Cybersecurity Glossary

Cross-Site Request Forgery. An attack that tricks authenticated users into executing unwanted actions on a web application by exploiting the trust a site has in the user browser.

A vulnerability where an attacker can execute arbitrary operating system commands on the server by injecting them through application input that is passed to a system shell.

An HTTP security header that helps prevent XSS and data injection attacks by specifying which content sources the browser should consider valid.

Cross-Origin Resource Sharing. A browser security mechanism that controls which external domains can access resources on a web server, preventing unauthorized cross-origin requests.

The manipulation of cookie values to bypass security controls, escalate privileges, or impersonate other users in a web application.

A technique where an attacker tricks a user into clicking on something different from what they perceive by overlaying invisible or disguised elements on a legitimate page.

A trusted organization that issues digital certificates, verifying the identity of certificate holders and enabling trusted encrypted communications across the internet.

A set of cryptographic algorithms used together to secure a network connection, typically specifying key exchange, encryption, and message authentication algorithms.

Command and Control server. A centralized server used by attackers to send commands to and receive data from compromised systems in a botnet or malware campaign.

The unauthorized use of someone computer resources to mine cryptocurrency, typically through malicious scripts running in web browsers or compromised systems.

An automated attack that uses stolen username-password pairs from data breaches to attempt logins across multiple services, exploiting password reuse.

A commercial penetration testing tool that provides advanced attack simulation capabilities including beacon payloads, lateral movement, and command-and-control.

Common Vulnerabilities and Exposures. A standardized system for identifying and naming publicly known cybersecurity vulnerabilities with unique identifiers.

Common Vulnerability Scoring System. A framework for rating the severity of security vulnerabilities on a scale from 0 to 10 based on exploitability and impact.

Common Weakness Enumeration. A community-developed catalog of common software and hardware weakness types that can lead to security vulnerabilities.

The documented and chronological record of the seizure, custody, control, and analysis of digital evidence, ensuring its integrity for legal proceedings.

The incident response phase focused on limiting the spread and impact of a security incident by isolating affected systems and blocking attack channels.

The set of policies, technologies, and controls deployed to protect cloud computing environments, including data, applications, and infrastructure.

Cloud Access Security Broker. A security policy enforcement point placed between cloud service consumers and providers to enforce security policies and monitor activity.

Cloud Security Posture Management. Tools that continuously monitor cloud infrastructure for misconfigurations, compliance violations, and security risks.

The practice of protecting containerized applications and their infrastructure, including image scanning, runtime protection, and orchestration security.

Security solutions that protect workloads running across cloud environments, including virtual machines, containers, and serverless functions.

Security approaches designed specifically for cloud-native architectures, integrating security into the development and deployment pipeline.

Cloud Workload Protection Platform. A security solution that provides threat detection and prevention for workloads across multiple cloud environments.

The application of digital forensics techniques to cloud computing environments, addressing unique challenges like data volatility and shared infrastructure.

Center for Internet Security Controls. A prioritized set of cybersecurity best practices and defensive actions that provide specific and actionable ways to reduce cyber risk.

California Consumer Privacy Act. A state privacy law giving California consumers rights over their personal information collected by businesses.

A formal examination of an organization adherence to regulatory requirements, industry standards, and internal security policies.

The practice of protecting systems, networks, programs, and data from digital attacks, unauthorized access, damage, or theft through multiple layers of defense.

The three core principles of information security: Confidentiality (restricting access), Integrity (ensuring accuracy), and Availability (ensuring reliable access).

A model developed by Lockheed Martin describing the seven stages of a cyberattack: reconnaissance, weaponization, delivery, exploitation, installation, C2, and actions.

Insurance coverage designed to help organizations mitigate the financial impact of cybersecurity incidents, including data breaches and ransomware attacks.

An organization ability to continuously deliver intended outcomes despite adverse cyber events, combining prevention, detection, response, and recovery capabilities.

The requirement under privacy laws like GDPR for websites to obtain user permission before storing cookies that track browsing behavior.

A mobile security technique that associates a host with its expected certificate or public key, preventing man-in-the-middle attacks using fraudulent certificates.

The systematic examination of application source code to identify security vulnerabilities, logic errors, and coding practices that could lead to exploits.

The structured process for managing modifications to IT systems and infrastructure, ensuring changes do not introduce security vulnerabilities.

The process of maintaining systems in a desired and consistent state, ensuring security configurations are properly applied and maintained.

A simulated environment for cybersecurity training and exercises, providing realistic scenarios for practicing attack and defense techniques safely.

A cybersecurity competition where participants solve security challenges to find hidden flags, developing practical hacking and defense skills.

Closed-Circuit Television. Video surveillance systems used to monitor physical spaces for security purposes, often integrated with access control and alarm systems.

A security policy requiring employees to clear their desks of sensitive documents and lock computer screens when leaving their workspace unattended.

A collaborative command and control framework for red team operations, providing an alternative to Cobalt Strike with a web-based management interface.

A post-exploitation tool for Active Directory environments that automates the assessment of large networks through credential testing and enumeration.

A fast TCP/UDP tunnel tool used during penetration testing to pivot through compromised hosts and access internal network segments.

Certified Ethical Hacker. An EC-Council certification validating knowledge of ethical hacking methodologies, tools, and techniques for security assessment.

Certified Information Systems Security Professional. An advanced ISC2 certification covering eight domains of information security management and practice.

Certified Information Security Manager. An ISACA certification focused on information security governance, risk management, and incident response for management roles.

Certified Information Systems Auditor. An ISACA certification for professionals who audit, control, monitor, and assess information technology and business systems.

Certified Red Team Professional. A certification focused on Active Directory attack and defense techniques, including Kerberos attacks and lateral movement.

Chief Information Security Officer. The senior executive responsible for establishing and maintaining the enterprise vision, strategy, and program for information security.

A communication channel that transfers information using a method not intended for communication, often used to exfiltrate data while evading detection.

Content Security Policy. A security standard that helps prevent cross-site scripting, clickjacking, and other code injection attacks by specifying approved content sources.

An attack where Carriage Return Line Feed characters are injected into HTTP headers, potentially enabling response splitting and cross-site scripting.

Malware that hijacks computing resources to mine cryptocurrency without the owner's consent, degrading system performance and increasing electricity costs.

The process of collecting usernames and passwords through phishing pages, keyloggers, or network interception for unauthorized access.

An authentication method that uses digital certificates to verify the identity of users or devices before granting access to resources.

Cloud-Native Application Protection Platform. An integrated security platform that combines CSPM, CWPP, and other cloud security capabilities into a unified solution.

Cloud Access Security Broker. A security policy enforcement point between cloud service consumers and providers that enforces security policies.

Security vulnerabilities arising from improperly configured cloud services, such as open S3 buckets, excessive permissions, or disabled encryption.

The process of transforming data before it is stored in cloud services, using encryption keys managed by the provider, customer, or a third party.

A web application firewall delivered as a cloud service, protecting web applications from common attacks without on-premises hardware.

A tripwire mechanism that alerts when accessed, such as a decoy file, URL, or credential planted to detect unauthorized access or data theft.

Configuration guidelines from the Center for Internet Security that provide prescriptive security recommendations for hardening systems and applications.

Cybersecurity Maturity Model Certification. A US Department of Defense framework that measures cybersecurity capabilities of defense contractors.

The process of obtaining, recording, and managing user consent for data collection and processing in compliance with privacy regulations.

The movement of personal data between countries or jurisdictions, subject to legal requirements ensuring adequate data protection levels.

The process of digitally signing executables and scripts to confirm the software author's identity and guarantee the code has not been altered.

The process of making source code or binary difficult to understand through deliberate complexity, used to protect intellectual property and hinder reverse engineering.

An attack that exploits data remanence in RAM chips, cooling them to slow data decay and extracting encryption keys after a system is powered off.

An internet security standard for monitoring and auditing the issuance of digital certificates, helping detect misissued or malicious certificates.

An attack that creates a fake login page on a rogue wireless network to harvest credentials from users who attempt to authenticate.

A vendor-neutral certification covering foundational cybersecurity knowledge, including threats, architecture, operations, and incident response.

Cisco Certified Network Associate Security. A certification validating knowledge of network security concepts and Cisco security technologies.

A value derived from a block of data for the purpose of detecting errors or verifying that data has not been altered during transmission or storage.

Basic security practices that individuals and organizations should routinely follow to maintain system health and improve online security.

Techniques for circumventing Content Security Policy restrictions to execute unauthorized scripts, including JSONP endpoints and unsafe configurations.

The use of computer networks to gain illicit access to confidential information held by governments, organizations, or individuals.

A stream cipher designed as an alternative to AES, offering high performance on systems without hardware AES acceleration.

Certificate Revocation List. A list of digital certificates that have been revoked by the certificate authority before their scheduled expiration.

An access control approach that considers factors like user location, device health, time, and behavior patterns when making authorization decisions.

The ongoing awareness maintenance of information security, vulnerabilities, and threats to support organizational risk management decisions.

The process of extracting authentication credentials from operating systems and software, including passwords, hashes, and Kerberos tickets.

A comprehensive evaluation of cloud infrastructure security including configuration review, access control audit, and compliance verification.

Security testing specifically targeting cloud environments, including testing IAM policies, storage access, and service configurations.

Ensuring cloud infrastructure and services meet regulatory requirements and industry standards for data protection and security.

Managing user identities and access permissions across cloud services, including federation, SSO, and multi-cloud identity governance.

Data Loss Prevention solutions designed for cloud environments that monitor and protect sensitive data stored in and transmitted through cloud services.

Hardware Security Module services provided by cloud providers that offer dedicated cryptographic key management in a tamper-resistant environment.

An evaluation of cloud security configurations against best practices and compliance requirements to identify misconfigurations and risks.

The phenomenon where users become overwhelmed by frequent privacy consent requests and begin accepting them without reading.

A security vulnerability that allows code running inside a container to break out and access the host system or other containers.

Security practices for continuous integration and continuous deployment pipelines, including secure build processes and artifact verification.

A data destruction method that renders encrypted data unrecoverable by securely deleting the encryption keys.

Database encryption that protects specific columns containing sensitive data, allowing other columns to remain in plaintext for performance.

Constrained Application Protocol. A specialized web transfer protocol for constrained IoT devices and networks, designed for machine-to-machine applications.

An alternative security measure employed when the primary control cannot be implemented, providing equivalent protection.

A security control designed to restore systems to normal after a security incident, including patch management and backup restoration.

A hidden device attached to legitimate card readers that captures credit card data during normal transactions.

A phishing technique where the email contains a phone number instead of a malicious link, directing victims to call a fake support center.

Certifications for cloud security professionals including CCSP, AWS Security Specialty, and Azure Security Engineer.

Overly permissive Cross-Origin Resource Sharing configurations that allow unauthorized domains to access sensitive API responses.

Command and Control framework. Software used by red teams and attackers to maintain communication with and control compromised systems.

Malware that monitors the clipboard for cryptocurrency wallet addresses and replaces them with attacker-controlled addresses to redirect transactions.

A notorious ransomware-as-a-service operation known for double extortion tactics and targeting critical infrastructure organizations.

The payload component of Cobalt Strike that provides command-and-control functionality, commonly found in both red team and real-world attacks.

A cloud-native endpoint security platform that combines EDR, threat intelligence, and managed hunting services.

An open-source automated malware analysis system that executes suspicious files in an isolated environment and reports observed behavior.

Control Objectives for Information and Related Technologies. A framework for governance and management of enterprise information technology.

A UK government-backed scheme that helps organizations protect against common cyber threats through five basic security controls.

An AWS service that records API calls and account activity, providing audit trails for governance, compliance, and security.

Google Cloud DDoS protection and web application firewall service that protects applications from attacks.

Services provided by cloud platforms for creating, storing, and managing cryptographic keys used for data encryption.

Firewall services built into cloud platforms that provide network security controls for cloud workloads without additional hardware.

Cloud computing technology that protects data during processing using hardware-based trusted execution environments.

Security implications of large language models including data leakage, prompt injection, and use in generating attack tools.

Ongoing verification of user identity throughout a session using behavioral biometrics, device signals, and risk assessment.

The process of managing digital certificates from issuance through renewal and revocation across an organization infrastructure.

A simulated exercise that tests an organization defensive and offensive cybersecurity capabilities against realistic attack scenarios.

A visual display of key security metrics and indicators designed to give executive leadership visibility into security posture.

Unique difficulties in cloud investigations including data volatility, jurisdiction issues, multi-tenancy, and provider cooperation.

The process of removing the packaging of an integrated circuit to expose the die for visual inspection and analysis.

Attacks targeting the Controller Area Network bus in vehicles, potentially enabling remote control of automotive systems.

Physical penetration testing techniques for gaining unauthorized access to facilities without detection, including lock picking and bypass.

Certified Red Team Operator. A certification focused on adversary simulation using Cobalt Strike and modern red team techniques.

A Cloud Access Security Broker deployment that intercepts traffic inline to enforce real-time security policies on cloud application usage.

An attack that injects malicious CSS code to exfiltrate data, modify page content, or perform UI redressing attacks.

A category of attacks that exploit trust relationships between different web origins to access unauthorized resources or perform actions.

A UK framework for intelligence-led penetration testing of financial sector firms, governed by the Bank of England.

Security testing of cloud infrastructure, services, and configurations to identify vulnerabilities and misconfigurations.

The exploitation of a vulnerability to inject and execute malicious code within the context of a running application or process.

Post-quantum cryptographic systems based on error-correcting codes, offering resistance to quantum computing attacks.

An identity model where identity attributes are expressed as claims, allowing flexible authorization decisions across systems.

EU legislation establishing cybersecurity requirements for products with digital elements throughout their lifecycle.

Systems and practices for securely storing, distributing, and managing user credentials across an organization.

An attack exploiting discrepancies between declared and actual content types to bypass security filters.

An automated adversary emulation system developed by MITRE that runs autonomous red team operations based on the ATT&CK framework.

Ongoing automated testing of security controls to ensure they remain effective against evolving threats.

The identification and mapping of an organization most critical assets to prioritize their protection in security testing.

An attacker-controlled server that receives connections from compromised systems, used for data exfiltration and command delivery.

A tool that encrypts malware to make it undetectable by antivirus software, often using custom encryption routines.

A structured set of security controls organized into categories that provides a systematic approach to managing cybersecurity risk.

Cloud Security Alliance. An organization that defines best practices for secure cloud computing through research and education.

Cloud Controls Matrix. A cybersecurity control framework from CSA that maps cloud security controls to regulations and standards.

Security measures protecting workloads in cloud environments including runtime protection, vulnerability management, and configuration monitoring.

Exploiting vulnerabilities in cloud infrastructure to break out of isolated environments and access other tenants or the hypervisor.

The process of discovering and cataloging cloud resources, configurations, and permissions during security assessments.

Exploiting misconfigurations in cloud IAM to gain higher permissions than initially granted.

Techniques for maintaining unauthorized access in cloud environments including backdoor accounts and modified security groups.

Changes in the statistical properties of data over time that can degrade machine learning model performance and security effectiveness.

The lifecycle management of digital certificates including issuance, deployment, monitoring, renewal, and revocation.

The regular changing of passwords, keys, and tokens to limit the window of opportunity if credentials are compromised.

Private sector entities that develop and sell offensive cyber capabilities including surveillance tools and exploit services.

An unused region of memory within an executable where malicious code can be injected without increasing the file size.

A cryptographic protocol that allows one party to commit to a chosen value while keeping it hidden until a later reveal phase.

Using technology to automate the monitoring, reporting, and enforcement of regulatory compliance requirements.

A web application firewall built specifically for cloud environments with auto-scaling and integration with cloud services.

Managing identities and access permissions across cloud services to ensure least privilege and compliance.

Identifying and labeling data stored in cloud services based on sensitivity to apply appropriate protection controls.

Incident response procedures adapted for cloud environments including log collection, snapshot preservation, and provider coordination.

Security measures protecting against manipulation of human cognition through disinformation, deepfakes, and AI-generated content.

A structured model for categorizing and analyzing cyber threats based on their objectives, methods, and targets.

Published standards and recommended configurations for securing cloud services from providers like AWS, Azure, and GCP.

A defensive strategy that deploys decoy assets, fake credentials, and honeypots throughout an environment to mislead attackers and detect intrusions early.