cloud service providers working with state and local governments.

Service Mesh Security

Security capabilities provided by service mesh technologies like Istio, including mutual TLS, policy enforcement, and observability.

Self-Sovereign Identity

A digital identity model giving individuals full ownership and control over their identity data without relying on centralized authorities.

Software Supply Chain Security

Protecting the integrity of software from development through delivery, addressing risks in dependencies, build systems, and distribution.

An open-source project that provides tools for signing, verifying, and protecting software supply chain artifacts using ephemeral keys.

Supply-chain Levels for Software Artifacts. A security framework for ensuring the integrity of software artifacts throughout the supply chain.

Security Linting

Static analysis tools that scan source code for security anti-patterns, vulnerable function calls, and configuration issues during development.

Security Chaos Engineering

Deliberately introducing security failures in controlled environments to validate detection capabilities and incident response.

Artificially generated data that preserves the statistical properties of real data while eliminating privacy risks from actual records.

Security Culture

The collective attitudes, beliefs, and behaviors of an organization regarding cybersecurity, shaped by leadership and training.

Security Gamification

The application of game mechanics to cybersecurity training and awareness programs to increase engagement and knowledge retention.

Security Hackathon

A collaborative event where security professionals work together to solve challenges, find vulnerabilities, or build security tools.

Security Maturity Model

A framework that defines levels of cybersecurity capability, helping organizations assess their current state and plan improvements.

Security Roadmap

A strategic plan outlining cybersecurity initiatives, priorities, and milestones over a defined time period.

Supply Chain Security

Comprehensive practices for managing security risks throughout the entire supply chain including vendors, software, and hardware.

Surveillance Detection

Techniques for identifying if you are being monitored or followed, used in both physical security and counter-intelligence.

Satellite Communication Security

Security of satellite communication systems including signal interception, jamming, and ground station vulnerabilities.

SD-WAN Security

Security capabilities integrated into Software-Defined Wide Area Networks including encryption, segmentation, and threat prevention.

A DDoS attack that uses spoofed ICMP broadcast packets to flood a target with amplified echo reply traffic.

A denial-of-service attack that holds many connections open to a web server by slowly sending partial HTTP requests.

An attack targeting web servers that support Server-Side Includes, injecting directives to execute commands or include files.

An attack targeting SOAP web services by injecting malicious XML content to manipulate server-side processing.

Session Prediction

An attack where an adversary deduces or calculates session identifiers to hijack active sessions.

Machine code payloads used in exploitation to spawn a command shell or perform other actions on a compromised system.

A specific type of buffer overflow that corrupts the call stack, potentially allowing attackers to redirect program execution.

A hash-based digital signature scheme providing post-quantum security without relying on lattice assumptions.

A cryptographic method that distributes a secret among a group of participants, each holding a share that alone reveals nothing.

Secure Multi-Party Computation

A cryptographic protocol enabling multiple parties to jointly compute a function over their inputs while keeping those inputs private.

Step-Up Authentication

An adaptive security approach that requires additional authentication factors when users attempt to access higher-risk resources or actions.

Security Orchestration Platform

A system that automates and coordinates security operations workflows across multiple tools and technologies.

Security Data Pipeline

The infrastructure for collecting, processing, and routing security telemetry from diverse sources to analysis platforms.

SEC Cybersecurity Rules

US Securities and Exchange Commission requirements for public companies to disclose material cybersecurity incidents and risk management.

Standard Contractual Clauses

Pre-approved contractual terms for transferring personal data from the EU to countries without adequate data protection laws.

Switch Port Analyzer. A switch feature that mirrors traffic from one or more ports to a monitoring port for analysis.

Segmentation Policy

Documented rules defining which network segments can communicate and the security controls required between them.

A proposed standard for websites to communicate security vulnerability disclosure policies in a machine-readable format.

Scheduled Task Persistence

Creating Windows scheduled tasks or Linux cron jobs to maintain malicious code execution at specified intervals.

Service Persistence

Installing malware as a system service to maintain persistent access with elevated privileges across reboots.

Security Tool Integration

The process of connecting different security products to share data and coordinate responses through APIs and automation.

The level of capability and effectiveness of a Security Operations Center, assessed across people, processes, and technology.

Security Exception

A formal process for temporarily or permanently exempting a system or process from a security requirement with documented risk acceptance.

Serverless Attack

Attacks targeting serverless computing functions including injection through event data, permission abuse, and dependency attacks.

Synthetic Media

AI-generated content including deepfake videos, cloned voices, and generated text that can be indistinguishable from authentic media.

Service Account Security

Best practices for securing non-human accounts used by applications and services, including credential rotation and monitoring.

STRIDE Threat Model

A threat modeling methodology categorizing threats as Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege.

Security Requirement

A documented specification of security functionality that a system must provide, derived from risk assessment and compliance needs.

Secure Design Pattern

Reusable solutions to common security problems in software architecture, such as input validation and error handling patterns.

Security Testing Automation

Integrating automated security tools into development pipelines to continuously test for vulnerabilities throughout the SDLC.

Methods for permanently destroying data on storage media to prevent recovery, meeting standards like NIST SP 800-88.

A tamper-resistant hardware component that provides secure storage and processing of cryptographic keys and credentials.

Security Engineering Career

A career path focused on designing and building secure systems, applications, and infrastructure.

A switch feature that monitors traffic levels and drops packets when thresholds are exceeded to prevent broadcast storms.

Sponge Construction

A cryptographic construction used in hash functions like SHA-3 that absorbs input data and squeezes out the hash output.

Security Posture Score

A quantitative rating of an organization overall security health based on vulnerability data, configuration compliance, and threat exposure.

A documented set of procedures for SOC analysts to follow when handling specific types of security alerts and incidents.

Security Awareness Program

An ongoing organizational initiative to educate employees about cybersecurity risks and their responsibilities in protecting information.

Security Champion Program

An initiative that embeds security advocates within development teams to promote secure coding practices and bridge the gap between security and engineering.

Security Regression

A previously fixed vulnerability that reappears in software due to code changes, merges, or deployment errors.

A checkpoint in the software development pipeline that blocks deployment until security requirements are met.

Secure Multi-Party Data Sharing

Cryptographic protocols enabling multiple organizations to analyze combined datasets without exposing raw data to each other.

Security Token Service

A service that issues, validates, and renews security tokens for authentication across distributed applications.

Security Onboarding

The process of integrating new employees into an organization security practices including training and access provisioning.

T

Transmission Control Protocol / Internet Protocol. The fundamental communication protocol suite of the internet that defines how data is packetized, addressed, transmitted, and received.

A network diagnostic tool that tracks the path packets take from source to destination, showing each hop and the time taken, useful for identifying network issues.

Malware disguised as legitimate software that provides attackers with backdoor access to infected systems, often used to steal data or install additional malware.

A form of cybersquatting where attackers register domain names similar to popular websites with common typos to capture traffic and distribute malware or steal credentials.

Time-based One-Time Password. An algorithm that generates temporary passwords based on the current time and a shared secret, commonly used in authenticator apps.

A physical social engineering technique where an unauthorized person follows an authorized individual through a secure entrance without proper credentials.

The proactive search for cyber threats that have evaded existing security solutions, using hypotheses and advanced techniques to discover hidden compromises.

Tactics, Techniques, and Procedures. The patterns of behavior and methods used by threat actors, documented in frameworks like MITRE ATT&CK for threat intelligence.

Threat Intelligence

Evidence-based knowledge about existing or emerging threats to an organization, including context about threat actors, their motivations, and attack methods.

An individual, group, or entity responsible for cybersecurity incidents, ranging from script kiddies and hacktivists to organized crime and nation-states.

A structured approach to identifying, quantifying, and addressing security threats to a system, helping prioritize defensive measures based on risk.

Threat Landscape

The complete set of potential and identified cyberthreats affecting a particular sector, organization, or technology environment at a given time.

Replacing sensitive data with non-sensitive placeholder tokens that maintain the original data format while being meaningless if compromised.

Trusted Platform Module. A dedicated microcontroller designed to secure hardware through integrated cryptographic keys, used for disk encryption and secure boot.

Threat Modeling

A structured approach to identifying and prioritizing potential security threats during application design, enabling proactive mitigation of risks before deployment.

Tabletop Exercise

A discussion-based simulation where team members walk through a hypothetical security incident scenario to test response plans and identify gaps.

A gamified cybersecurity training platform offering guided learning paths and hands-on virtual labs for beginners to advanced practitioners.

An older network protocol for remote terminal access that transmits data in plaintext, making it inherently insecure and largely replaced by SSH.

Token Impersonation

A Windows attack technique where an attacker steals or duplicates access tokens of other users to impersonate them and access their resources.

Threat Intelligence Analyst

A cybersecurity professional who collects, analyzes, and disseminates information about current and emerging cyber threats to support defensive operations.

Traffic Analysis

The process of intercepting and examining network messages to deduce information from patterns in communication, even when messages are encrypted.

Template Injection

Server-Side Template Injection. A vulnerability where user input is embedded into server-side templates, potentially allowing remote code execution.

The practice of encapsulating one network protocol within another to create a secure communication path or bypass network restrictions.

Tactics, Techniques, and Procedures. The behavior patterns of threat actors that describe how they conduct attacks, used for threat intelligence and detection.

Timeline Analysis

A forensic technique that creates a chronological sequence of system events from multiple sources to reconstruct incident activities.

The initial assessment phase of incident response that quickly determines the scope, severity, and nature of a security incident.

A mobile attack similar to clickjacking where malicious apps overlay transparent elements on legitimate apps to capture user taps.

A proactive cybersecurity role focused on searching through networks and systems to detect advanced threats that evade automated security controls.

The latest version of the Transport Layer Security protocol, providing improved security with reduced handshake latency and removal of obsolete algorithms.

Terminal Access Controller Access-Control System Plus. A protocol providing detailed access control for network equipment through separate authentication and authorization.

Time-Based SQL Injection

A blind SQL injection technique that infers information based on database response delays introduced by conditional time delay functions.

Triple Extortion

An evolution of double extortion where attackers additionally threaten DDoS attacks or contact the victim organization customers directly.

A symmetric-key block cipher with a block size of 128 bits and key sizes up to 256 bits, a finalist in the AES selection process.

An encryption algorithm that applies the DES cipher three times to each data block, providing improved security over single DES.

The unauthorized acquisition of authentication tokens like session cookies, OAuth tokens, or Kerberos tickets to impersonate legitimate users.

Threat Intelligence Platform

A system that aggregates, correlates, and analyzes threat data from multiple sources to produce actionable intelligence.

Threat Containment

Immediate actions taken during incident response to prevent a threat from spreading, including network isolation and account lockdown.

Trusted Platform Module. A specialized chip on a computer motherboard that stores cryptographic keys and provides hardware-based security functions.

Thunderbolt Attack

Attacks exploiting the direct memory access capabilities of Thunderbolt ports to read or write system memory.

Training Data Extraction

Attacks that recover private training data from machine learning models through inference queries and memorization exploitation.

Transparent Data Encryption. A technology that encrypts database files at rest without requiring changes to applications accessing the data.

A US government codename for standards and measures protecting against compromising electromagnetic emanations from electronic equipment.

The Onion Router. An anonymity network that encrypts traffic and routes it through multiple volunteer relays to conceal user identity and location.

Traffic Shaping

The deliberate manipulation of network traffic to optimize performance, enforce policies, or detect anomalies.

Trusted Automated eXchange of Indicator Information. A protocol for exchanging cyber threat intelligence in STIX format between organizations.

An open-source collection of command-line tools for digital forensics, providing disk image analysis and file system examination.

Threat Modeling Tool

Software that assists in identifying, categorizing, and prioritizing potential security threats during application design.

Tabletop Scenario

A structured discussion exercise where participants walk through a hypothetical security incident to test response plans.

TCP Reset Attack

An attack that terminates established TCP connections by sending forged RST packets, disrupting communications between legitimate parties.

Traffic Mirroring

Copying network traffic to a monitoring port or tool for analysis without affecting the original traffic flow.

Teardrop Attack

A denial-of-service attack that sends fragmented IP packets with overlapping offset fields, crashing vulnerable systems during reassembly.

A phishing attack where a background browser tab changes its content to a login page, tricking users into entering credentials.

Threat-Led Penetration Testing

Testing based on threat intelligence about adversaries likely to target the organization, simulating their specific techniques.

Threat Intelligence-Based Ethical Red Teaming. A European framework for testing financial institutions using intelligence-led red team exercises.

Thick Client Testing

Security assessment of desktop applications that process data locally, including memory analysis, DLL hijacking, and local storage review.

Threshold Cryptography

A cryptographic system where multiple parties must cooperate to perform cryptographic operations, preventing single points of compromise.

An automated stream of threat intelligence data including indicators of compromise, malware signatures, and vulnerability information.

Tier 1 SOC Analyst

An entry-level security analyst responsible for initial alert triage, monitoring dashboards, and escalating confirmed threats.

Tier 2 SOC Analyst

A mid-level security analyst who performs deeper investigation of escalated incidents, conducts forensic analysis, and develops detection rules.

Tier 3 SOC Analyst

A senior security analyst specializing in advanced threat hunting, malware analysis, and complex incident investigation.

Threat Intelligence Lifecycle

The cyclical process of planning, collecting, processing, analyzing, disseminating, and evaluating threat intelligence.

Third-Party Risk Policy

A policy establishing requirements for assessing and managing cybersecurity risks from vendors and business partners.

Transfer Learning Attack

Exploiting the shared knowledge in pre-trained models to craft adversarial examples that transfer across different AI systems.

Tailgating Prevention

Physical security measures including mantraps, turnstiles, and guard stations designed to prevent unauthorized following through secured doors.

Threat Intelligence Career

A career path focused on collecting, analyzing, and disseminating intelligence about cyber threats and threat actors.

Threat Landscape Report

A periodic assessment documenting current and emerging cyber threats, attack trends, and their potential impact on organizations.

Threat Hunting Hypothesis

A proposed theory about adversary activity that guides proactive searches through network and endpoint data for evidence of threats.

A detailed characterization of a threat actor including their capabilities, motivations, targets, and typical attack patterns.

U

User Datagram Protocol. A connectionless transport protocol that sends data without establishing a connection, offering speed at the cost of reliability.

USB Drop Attack

A social engineering technique where malicious USB devices are left in public places, exploiting curiosity to install malware when plugged into computers.

Universal Asynchronous Receiver-Transmitter. A serial communication protocol often exposed on IoT device debug headers, providing console access for analysis.

An email security technique that modifies links in emails to route through a security service that scans the destination for threats at click time.

Union-Based SQL Injection

A SQL injection technique that uses the UNION SQL operator to combine results from the injected query with the original query.

Techniques for circumventing Windows User Account Control to execute programs with elevated privileges without triggering a UAC prompt.

Malware that infects the Unified Extensible Firmware Interface, persisting below the operating system and surviving disk replacement.

Attacks delivered through USB devices including rubber duckies, USB killers, rogue charging cables, and infected flash drives.

Unvalidated Redirect

A vulnerability where an application accepts untrusted input that causes redirection to an external URL without validation.

A memory corruption vulnerability where a program continues to use a pointer after the memory it references has been freed.

V

Virtual Private Network. A technology that creates an encrypted tunnel between your device and a remote server, protecting data in transit and masking your IP address.

Virtual Local Area Network. A logical grouping of network devices that segments broadcast domains, improving security by isolating traffic between different network segments.

A type of malware that attaches itself to legitimate programs or files and replicates when the host program is executed, spreading to other files and systems.

Voice phishing. A social engineering attack conducted over the phone where attackers impersonate legitimate entities to extract sensitive information from victims.

Vulnerability Scanning

The automated process of identifying security weaknesses in systems and applications using specialized scanning tools that check against known vulnerability databases.

An open-source memory forensics framework for analyzing RAM dumps, used to investigate malware, rootkits, and other threats that operate in memory.

Vulnerability Assessment

A systematic review of security weaknesses in systems and applications, identifying, quantifying, and prioritizing vulnerabilities for remediation.

Vulnerability Disclosure

The process of reporting discovered security vulnerabilities to the affected vendor or organization, with responsible disclosure allowing time for patching.

Vulnerability Management

The continuous process of identifying, classifying, remediating, and mitigating security vulnerabilities across an organization technology infrastructure.

Security controls for Virtual Private Cloud environments, including security groups, network ACLs, flow logs, and peering configurations.

Vendor Risk Management

The process of assessing and monitoring the security risks posed by third-party vendors who have access to organizational data or systems.

Visitor Management

The process of tracking and managing visitors entering a facility, including registration, badge issuance, and escort requirements.

Video Analytics

AI-powered analysis of surveillance video to automatically detect security events, unusual behavior, and potential threats in real time.

VR Security Training

The use of virtual reality technology for immersive cybersecurity training, simulating real-world scenarios for hands-on experience.

An attack that allows traffic from one VLAN to reach another VLAN by exploiting switch misconfigurations or 802.1Q tagging vulnerabilities.

Vertical Privilege Escalation

Gaining higher-level permissions than currently assigned, such as a standard user obtaining administrator access.

Voice Cloning Attack

Using AI-generated synthetic voice to impersonate individuals for social engineering, fraud, or bypassing voice-based authentication.

Verifiable Credentials

A W3C standard for digital credentials that can be cryptographically verified, enabling trustworthy digital identity assertions.

VPN Split Tunneling

A VPN configuration that routes only specific traffic through the VPN tunnel while allowing other traffic to access the internet directly.

An open-source endpoint visibility and collection tool that enables forensic analysis and real-time monitoring across an enterprise.

Vehicle Forensics

The extraction and analysis of digital evidence from modern vehicles including infotainment systems, GPS data, and event recorders.

Vendor Email Compromise

An attack where criminals compromise a vendor email account to send fraudulent invoices or payment redirection requests to their customers.

Vulnerability Scanner

An automated tool that scans systems, networks, and applications to identify known security vulnerabilities and misconfigurations.

Volatile Data Collection

The capture of ephemeral system data from running systems including memory contents, network connections, and running processes.

Vulnerability Management Policy

A policy defining requirements for identifying, assessing, remediating, and reporting security vulnerabilities.

Vulnerability Prioritization

The process of ranking discovered vulnerabilities by risk to determine remediation order, considering exploitability and business impact.

W

Wi-Fi Protected Access 3. The latest generation of Wi-Fi security protocol that provides stronger encryption and protection against brute-force attacks.

Wired Equivalent Privacy. An outdated and insecure wireless security protocol that uses static encryption keys, easily cracked with modern tools.

The act of searching for Wi-Fi networks from a moving vehicle using a laptop or smartphone to map wireless access points and identify security weaknesses.

Web Application Firewall. A security solution that monitors, filters, and blocks HTTP/HTTPS traffic to and from a web application to protect against common web exploits.

A malicious script uploaded to a web server that gives an attacker remote access and control, typically allowing command execution through a web browser interface.

Self-replicating malware that spreads across networks without requiring user interaction or attachment to host programs, often exploiting network vulnerabilities.

A type of spear phishing attack that specifically targets high-profile individuals such as executives and senior management to steal sensitive corporate data.

Watering Hole Attack

An attack strategy where the adversary compromises a website frequently visited by a specific target group to infect their systems with malware.

Destructive malware designed to permanently destroy data on infected systems by overwriting or deleting files and disk structures beyond recovery.

An open-source network protocol analyzer that captures and displays packet data in real time, essential for network troubleshooting and security analysis.

Wi-Fi Protected Access 2. A wireless security protocol that uses AES encryption to protect wireless network communications, widely deployed but vulnerable to KRACK attacks.

A system that monitors wireless network traffic for unauthorized access points, suspicious activities, and known wireless attack patterns.

Wi-Fi Pineapple

A wireless auditing platform used by penetration testers to perform man-in-the-middle attacks, rogue AP creation, and wireless reconnaissance.

A dedicated space or virtual environment where incident response teams gather during major security incidents to coordinate response efforts.

A malicious script uploaded to a web server that provides remote access and command execution capabilities through a web browser interface.

WebSocket Security

Security considerations for WebSocket connections, including authentication, authorization, input validation, and protection against cross-site WebSocket hijacking.

Web Cache Poisoning

An attack that manipulates web caching mechanisms to store malicious responses that are subsequently served to other users.

Wireless Penetration Testing

Testing that evaluates the security of wireless networks and devices, including WiFi, Bluetooth, RFID, and other radio frequency technologies.

A hardware or software tool used in forensics to prevent any data from being written to a storage device during evidence acquisition.

A specialized wireless auditing tool that can perform man-in-the-middle attacks, rogue access point creation, and wireless reconnaissance.

The use of artificial intelligence technologies to enhance the effectiveness of cyberattacks, including automated vulnerability discovery and social engineering.

The four-way authentication exchange between a wireless client and access point that establishes encryption keys, which can be captured for offline cracking.

WPS Vulnerability

Security weaknesses in Wi-Fi Protected Setup, a feature designed to simplify wireless configuration but vulnerable to brute-force PIN attacks.

Wireless Forensics

The collection and analysis of wireless network traffic and artifacts for incident investigation, including captured packets and access point logs.

WiFi Fragmentation Attack

FragAttacks — a collection of WiFi vulnerabilities affecting frame aggregation and fragmentation in all modern WiFi security protocols.

Wireless Penetration Test

A security assessment focused on wireless networks, testing for encryption weaknesses, rogue access points, and client-side vulnerabilities.

A protocol providing full-duplex communication channels over a single TCP connection, enabling real-time data transfer between client and server.

A malicious script placed on a web server that provides remote command execution and file management capabilities through HTTP requests.

Destructive malware designed to irreversibly destroy data on infected systems, often used in geopolitical cyber warfare.

Web Authentication API. A W3C standard that enables passwordless authentication in web browsers using public-key cryptography and hardware authenticators.

A targeted attack strategy where the adversary compromises websites frequently visited by a specific group to infect members of that group.

Workload Protection

Security measures applied to cloud workloads including virtual machines, containers, and serverless functions to prevent unauthorized access.

Scripts or pixels embedded in websites that monitor user behavior, collect browsing data, and build profiles for advertising or analytics.

WebAssembly Security

Security considerations for WebAssembly modules including sandboxing, memory safety, and preventing side-channel attacks.

A modern VPN protocol that aims to be simpler and more performant than IPsec and OpenVPN while maintaining strong cryptographic security.

WiFi 6 Security

Security enhancements in WiFi 6 including WPA3 support, Target Wake Time for IoT, and improved protection against brute-force attacks.

WiFi Sensing Attack

Using WiFi signal disturbances to detect movement, gestures, or activities within a building without physical access.

WebSocket Hijacking

An attack that exploits cross-site WebSocket connections to perform unauthorized actions using an authenticated user session.

Web Cache Deception

An attack that tricks web caches into storing sensitive user-specific content, making it accessible to other users.

An open-source security platform for threat detection, integrity monitoring, incident response, and compliance across IT infrastructure.

WiFi Direct Attack

Security vulnerabilities in WiFi Direct peer-to-peer connections that can be exploited for unauthorized access and data interception.

Web Parameter Tampering

Manipulating parameters exchanged between client and server to modify application data like user credentials, permissions, and prices.

WiFi Penetration Testing

Security assessment of wireless networks including authentication testing, rogue AP detection, and client-side attacks.

Watering Hole Malware

Malware delivered through compromised websites that specific target groups frequently visit.

WMI Persistence

Using Windows Management Instrumentation event subscriptions to execute malicious code persistently across reboots.

The examination of web server logs, cached content, and browser artifacts to reconstruct web-based attacks and user activity.

WiFi PSK Cracking

The process of recovering WiFi pre-shared keys by capturing authentication handshakes and performing offline dictionary or brute-force attacks.

Wireless Deception

Deploying decoy wireless networks and access points to detect unauthorized wireless scanning and attack attempts.

Wireless Security Policy

Organizational rules governing the deployment, configuration, and use of wireless networks and devices.

Wireless Network Monitoring

Continuous surveillance of wireless network activity to detect unauthorized devices, attacks, and policy violations.

Web Scraping Defense

Security measures to prevent automated extraction of website content including CAPTCHAs, rate limiting, and bot detection.

Write-Once Media

Storage media that can only be written to once and not modified, used for storing forensic evidence and audit logs.

X

Cross-Site Scripting. A vulnerability that allows attackers to inject malicious client-side scripts into web pages viewed by other users, potentially stealing session cookies or credentials.

XML External Entity injection. An attack against applications that parse XML input, allowing attackers to read local files, perform SSRF, or execute denial of service.

Extended Detection and Response. A unified security platform that collects and correlates data across multiple security layers for comprehensive threat detection and response.

A cross-site scripting payload designed to execute in multiple contexts simultaneously, bypassing various sanitization and encoding filters.

XPath Injection

An attack that injects malicious XPath queries into applications that use XML data stores, similar to SQL injection for XML databases.

A standard defining the format of public key certificates used in TLS/SSL, code signing, and email encryption.

A malicious XML document designed to consume excessive resources during parsing, causing denial of service through entity expansion.

An attack that manipulates XML data sent to an application to modify queries, access unauthorized data, or cause denial of service.

X-Frame-Options

An HTTP header that prevents a page from being rendered in iframes, protecting against clickjacking attacks.

Y

A tool for identifying and classifying malware samples by creating rules that describe patterns found in malicious files.

A tool for identifying and classifying malware by creating rules that describe textual or binary patterns found in malicious samples.

Z

A security model that requires strict identity verification for every person and device attempting to access resources, regardless of whether they are inside or outside the network perimeter.

A previously unknown software vulnerability that is exploited before the vendor has released a patch, giving defenders zero days to address the threat.

Zero-Knowledge Proof

A cryptographic method where one party proves knowledge of information to another party without revealing the information itself.

Zero Trust Network Access. A security model that provides secure remote access to applications based on defined access control policies, replacing traditional VPN access.

Zero Trust Network

A security model that requires strict identity verification for every person and device trying to access resources, regardless of whether they are inside or outside the network perimeter.

Zero-Day Exploit

An attack that targets a previously unknown software vulnerability for which no patch exists, giving defenders zero days to fix the issue.

Attacks targeting Zigbee wireless protocol used in smart home devices, including key extraction, replay attacks, and network infiltration.

Zero-Knowledge Authentication

An authentication protocol where the prover demonstrates knowledge of a secret without revealing the secret itself to the verifier.

Zero Trust Architecture

A cybersecurity architecture based on zero trust principles that eliminates implicit trust and continuously validates every digital interaction.

A critical vulnerability in the Netlogon protocol that allows attackers to take over Windows domain controllers by exploiting a cryptographic flaw.

An open-source network security monitoring platform that provides detailed logs of network activity for security analysis.

Zero-Knowledge Identity

Identity verification systems that confirm attributes about a person without revealing the underlying personal data.

A TLS 1.3 feature allowing data transmission on the first round trip of a connection, trading some security properties for lower latency.

Zigbee Security

Security analysis of Zigbee IoT protocol including key management weaknesses, replay attacks, and network infiltration techniques.