Cybersecurity Glossary

Subnet

A logical subdivision of an IP network that divides a larger network into smaller, more manageable segments for improved security and performance.

SSL/TLS

Secure Sockets Layer / Transport Layer Security. Cryptographic protocols that provide secure communication over a computer network, commonly used to encrypt web traffic.

SIEM

Security Information and Event Management. A solution that aggregates and analyzes log data from across an organization to detect security threats and compliance violations in real time.

SOC

Security Operations Center. A centralized facility where a team of security professionals monitors, detects, analyzes, and responds to cybersecurity incidents around the clock.

SNMP

Simple Network Management Protocol. A protocol for managing and monitoring network devices, which can be a security risk if improperly configured with default community strings.

SQL Injection

A code injection technique that exploits vulnerabilities in web applications by inserting malicious SQL statements into input fields to manipulate backend databases.

Stored XSS

A type of XSS where the malicious script is permanently stored on the target server and executed whenever a user loads the affected page.

SSRF

Server-Side Request Forgery. A vulnerability where an attacker can make the server perform requests to unintended locations, potentially accessing internal services or cloud metadata.

SOP

Same-Origin Policy. A critical browser security concept that restricts how documents or scripts from one origin can interact with resources from another origin.

Session Hijacking

An attack where an adversary takes over a valid user session by stealing or predicting the session token, gaining unauthorized access to the user account.

Session Fixation

An attack that forces a user to use a session ID chosen by the attacker, allowing the attacker to hijack the session after the user authenticates.

Security Misconfiguration

A vulnerability resulting from insecure default configurations, incomplete setups, or overly permissive settings in applications, servers, or cloud services.

SSTI

Server-Side Template Injection. A vulnerability that occurs when user input is embedded into server-side templates in an unsafe manner, potentially leading to remote code execution.

Subresource Integrity

A security feature that allows browsers to verify that fetched resources like scripts and stylesheets have not been tampered with by comparing cryptographic hashes.

SHA

Secure Hash Algorithm. A family of cryptographic hash functions that produces a fixed-size digest from variable-length input, used for data integrity verification and digital signatures.

Salt

Random data added to a password before hashing to ensure that identical passwords produce different hash values, protecting against rainbow table and precomputed hash attacks.

Symmetric Encryption

An encryption method where the same key is used for both encryption and decryption, offering fast processing but requiring secure key distribution.

Stream Cipher

A symmetric encryption algorithm that encrypts data one bit or byte at a time by combining plaintext with a pseudorandom keystream, suitable for real-time encryption.

Steganography

The practice of hiding secret information within ordinary, non-secret data such as images, audio, or video files, concealing the very existence of the hidden message.

Spyware

Malware that secretly monitors user activity, collecting personal information, browsing habits, and keystrokes without the user knowledge or consent.

Spear Phishing

A targeted phishing attack directed at specific individuals or organizations, using personalized content to increase the likelihood of success.

Smishing

SMS phishing. A social engineering attack that uses text messages to trick recipients into clicking malicious links or providing personal information.

Supply Chain Attack

An attack that targets less-secure elements in the supply chain, such as third-party vendors or software dependencies, to compromise the ultimate target.

SSO

Single Sign-On. An authentication scheme that allows users to log in once and gain access to multiple connected systems without re-authenticating for each one.

SAML

Security Assertion Markup Language. An XML-based standard for exchanging authentication and authorization data between identity providers and service providers.

Silver Ticket

A forged Kerberos service ticket that provides unauthorized access to a specific service in an Active Directory environment without contacting the domain controller.

Social Engineering

The psychological manipulation of people into performing actions or divulging confidential information, exploiting human trust rather than technical vulnerabilities.

Sqlmap

An open-source tool that automates the detection and exploitation of SQL injection vulnerabilities, supporting various database management systems and injection techniques.

Shodan

A search engine that lets users find specific types of internet-connected devices and systems, revealing exposed services, default credentials, and vulnerable configurations.

Scope

The defined boundaries of a penetration test that specify which systems, networks, and attack methods are authorized, protecting both the tester and the organization.

Sandbox Analysis

The technique of executing suspicious files or code in an isolated virtual environment to observe their behavior without risking the production network.

Shared Responsibility Model

A framework defining the division of security responsibilities between cloud service providers and their customers based on the service model used.

SaaS

Software as a Service. A cloud delivery model where applications are hosted by a provider and accessed by customers over the internet on a subscription basis.

Serverless Security

Security practices specific to serverless computing environments, addressing function-level vulnerabilities, permissions, and event injection attacks.

S3 Bucket Misconfiguration

A common cloud security issue where Amazon S3 storage buckets are accidentally left publicly accessible, exposing sensitive data to the internet.

SOC 2

System and Organization Controls 2. An auditing standard that evaluates an organization controls related to security, availability, processing integrity, and confidentiality.

SOX

Sarbanes-Oxley Act. US federal law establishing auditing and financial regulations for public companies, including requirements for IT security controls.

Security Policy

A formal document that defines an organization approach to managing and protecting its information assets, establishing rules and procedures for security.

Security by Design

An approach where security considerations are integrated into every phase of system development rather than being added as an afterthought.

Shift Left Security

The practice of integrating security testing and practices earlier in the software development lifecycle to catch vulnerabilities before they reach production.

Sandboxing

A security mechanism that isolates running programs in a restricted environment to prevent them from affecting the broader system if they contain malicious code.

Security Awareness Training

Educational programs designed to teach employees about cybersecurity threats, safe practices, and their role in protecting organizational assets.

Security Orchestration

The coordination and automation of security tools and processes to streamline incident response and improve the efficiency of security operations.

SOAR

Security Orchestration, Automation, and Response. Platforms that help organizations collect security threat data and automate responses to low-level security events.

SASE

Secure Access Service Edge. A cloud-delivered framework combining network security functions with WAN capabilities to support the dynamic secure access needs of organizations.

Secure Boot

A security standard that ensures a device boots using only software trusted by the manufacturer, preventing rootkits from loading during startup.

Side-Channel Attack

An attack that exploits information gained from the physical implementation of a system, such as timing, power consumption, or electromagnetic emissions.

SCADA Security

Security measures for Supervisory Control and Data Acquisition systems that control industrial processes in critical infrastructure like power grids and water treatment.

SMS Interception

The unauthorized capture of SMS messages in transit, often used to steal two-factor authentication codes or sensitive communications.

SIM Swapping

A social engineering attack where an attacker convinces a mobile carrier to transfer a victim phone number to a SIM card controlled by the attacker.

SPF

Sender Policy Framework. An email authentication protocol that allows domain owners to specify which mail servers are authorized to send email on their behalf.

S/MIME

Secure/Multipurpose Internet Mail Extensions. A standard for public key encryption and signing of email messages, providing confidentiality and authentication.

SAST

Static Application Security Testing. A method of analyzing application source code for security vulnerabilities without executing the program.

Secure Coding

The practice of writing software code in a way that protects against the introduction of security vulnerabilities through input validation, error handling, and access controls.

Software Composition Analysis

The process of identifying open-source components in a codebase and detecting known vulnerabilities, license compliance issues, and outdated dependencies.

Security Champion

A developer or team member who acts as a security advocate within their team, promoting secure coding practices and bridging the gap between development and security.

Secure SDLC

Secure Software Development Lifecycle. An approach that integrates security activities and best practices into every phase of software development from design to deployment.

Synthetic Identity Fraud

A type of fraud where attackers combine real and fake personal information to create new identities for financial crimes and account creation.

Smart Contract Vulnerability

Security flaws in self-executing blockchain contracts that can be exploited to drain funds, manipulate outcomes, or cause unintended contract behavior.

Security Baseline

A minimum set of security controls and configurations established as the foundation for system hardening and compliance across an organization.

Security Metrics

Quantitative measurements used to evaluate the effectiveness of security controls and programs, such as mean time to detect and mean time to respond.

Security Awareness

The knowledge and understanding that members of an organization have regarding cybersecurity threats and their role in protecting organizational assets.

Security Automation

The use of technology to perform repetitive security tasks automatically, improving efficiency and reducing human error in security operations.

Secure Deletion

The process of permanently destroying data on storage media so it cannot be recovered, using techniques like overwriting, degaussing, or physical destruction.

SQL Audit Trail

A chronological record of database activities including queries, modifications, and access attempts, essential for security monitoring and compliance.

Shoulder Surfing

A social engineering technique where an attacker observes a victim entering sensitive information by looking over their shoulder or using remote viewing.

Social Engineering Toolkit

A collection of tools and techniques used for social engineering attacks, including the popular SET framework for penetration testing.

SFTP

SSH File Transfer Protocol. A secure file transfer protocol that provides file access, transfer, and management over a reliable data stream using SSH encryption.

SSH

Secure Shell. A cryptographic network protocol for operating network services securely over an unsecured network, commonly used for remote server administration.

SMTP

Simple Mail Transfer Protocol. The standard protocol for sending email messages between servers, operating on port 25 or 587 with optional TLS encryption.

SIP

Session Initiation Protocol. A signaling protocol used for initiating and managing voice and video communication sessions over IP networks.

SMB

Server Message Block. A network file sharing protocol that allows applications to read, write, and request services from server programs, historically vulnerable to exploits like EternalBlue.

SOC Analyst

A cybersecurity professional who monitors and analyzes security events in a Security Operations Center, detecting and responding to threats.

Security Architect

A senior cybersecurity role responsible for designing, building, and maintaining the security infrastructure and policies of an organization.

SDN

Software-Defined Networking. An approach to network management that enables programmatic control of network behavior, improving agility and security policy enforcement.

sFlow

A sampling technology for monitoring traffic in data networks, providing real-time visibility into network utilization and performance.

Stateful Firewall

A firewall that monitors the state of active connections and makes decisions based on the context of traffic rather than just individual packets.

SSL Inspection

The process of intercepting and decrypting SSL/TLS encrypted traffic for inspection before re-encrypting and forwarding it, used by security devices to detect threats.

Subdomain Takeover

A vulnerability where an attacker gains control over a subdomain that points to an expired or unclaimed service, allowing them to serve malicious content.

Scope Creep

The uncontrolled expansion of penetration testing activities beyond the originally agreed-upon scope, potentially causing unintended damage.

Sandbox Evasion

Techniques used by malware to detect when it is running in a sandbox environment and alter its behavior to avoid analysis and detection.

SHA-256

Secure Hash Algorithm 256-bit. A cryptographic hash function that produces a fixed 256-bit output, widely used for data integrity verification and digital signatures.

S3 Bucket Exposure

A common cloud security issue where Amazon S3 storage buckets are configured with public access, potentially exposing sensitive data.

SaaS Security

Security measures for Software as a Service applications, including data protection, access control, and monitoring of third-party cloud services.

Secrets Management

The practice of securely storing, distributing, and rotating sensitive configuration data like API keys, passwords, and certificates in cloud environments.

Security Monitoring

The continuous observation and analysis of an organization's IT environment to detect suspicious activities, threats, and policy violations.

Steganalysis

The process of detecting hidden information in files, images, or communications that have been concealed using steganographic techniques.

SOC 2

Service Organization Control 2. An auditing procedure that ensures service providers securely manage data to protect the interests and privacy of their clients.

Security Audit

A systematic evaluation of an organization's security policies, procedures, and controls to assess compliance and identify weaknesses.

SCA

Software Composition Analysis. A process that identifies open-source components in a codebase and checks them for known vulnerabilities and license compliance.

SBOM

Software Bill of Materials. A comprehensive inventory of all components, libraries, and dependencies used in a software application, essential for supply chain security.

Synthetic Identity Attack

Using AI-generated personas including fake photos, voices, and backstories to conduct social engineering, fraud, or disinformation campaigns.

SPI Flash

Serial Peripheral Interface Flash memory used in embedded systems to store firmware, which can be read and written with specialized tools for analysis.

SSL Pinning Bypass

A technique used in mobile security testing to intercept HTTPS traffic by bypassing certificate pinning mechanisms in mobile applications.

Stagefright

A class of critical Android vulnerabilities in the media playback engine that could allow remote code execution through crafted multimedia messages.

Spectrum Analysis

The examination of radio frequency signals in an area to identify wireless devices, interference sources, and potential security threats.

Spam Filter

Software that identifies and blocks unwanted email messages before they reach the user's inbox, using rules, machine learning, and reputation systems.

Spear Phishing Detection

Security techniques that identify targeted phishing emails through analysis of sender reputation, content patterns, and behavioral anomalies.

Security Guard

A trained professional responsible for protecting people and property by maintaining a visible presence and monitoring for security threats.

Secure Destruction

The process of permanently destroying physical media and documents to prevent data recovery, including shredding, degaussing, and incineration.

Safe Room

A fortified room within a building designed to provide protection during emergencies, including physical attacks and natural disasters.

Security Convergence

The integration of physical security and cybersecurity practices into a unified security program, addressing the interconnected nature of modern threats.

Social Engineering Defense

Physical and procedural countermeasures against social engineering attacks, including security awareness training and verification protocols.

Security Analyst

A cybersecurity professional who monitors security systems, analyzes threats, investigates incidents, and recommends improvements to security posture.

Secure File Transfer

Protocols and systems for transferring files securely between parties, including SFTP, SCP, and managed file transfer solutions.

Syslog

A standard for message logging that allows separation of the software that generates messages from the system that stores and reports them.

Separation of Duties

A security principle that distributes critical tasks among multiple people to prevent fraud and errors, requiring collusion to compromise the system.

Security Posture

The overall strength of an organization's cybersecurity defenses, including policies, tools, training, and incident response capabilities.

SYN Flood

A denial-of-service attack that exploits the TCP handshake by sending numerous SYN requests without completing the connection, exhausting server resources.

STP Attack

An attack targeting the Spanning Tree Protocol to manipulate network topology, potentially enabling traffic interception.

Second-Order SQL Injection

A SQL injection attack where malicious input is stored in the database and executed later when used in a different query context.

SSI Injection

Server-Side Include Injection. An attack that exploits server-side include directives to execute commands or include unauthorized files.

Session Puzzling

An attack that exploits session variable overloading, where the same session variable serves different purposes in different application contexts.

Stealer Malware

Specialized malware designed to harvest stored credentials, cookies, cryptocurrency wallets, and other sensitive data from infected systems.

Security Data Lake

A centralized repository that stores security-related data from multiple sources at scale for advanced analytics and threat detection.

Sigma Rules

A generic signature format for SIEM systems that allows writing detection rules once and converting them to various SIEM query languages.

Snort Rules

Detection rules for the Snort intrusion detection system that define traffic patterns to alert on or block.

Suricata

An open-source network threat detection engine capable of real-time intrusion detection, inline intrusion prevention, and network security monitoring.

Security Chaos Engineering

The practice of intentionally introducing security failures in controlled conditions to test and improve an organization's security resilience.

Security Framework

A structured set of guidelines and best practices for managing cybersecurity risk, such as NIST CSF, ISO 27001, or CIS Controls.

Supply Chain Risk Management

The process of identifying, assessing, and mitigating risks associated with third-party vendors, suppliers, and service providers.

SIM Swap Attack

A social engineering attack targeting mobile carriers to transfer a victim phone number to an attacker-controlled SIM card.

Smart Card Attack

Attacks targeting smart card security including side-channel analysis, fault injection, and protocol-level vulnerabilities.

Shadow IT

Information technology systems and solutions built and used inside organizations without explicit organizational approval, creating security blind spots.

Secrets Scanning

Automated detection of sensitive information like API keys, passwords, and tokens accidentally committed to source code repositories.

Security Header

HTTP response headers that provide security controls in web browsers, including HSTS, X-Content-Type-Options, and X-Frame-Options.

Shamir Secret Sharing

A cryptographic algorithm that divides a secret into parts distributed among participants, requiring a threshold number of parts to reconstruct.

Secure Data Deduplication

Eliminating duplicate copies of data while maintaining security controls, reducing storage costs without compromising data protection.

Security Debt

The accumulation of security issues and deferred fixes over time, similar to technical debt, which increases risk exposure.

Security Control

A safeguard or countermeasure designed to protect the confidentiality, integrity, and availability of information systems and data.

Security Clearance

Government-granted authorization to access classified information, required for many cybersecurity roles in defense and intelligence.

SOCKS Proxy

A general-purpose proxy protocol that routes network packets between a client and server through a proxy, supporting any type of traffic.

Site-to-Site VPN

A VPN connection that connects two networks together over the internet, commonly used to link branch offices to a corporate network.

SSL VPN

A virtual private network that uses SSL/TLS protocols to provide secure remote access through a web browser without specialized client software.

Staged Payload

A payload delivered in stages where a small initial component downloads the full exploit code, reducing detection probability.

Stageless Payload

A self-contained payload that includes all exploit code in a single package, requiring only one network connection.

Supply Chain Malware

Malware distributed through compromised software supply chains, infecting legitimate update mechanisms to reach many targets simultaneously.

STIX

Structured Threat Information eXpression. A standardized language for representing cyber threat intelligence in a machine-readable format.

Splunk

A platform for searching, monitoring, and analyzing machine-generated big data, widely used as a SIEM for security operations.

SentinelOne

An autonomous AI-powered endpoint security platform that provides prevention, detection, and response capabilities.

SOC Automation

The use of automated tools and workflows to handle repetitive security operations tasks, improving efficiency and response time.

SOX Compliance

Sarbanes-Oxley Act compliance requirements for financial reporting, including IT controls for data integrity and access management.

StateRAMP

A cybersecurity compliance framework specifically for cloud service providers working with state and local governments.

Service Mesh Security

Security capabilities provided by service mesh technologies like Istio, including mutual TLS, policy enforcement, and observability.

Self-Sovereign Identity

A digital identity model giving individuals full ownership and control over their identity data without relying on centralized authorities.

Software Supply Chain Security

Protecting the integrity of software from development through delivery, addressing risks in dependencies, build systems, and distribution.

Sigstore

An open-source project that provides tools for signing, verifying, and protecting software supply chain artifacts using ephemeral keys.

SLSA

Supply-chain Levels for Software Artifacts. A security framework for ensuring the integrity of software artifacts throughout the supply chain.

Security Linting

Static analysis tools that scan source code for security anti-patterns, vulnerable function calls, and configuration issues during development.

Security Chaos Engineering

Deliberately introducing security failures in controlled environments to validate detection capabilities and incident response.

Synthetic Data

Artificially generated data that preserves the statistical properties of real data while eliminating privacy risks from actual records.

Security Culture

The collective attitudes, beliefs, and behaviors of an organization regarding cybersecurity, shaped by leadership and training.

Security Gamification

The application of game mechanics to cybersecurity training and awareness programs to increase engagement and knowledge retention.

Security Hackathon

A collaborative event where security professionals work together to solve challenges, find vulnerabilities, or build security tools.

Security Maturity Model

A framework that defines levels of cybersecurity capability, helping organizations assess their current state and plan improvements.

Security Roadmap

A strategic plan outlining cybersecurity initiatives, priorities, and milestones over a defined time period.

Supply Chain Security

Comprehensive practices for managing security risks throughout the entire supply chain including vendors, software, and hardware.

Surveillance Detection

Techniques for identifying if you are being monitored or followed, used in both physical security and counter-intelligence.

Satellite Communication Security

Security of satellite communication systems including signal interception, jamming, and ground station vulnerabilities.

SD-WAN Security

Security capabilities integrated into Software-Defined Wide Area Networks including encryption, segmentation, and threat prevention.

Smurf Attack

A DDoS attack that uses spoofed ICMP broadcast packets to flood a target with amplified echo reply traffic.

Slowloris

A denial-of-service attack that holds many connections open to a web server by slowly sending partial HTTP requests.

SSI Injection

An attack targeting web servers that support Server-Side Includes, injecting directives to execute commands or include files.

SOAP Injection

An attack targeting SOAP web services by injecting malicious XML content to manipulate server-side processing.

Session Prediction

An attack where an adversary deduces or calculates session identifiers to hijack active sessions.

Shellcode

Machine code payloads used in exploitation to spawn a command shell or perform other actions on a compromised system.

Stack Overflow

A specific type of buffer overflow that corrupts the call stack, potentially allowing attackers to redirect program execution.

SPHINCS+

A hash-based digital signature scheme providing post-quantum security without relying on lattice assumptions.

Secret Sharing

A cryptographic method that distributes a secret among a group of participants, each holding a share that alone reveals nothing.

Secure Multi-Party Computation

A cryptographic protocol enabling multiple parties to jointly compute a function over their inputs while keeping those inputs private.

Step-Up Authentication

An adaptive security approach that requires additional authentication factors when users attempt to access higher-risk resources or actions.

Security Orchestration Platform

A system that automates and coordinates security operations workflows across multiple tools and technologies.

Security Data Pipeline

The infrastructure for collecting, processing, and routing security telemetry from diverse sources to analysis platforms.

SEC Cybersecurity Rules

US Securities and Exchange Commission requirements for public companies to disclose material cybersecurity incidents and risk management.

Standard Contractual Clauses

Pre-approved contractual terms for transferring personal data from the EU to countries without adequate data protection laws.

SPAN Port

Switch Port Analyzer. A switch feature that mirrors traffic from one or more ports to a monitoring port for analysis.

Segmentation Policy

Documented rules defining which network segments can communicate and the security controls required between them.

security.txt

A proposed standard for websites to communicate security vulnerability disclosure policies in a machine-readable format.

Scheduled Task Persistence

Creating Windows scheduled tasks or Linux cron jobs to maintain malicious code execution at specified intervals.

Service Persistence

Installing malware as a system service to maintain persistent access with elevated privileges across reboots.

Security Tool Integration

The process of connecting different security products to share data and coordinate responses through APIs and automation.

SOC Maturity

The level of capability and effectiveness of a Security Operations Center, assessed across people, processes, and technology.

Security Exception

A formal process for temporarily or permanently exempting a system or process from a security requirement with documented risk acceptance.

Serverless Attack

Attacks targeting serverless computing functions including injection through event data, permission abuse, and dependency attacks.

Synthetic Media

AI-generated content including deepfake videos, cloned voices, and generated text that can be indistinguishable from authentic media.

Service Account Security

Best practices for securing non-human accounts used by applications and services, including credential rotation and monitoring.

STRIDE Threat Model

A threat modeling methodology categorizing threats as Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege.

Security Requirement

A documented specification of security functionality that a system must provide, derived from risk assessment and compliance needs.

Secure Design Pattern

Reusable solutions to common security problems in software architecture, such as input validation and error handling patterns.

Security Testing Automation

Integrating automated security tools into development pipelines to continuously test for vulnerabilities throughout the SDLC.

Secure Erasure

Methods for permanently destroying data on storage media to prevent recovery, meeting standards like NIST SP 800-88.

Secure Element

A tamper-resistant hardware component that provides secure storage and processing of cryptographic keys and credentials.

Security Engineering Career

A career path focused on designing and building secure systems, applications, and infrastructure.

Storm Control

A switch feature that monitors traffic levels and drops packets when thresholds are exceeded to prevent broadcast storms.

Sponge Construction

A cryptographic construction used in hash functions like SHA-3 that absorbs input data and squeezes out the hash output.

Security Posture Score

A quantitative rating of an organization overall security health based on vulnerability data, configuration compliance, and threat exposure.

SOC Playbook

A documented set of procedures for SOC analysts to follow when handling specific types of security alerts and incidents.

Security Awareness Program

An ongoing organizational initiative to educate employees about cybersecurity risks and their responsibilities in protecting information.

Security Champion Program

An initiative that embeds security advocates within development teams to promote secure coding practices and bridge the gap between security and engineering.

Security Regression

A previously fixed vulnerability that reappears in software due to code changes, merges, or deployment errors.

Security Gate

A checkpoint in the software development pipeline that blocks deployment until security requirements are met.

Secure Multi-Party Data Sharing

Cryptographic protocols enabling multiple organizations to analyze combined datasets without exposing raw data to each other.

Security Token Service

A service that issues, validates, and renews security tokens for authentication across distributed applications.

Security Onboarding

The process of integrating new employees into an organization security practices including training and access provisioning.