Cybersecurity Glossary

Security mechanism that determines who or what can view or use resources in a computing environment. Includes authentication (verifying identity) and authorization (granting permissions).

The study of attacks on machine learning models and defenses against them. Includes evasion attacks (fooling models at inference), poisoning attacks (corrupting training data), and model extraction.

Practices and tools for protecting Application Programming Interfaces from attacks. Covers authentication, rate limiting, input validation, and preventing data exposure through API endpoints.

The total number of points (vectors) where an unauthorized user can try to enter or extract data from a system. Reducing attack surface is a core security principle.

The process of verifying the identity of a user, device, or system. Common methods include passwords, multi-factor authentication (MFA), biometrics, and cryptographic tokens like JWT.

The process of determining what permissions an authenticated user has. Defines what resources a user can access and what actions they can perform (read, write, delete).

A covert method of bypassing normal authentication or security controls in a system. Can be intentionally placed by developers or installed by attackers after compromising a system.

The defensive security team responsible for protecting an organization's systems. Blue teams monitor for threats, respond to incidents, maintain security controls, and improve defenses.

An attack that tries every possible combination of passwords or keys until the correct one is found. Mitigated by rate limiting, account lockout policies, and strong password requirements.

A vulnerability where a program writes data beyond the boundary of allocated memory. Can allow attackers to overwrite adjacent memory, crash programs, or execute arbitrary code.

The three pillars of information security: Confidentiality (data is only accessible to authorized parties), Integrity (data is accurate and unaltered), and Availability (systems are accessible when needed).

Cross-Origin Resource Sharing — a browser security mechanism that controls which domains can make requests to your API. Misconfigured CORS can allow unauthorized cross-origin data access.

An attack where stolen username/password pairs from one breach are automatically tested against other services. Relies on password reuse across sites. Mitigated by MFA and breach monitoring.

An attack that tricks a user's browser into performing unwanted actions on a site where they're authenticated. Prevented by anti-CSRF tokens, SameSite cookies, and checking the Origin header.

A vulnerability where an attacker injects malicious scripts into web pages viewed by other users. Types include Stored XSS, Reflected XSS, and DOM-based XSS. Prevented by input sanitization and Content Security Policy.

A one-way function that converts input data into a fixed-size string. Used for password storage (bcrypt, Argon2), file integrity verification (SHA-256), and digital signatures. Cannot be reversed.

Common Vulnerabilities and Exposures — a standardized system for identifying and cataloging publicly known cybersecurity vulnerabilities. Each CVE has a unique ID (e.g., CVE-2024-1234) and is tracked in the NVD.

Common Vulnerability Scoring System — a framework for rating the severity of security vulnerabilities on a 0-10 scale. Considers attack vector, complexity, privileges required, and impact on confidentiality/integrity/availability.

The unauthorized transfer of data from within an organization to an external destination. Methods include DNS tunneling, covert channels, and compromised email. A key objective in many cyberattacks.

Distributed Denial of Service — an attack that overwhelms a target system with traffic from many sources, making it unavailable to legitimate users. Mitigated by CDNs, rate limiting, and traffic filtering.

A security strategy that layers multiple defensive mechanisms so that if one layer fails, others still protect the system. Examples: firewall + WAF + input validation + output encoding + CSP.

The practice of integrating security into every phase of the software development lifecycle (SDLC), from design through deployment. Includes automated security testing in CI/CD pipelines, SAST, DAST, and dependency scanning.

The process of converting plaintext data into ciphertext using an algorithm and key, making it unreadable without the decryption key. Types: symmetric (AES), asymmetric (RSA), and at-rest vs in-transit.

Security tools that continuously monitor endpoints (laptops, servers, phones) for suspicious activity, provide real-time visibility, and enable rapid response to threats.

A piece of code or technique that takes advantage of a vulnerability in software or hardware to cause unintended behavior, such as gaining unauthorized access or executing malicious code.

A network security device or software that monitors and filters incoming and outgoing traffic based on predefined rules. Types include network firewalls, host-based firewalls, and web application firewalls (WAF).

When two different inputs produce the same hash output. Collision attacks can compromise hash-based systems. MD5 and SHA-1 are vulnerable; SHA-256 and SHA-3 are collision-resistant.

A decoy system designed to attract and trap attackers, allowing security teams to study attack methods and gather intelligence without risking production systems.

The organized approach to addressing and managing a security breach or cyberattack. Phases: Preparation → Identification → Containment → Eradication → Recovery → Lessons Learned.

A class of attacks where untrusted data is sent to an interpreter as part of a command or query. Includes SQL injection, OS command injection, LDAP injection, and NoSQL injection. OWASP Top 10 #3.

A system that monitors network traffic or host activity for signs of malicious behavior. Can be signature-based (matching known patterns) or anomaly-based (detecting deviations from normal behavior).

A compact, self-contained token format for securely transmitting information between parties as a JSON object. Consists of header.payload.signature. Used for stateless authentication in REST APIs.

Malware or hardware that records keystrokes on a compromised system, capturing passwords, credit card numbers, and other sensitive data entered by the user.

Techniques attackers use to move through a network after initial compromise, accessing additional systems and escalating privileges. Common in Advanced Persistent Threats (APTs).

A security principle that users and processes should only have the minimum permissions necessary to perform their tasks. Limits the blast radius of compromised accounts.

Malicious software designed to damage, disrupt, or gain unauthorized access to systems. Types include viruses, worms, trojans, ransomware, spyware, and rootkits.

An attack where the attacker secretly intercepts and relays communication between two parties who believe they are communicating directly. Prevented by TLS/HTTPS and certificate pinning.

An authentication method requiring two or more verification factors: something you know (password), something you have (phone/token), or something you are (biometrics). Dramatically reduces account compromise.

A widely adopted framework for managing cybersecurity risk. Five core functions: Identify, Protect, Detect, Respond, Recover. Provides standards and best practices for organizations of all sizes.

Open Worldwide Application Security Project — a nonprofit foundation that produces free resources for web application security. Best known for the OWASP Top 10 list of critical security risks.

A regularly updated list of the 10 most critical web application security risks. The 2021 edition includes Broken Access Control (#1), Cryptographic Failures (#2), and Injection (#3). The standard awareness document for web security.

The process of acquiring, testing, and installing software updates (patches) to fix vulnerabilities. Critical for preventing exploitation of known vulnerabilities like those listed in CISA KEV.

An authorized simulated cyberattack on a system to evaluate its security. Pen testers use the same tools and techniques as attackers to find vulnerabilities before malicious actors do.

A social engineering attack that tricks victims into revealing sensitive information or installing malware through deceptive emails, websites, or messages. Variants include spear phishing (targeted) and whaling (executives).

An attack where a user gains higher access rights than intended. Vertical escalation: regular user → admin. Horizontal escalation: accessing another user's resources. A key step in many attack chains.

An attack against Large Language Models (LLMs) where carefully crafted input causes the model to ignore its instructions, leak system prompts, or perform unintended actions. Analogous to SQL injection for AI systems.

Malware that encrypts a victim's files and demands payment (usually cryptocurrency) for the decryption key. Modern variants also exfiltrate data for double extortion. Major threat to organizations worldwide.

A technique to control the number of requests a user can make to an API within a time window. Prevents brute force attacks, DDoS, and resource exhaustion. Typically implemented per IP or per user.

An offensive security team that simulates real-world attacks against an organization to test its defenses. Red teams think and act like adversaries to uncover weaknesses that automated tools miss.

The process of analyzing software or hardware to understand its design, functionality, or vulnerabilities without access to source code. Used in malware analysis, vulnerability research, and security auditing.

Static Application Security Testing — analyzing source code for security vulnerabilities without executing the program. Finds issues like SQL injection, XSS, and hardcoded secrets during development.

HTTP response headers that enable browser security features. Key headers: Content-Security-Policy (CSP), Strict-Transport-Security (HSTS), X-Frame-Options, X-Content-Type-Options, and Permissions-Policy.

Security Information and Event Management — platforms that aggregate log data from across an organization, correlate events, detect anomalies, and provide real-time security alerts and incident investigation tools.

Manipulating people into divulging confidential information or performing actions that compromise security. Exploits human psychology rather than technical vulnerabilities. Includes phishing, pretexting, and baiting.

An attack where malicious SQL code is inserted into application queries through user input, allowing attackers to read, modify, or delete database data. Prevented by parameterized queries and input validation.

An attack that targets less-secure elements in a supply chain to compromise the final product. In software, this includes compromising open-source dependencies, build systems, or update mechanisms (e.g., SolarWinds).

Evidence-based knowledge about cyber threats, including indicators of compromise (IOCs), tactics, techniques, and procedures (TTPs), and contextual information used to make informed security decisions.

A structured approach to identifying, quantifying, and addressing security threats to a system. Frameworks include STRIDE (Microsoft), PASTA, and LINDDUN. Done during the design phase of development.

Transport Layer Security (TLS) and its predecessor Secure Sockets Layer (SSL) are cryptographic protocols that provide secure communication over networks. HTTPS = HTTP + TLS. Uses certificates for server authentication.

A piece of data used to represent a user's identity or session. Types include JWT (JSON Web Tokens), OAuth access tokens, API keys, and session tokens. Stored in cookies, headers, or localStorage.

A weakness in software, hardware, or processes that can be exploited by attackers. Vulnerabilities are cataloged as CVEs and rated by CVSS severity. Regular patching and scanning are critical countermeasures.

A security layer that monitors, filters, and blocks HTTP traffic to and from a web application. Protects against common attacks like SQL injection, XSS, and CSRF. Can be cloud-based or on-premises.

A security model that assumes no user or system — inside or outside the network — should be trusted by default. Every request must be verified. Principles: never trust, always verify; least privilege; assume breach.

A vulnerability that is unknown to the software vendor and has no available patch. Zero-day exploits are highly valuable to attackers (and on the black market) because no defense exists yet.