Cybersecurity Glossary

JSON Web Token. A compact, URL-safe token format used for securely transmitting claims between parties, commonly used for authentication and authorization in web applications.

An open-source password cracking tool that supports various hash formats and attack modes including dictionary, brute-force, and hybrid attacks.

Joint Test Action Group. A hardware debugging interface that can be exploited to extract firmware, bypass security controls, or gain root access to embedded devices.

The process of removing software restrictions imposed by iOS on Apple devices, allowing installation of unauthorized applications and system modifications.

A hardened server used to access and manage devices in a separate security zone, providing a controlled access point for administrative tasks.

Security weaknesses in JSON Web Token implementations, including algorithm confusion, weak secrets, and improper signature validation.

A security practice that provides elevated access only when needed and for the minimum duration required to complete a specific task.

An attack exploiting JWT implementations that accept the none algorithm, allowing attackers to forge tokens without a valid signature.

An attack that manipulates JSON data structures sent to an application to modify behavior or extract unauthorized data.

Automatically creating user accounts and access rights at the moment they are needed rather than pre-provisioning.