Cybersecurity Glossary

The practice of protecting Application Programming Interfaces from threats that exploit vulnerabilities in authentication, authorization, data validation, and business logic, ensuring that only authorized users and systems can access API resources and perform permitted operations.

Authentication is the process of verifying a user's identity (proving who you are), while authorization is the process of determining what an authenticated user is permitted to access or do (proving what you are allowed to do). Together, they form the foundation of access control in every application and API.

A trial-and-error attack method that systematically attempts every possible combination of passwords, encryption keys, or other credentials until finding the correct one, relying on computational power rather than exploiting vulnerabilities.

The Chief Information Security Officer is a senior executive responsible for establishing and maintaining an organization's security vision, strategy, and program to ensure information assets and technologies are adequately protected.

The set of policies, technologies, controls, and services designed to protect cloud computing environments, including the data, applications, and infrastructure hosted across IaaS, PaaS, and SaaS providers from threats, misconfiguration, and unauthorized access.

A cybersecurity professional who specializes in designing, implementing, and maintaining security controls for cloud-based infrastructure, applications, and data across platforms like AWS, Azure, and Google Cloud.

The discipline of meeting and demonstrating adherence to laws, regulations, contractual obligations, and industry standards governing how organizations protect data, operate technology, and manage risk, encompassing frameworks like SOC 2, ISO 27001, PCI DSS, HIPAA, and GDPR.

An automated cyberattack that uses stolen username-password pairs from data breaches to gain unauthorized access to user accounts on other services, exploiting the widespread practice of password reuse.

A deliberate attempt by malicious actors to breach, disrupt, or damage computer systems, networks, or data, ranging from phishing and malware infections to sophisticated nation-state operations targeting critical infrastructure.

The practice of protecting computer systems, networks, programs, and data from digital attacks, unauthorized access, damage, or theft through technologies, processes, and practices designed to safeguard digital assets.

A cybersecurity analyst protects an organization's computer systems, networks, and data from cyber threats by monitoring security infrastructure, analyzing vulnerabilities, investigating incidents, and implementing security measures to prevent breaches.

An incident where sensitive, protected, or confidential information is accessed, disclosed, or stolen by unauthorized individuals, whether through cyberattacks, insider threats, or accidental exposure, potentially causing financial, reputational, and legal harm.

A Distributed Denial of Service attack overwhelms a target server, service, or network with massive amounts of traffic from multiple sources, making it unavailable to legitimate users.

The process of converting readable data (plaintext) into an unreadable format (ciphertext) using mathematical algorithms and cryptographic keys, ensuring that only authorized parties can access the original information.

EDR solutions continuously monitor endpoints (computers, servers, mobile devices) for threats, providing real-time visibility, threat detection, investigation capabilities, and automated response to security incidents.

A piece of code, sequence of commands, or technique that takes advantage of a vulnerability in software, hardware, or human behavior to cause unintended consequences such as remote code execution, privilege elevation, denial of service, or information disclosure.

A network security device or software that monitors and controls incoming and outgoing network traffic based on predetermined security rules.

A framework of policies, processes, and technologies that ensures the right individuals and machines have the appropriate access to the right resources at the right times for the right reasons, encompassing authentication, authorization, governance, and lifecycle management.

Insecure Direct Object Reference (IDOR) and Broken Object Level Authorization (BOLA) are access control vulnerabilities where an application exposes internal object references, such as user IDs or file names, and fails to verify that the requesting user has permission to access the referenced object.

Intrusion Detection Systems (IDS) monitor network traffic for suspicious activity and alert security teams, while Intrusion Prevention Systems (IPS) can actively block detected threats in real-time.

A cybersecurity professional who investigates, contains, and remediates security breaches and cyberattacks, working to minimize damage, recover systems, and prevent future incidents through forensic analysis and coordinated response.

The organized approach to addressing and managing security breaches or cyberattacks, including preparation, detection, containment, eradication, recovery, and lessons learned to minimize damage and reduce recovery time.

Malicious software designed to infiltrate, damage, or gain unauthorized access to computer systems, including viruses, worms, trojans, ransomware, spyware, and other harmful programs.

The process of dissecting malicious software to understand its functionality, origin, capabilities, and potential impact, using static, dynamic, behavioral, and code analysis techniques to produce indicators of compromise, signatures, and threat intelligence.

A cyberattack where an attacker secretly intercepts and potentially alters communications between two parties who believe they are communicating directly with each other, enabling eavesdropping, data theft, and session hijacking.

Network security encompasses the policies, practices, and technologies designed to protect the integrity, confidentiality, and accessibility of computer networks and data from unauthorized access, misuse, or attacks.

A consensus-driven ranking of the ten most critical API security risks, published by the Open Web Application Security Project (OWASP), that serves as the industry standard for understanding and prioritizing API vulnerabilities in web and mobile applications.

A software application that securely stores, generates, and manages passwords and other credentials in an encrypted vault, allowing users to maintain unique, complex passwords for every account without memorizing them.

A cybersecurity professional who conducts authorized simulated attacks against computer systems, networks, and applications to identify security vulnerabilities before malicious actors can exploit them.

A simulated cyberattack against a computer system, network, or web application to identify security vulnerabilities that could be exploited by malicious actors.

A social engineering attack that uses fraudulent emails, messages, or websites to trick victims into revealing sensitive information such as passwords, credit card numbers, or personal data.

An attack technique in which an adversary gains higher-level permissions than originally granted on a system, network, or application, typically moving from a standard user context to administrative, root, or domain-level access.

A type of malicious software that encrypts victim files or locks access to systems, demanding payment (typically in cryptocurrency) in exchange for restoring access or preventing data disclosure.

A security exercise methodology where red teams simulate real-world attacks against an organization while blue teams defend, with the goal of testing and improving security capabilities through adversarial collaboration.

A structured discipline for identifying, assessing, prioritizing, treating, and monitoring risks to an organization's information, systems, and operations, balancing security investment against business impact, threat likelihood, and risk tolerance.

A senior cybersecurity professional who designs and oversees the implementation of an organization's security infrastructure, frameworks, and strategies to protect against current and emerging threats.

A cybersecurity professional who designs, implements, and maintains security systems and infrastructure to protect an organization's networks, applications, and data from threats and vulnerabilities.

A structured set of guidelines, controls, and best practices that organizations use to design, implement, and assess their cybersecurity programs, providing a common language for managing risk and demonstrating maturity, with examples including NIST CSF, ISO 27001, CIS Controls, and MITRE ATT&CK.

A centralized facility where security professionals monitor, detect, analyze, and respond to cybersecurity incidents using a combination of technology solutions, processes, and human expertise on a 24/7 basis.

Security Information and Event Management systems collect, aggregate, and analyze security data from across an organization's IT infrastructure to detect threats, support incident response, and meet compliance requirements.

A Security Operations Center Analyst monitors an organization's networks and systems for security threats, investigates alerts, responds to incidents, and helps maintain the overall security posture through continuous surveillance and analysis.

Psychological manipulation techniques used to deceive people into divulging confidential information, granting access, or taking actions that compromise security, exploiting human trust rather than technical vulnerabilities.

Malicious software that secretly monitors user activity, collecting sensitive information such as keystrokes, passwords, browsing habits, and personal data without consent for exfiltration to attackers.

A code injection attack that exploits vulnerabilities in web applications by inserting malicious SQL statements into input fields, allowing attackers to manipulate databases, access unauthorized data, or execute administrative operations.

A proactive cybersecurity discipline in which analysts hypothesize about, search for, and investigate threats that have evaded existing defenses, using telemetry, threat intelligence, and adversary behavior models to detect attackers already inside the environment.

A cybersecurity professional who researches, analyzes, and reports on cyber threats, threat actors, and their tactics, techniques, and procedures (TTPs) to help organizations anticipate and defend against attacks.

A structured process for identifying, analyzing, and addressing potential security threats to a system or application by examining its architecture, data flows, and trust boundaries to prioritize security controls.

A type of malware that disguises itself as legitimate software to trick users into installing it, then performs malicious actions such as stealing data, creating backdoors, or downloading additional malware.

A security method requiring two different forms of identification to access an account or system, typically combining something you know (password) with something you have (phone, security key) or something you are (biometric).

A classification system for computer hackers based on their motivations, ethics, and methods, ranging from ethical white hat security researchers to malicious black hat criminals, with various grey areas in between.

A Virtual Private Network creates an encrypted tunnel between your device and a remote server, protecting data in transit and masking your IP address to enhance privacy and security on public networks.

A Virtual Private Network (VPN) is a technology that creates a secure, encrypted connection over a less secure network, typically the public internet. By establishing an encrypted tunnel between a user's device and a remote server, VPNs protect data confidentiality, mask the user's IP address, and enable secure remote access to private networks, making them essential for both organizational security and individual privacy.

A systematic process of identifying, classifying, and prioritizing security weaknesses in systems, applications, and networks, using automated scanning, manual review, and threat intelligence to produce actionable remediation guidance.

Automated security tools that systematically probe systems, networks, and applications to identify known security vulnerabilities, misconfigurations, and weaknesses that could be exploited by attackers.

The world's most widely used network protocol analyzer, Wireshark captures and interactively analyzes network traffic in real-time, enabling security professionals to troubleshoot networks, analyze protocols, and investigate security incidents.

A security model and architecture built on the principle "never trust, always verify," eliminating implicit trust based on network location and continuously authenticating, authorizing, and validating every user, device, and request before granting access to resources.

A cyberattack that exploits a previously unknown security vulnerability before the software vendor has had time to develop and release a patch, leaving systems defenseless against the attack.