From zero-day exploits to zero trust architecture, find clear definitions for essential cybersecurity terms.
Rules and mechanisms that restrict who or what can view or use resources in a computing environment. Access control policies determine permissions based on user roles, attributes or contexts and are enforced through authentication and authorization processes.
A form of identity theft in which an attacker gains unauthorised access to a user's account—typically through credential stuffing, phishing or malware—to commit fraud, send spam or pivot further into systems. Strong authentication and monitoring help detect and prevent takeovers.
Microsoft's directory service for Windows domain networks. It stores information about users, computers and resources and provides authentication, authorization and policy services. Securing Active Directory involves proper configuration, least-privilege administration and monitoring for anomalous activity.
A stealthy, targeted and prolonged cyberattack by a skilled adversary—often a nation-state or organised criminal group—that infiltrates a network and remains undetected for an extended period. APTs use sophisticated techniques, lateral movement and custom malware to steal data or disrupt operations.
The study of techniques used by attackers to manipulate machine-learning models through malicious inputs or model poisoning. Adversarial examples can cause models to misclassify data, highlighting the need for robust training, model validation and monitoring in security contexts.
A symmetric block cipher adopted by NIST as the standard for encrypting sensitive information. It supports key lengths of 128, 192 and 256 bits and is widely used for data at rest and in transit due to its efficiency and strong security properties when implemented properly.
A security architecture that collects logs, metrics and configuration data from systems without installing local agents. It relies on APIs or remote collection and is common in cloud environments where deploying agents on every resource may be impractical.
A physical or logical isolation that separates a system or network from any external connectivity. Air-gapped systems are used to protect highly sensitive data by ensuring no direct internet or network access, making remote attacks extremely difficult.
Tools and processes used to identify vulnerabilities in software. AST includes static analysis (SAST), dynamic testing (DAST), interactive application security testing (IAST) and software composition analysis (SCA), each offering different coverage and detection capabilities.
The totality of all points where an unauthorised user could attempt to enter data into or extract data from an environment. Reducing attack surface involves minimising services, hardening configurations, patching vulnerabilities and continuously monitoring exposed assets.
The processes of creating redundant copies of data and systems and restoring them after a loss. A robust backup strategy includes regular snapshots, off-site or cloud storage, immutable backups and tested recovery procedures to ensure business continuity.
The use of algorithms and statistical models to identify abnormal patterns of behaviour that may indicate insider threats, compromised accounts or malicious actors. User and Entity Behavior Analytics (UEBA) solutions baseline normal activities and generate alerts when deviations occur.
A colloquial term for an unethical hacker or threat actor who exploits vulnerabilities for personal gain or destructive purposes. Black hats are contrasted with white hats (ethical hackers who help secure systems) and grey hats (actors who fall between the two).
A network of compromised devices controlled remotely by an attacker. Botnets can be harnessed for distributed denial-of-service (DDoS) attacks, spam campaigns, credential stuffing or cryptocurrency mining. Infected devices may include servers, PCs, IoT gadgets and mobile phones.
A policy allowing employees to use personal devices—smartphones, tablets, laptops—for work purposes. BYOD introduces security challenges around data segregation, device management and potential infection; mobile device management (MDM) and clear policies help mitigate risks.
A trial-and-error technique used to guess login credentials, encryption keys or file passwords by systematically trying many possible combinations. Rate-limiting, multi-factor authentication and strong password policies make brute force attacks more difficult.
An error condition in which a program writes data beyond the bounds of an allocated memory buffer, potentially overwriting adjacent memory. Attackers exploit buffer overflows to inject malicious code or alter control flow, making secure coding and memory safe languages essential.
The proactive process of ensuring critical operations can continue during and after a disruption. It includes disaster recovery, crisis management, communication plans, alternate site arrangements and regular testing to minimise downtime and financial loss.
A program in which organisations pay ethical hackers for responsibly disclosing security vulnerabilities. Bug bounty platforms and in-house programs encourage independent researchers to test systems and report issues, incentivising coordinated vulnerability disclosure.
Measures and best practices used to protect blockchain networks, smart contracts and users. While decentralisation provides resilience, blockchain systems remain susceptible to cryptographic flaws, consensus attacks (e.g., 51% attacks), smart contract bugs and wallet theft.
A security control—often delivered as a cloud service—that sits between users and cloud applications to enforce corporate policies. CASBs provide visibility into cloud usage, control data transfers, detect threats and help ensure compliance with regulations.
An entity that issues and manages digital certificates used in public key infrastructure (PKI). Certificate authorities verify identities, sign certificates and maintain revocation lists, enabling secure TLS/SSL connections and authenticated digital signatures.
A technique used by applications to restrict TLS connections to a specific certificate or certificate authority. Certificate pinning helps prevent man-in-the-middle attacks but must be managed carefully to avoid outages when certificates expire.
A foundational model describing three core principles of information security. Confidentiality ensures authorised access, integrity maintains data accuracy and completeness, and availability ensures systems and data are accessible when needed.
A senior executive responsible for an organisation's information security program. The CISO oversees security strategy, risk management, incident response, compliance and awareness training, and collaborates with other leaders to align security with business objectives.
An integrated security solution designed to protect cloud-native workloads—including containers, serverless functions and infrastructure-as-code—across their lifecycle. CNAPP combines posture management, workload protection, runtime detection and policy enforcement.
A web application vulnerability where attackers inject malicious scripts into web pages viewed by other users. XSS enables session hijacking, defacement or exfiltration of sensitive data. Input validation, output encoding and content security policies mitigate XSS risks.
An automated attack that tests stolen username/password pairs—often from previous breaches—against multiple services. Because many users reuse passwords, credential stuffing can compromise numerous accounts. Organisations counter it with multi-factor authentication and bot detection.
The unauthorised use of computing resources to mine cryptocurrency. Attackers infect websites or systems with scripts that secretly perform mining, leading to degraded performance and increased power costs. Browser blockers and endpoint security help defend against cryptojacking.
A model developed by Lockheed Martin describing phases of a cyberattack: reconnaissance, weaponization, delivery, exploitation, installation, command and control, and actions on objectives. Mapping threats to the kill chain helps defenders detect and disrupt attacks early.
A distributed architectural approach where security controls are modular and interoperable across multiple environments—on-premises, cloud and edge. A cybersecurity mesh emphasises identity-centric protection, automated orchestration and consistent policy enforcement across disparate assets.
Technologies and processes that identify, monitor and protect sensitive data from unauthorised access, use or transmission. DLP solutions apply policies to detect patterns such as personal information and block or alert on attempted exfiltration via email, cloud or removable media.
A systematic evaluation of how a project or process collects, uses, shares and protects personal data. It helps organisations identify privacy risks, comply with regulations like GDPR and design controls to minimise harm to individuals.
An attack that overwhelms a target's network, application or service with traffic from many distributed sources, rendering it unusable. Mitigation techniques include traffic scrubbing, rate limiting, anycast routing and scalable architectures to absorb spikes.
Security tools that deploy traps, decoys and fabricated assets to mislead attackers and gather intelligence. Deception increases adversary costs and provides early detection when decoy systems are probed or interacted with.
A layered security strategy that applies multiple controls—preventive, detective and responsive—across people, processes and technology. If one layer fails, others reduce the likelihood of compromise, creating redundancy against diverse threats.
The integration of security practices into DevOps processes. DevSecOps emphasises collaboration among development, operations and security teams, automates testing (SAST, DAST, SCA), uses infrastructure as code, and shifts security left while maintaining speed and reliability.
The practice of collecting, preserving, analysing and presenting digital evidence in a manner suitable for legal proceedings. Forensic investigators follow chain-of-custody procedures, use specialised tools to recover deleted data and reconstruct events.
A vulnerability that allows attackers to access files and directories outside the intended web root by manipulating file-path inputs (e.g., using ../). Proper validation and sandboxing prevent unauthorised file reads or modifications.
The act of forging a domain name in emails or websites to impersonate a trusted entity. Attackers use domain spoofing for phishing, brand abuse or ad fraud. Authentication protocols like SPF, DKIM and DMARC help verify legitimate domains.
Tools that analyse a running application to find vulnerabilities by sending malicious inputs and observing outputs. DAST identifies issues such as SQL injection, cross-site scripting and insecure configurations without access to source code.
A security solution that monitors endpoints (desktops, servers, mobile devices) for malicious activity, collects telemetry and enables fast investigation and response. EDR tools provide visibility, threat detection, containment and remediation capabilities.
The practice of encrypting data stored on disks, databases or backups to protect against unauthorised access when physical media or systems are compromised. Key management ensures only authorised processes can decrypt the data.
The encryption of data as it travels across networks, preventing eavesdropping or tampering. Protocols like TLS, IPsec and SSH protect data in motion between clients, servers and other endpoints.
An integrated suite of security capabilities—such as antivirus, anti-malware, firewall and intrusion prevention—designed to protect endpoints from known threats. Modern EPPs may combine signature-based detection with machine-learning and behaviour analysis.
The authorised practice of probing systems, networks or applications to identify vulnerabilities that could be exploited by malicious actors. Ethical hackers, often called penetration testers, follow defined scopes and disclose findings responsibly.
The process of aggregating and analysing logs or alerts from multiple sources to identify meaningful patterns or incidents. Security information and event management (SIEM) platforms use correlation rules to reduce noise and prioritise actionable events.
A bundle of malicious code—often delivered via compromised websites—that attempts to exploit a variety of vulnerabilities in browsers or plug-ins. When a victim visits the site, the exploit kit tests and executes relevant exploits to deliver malware.
An integrated approach that helps organisations understand, prioritise and remediate their cyber risk. Exposure management combines vulnerability management, attack surface discovery and threat intelligence to measure and reduce exposure over time.
A security platform that integrates telemetry from endpoints, networks, cloud workloads and identity systems to detect, investigate and respond to threats across an environment. XDR aims to reduce alert fatigue by correlating events and providing unified context.
Tools and processes that identify, monitor and remediate publicly accessible assets—such as web applications, domains, cloud resources and exposed services. Attack surface management helps organisations discover unknown exposures, misconfigurations and vulnerabilities before attackers do.
An OASIS standard for expressing access control policies in XML. XACML defines request/response semantics and allows fine-grained authorization across diverse applications, often in conjunction with SAML.
An open standard for passwordless authentication that uses public-key cryptography. FIDO devices, such as hardware keys or biometric authenticators, generate unique key pairs for each service, enhancing security and user convenience while mitigating phishing.
The practice of tracking changes to critical system files, configurations and applications to detect tampering or unauthorized modifications. File integrity monitoring solutions alert on unexpected changes that may indicate malware or insider actions.
A network security device or software that controls traffic based on predetermined rules. Firewalls enforce boundary protection, blocking malicious inbound traffic and restricting outbound connections to prevent unauthorized data exfiltration.
Threats that target the low-level software controlling hardware components such as BIOS, UEFI or device firmware. Compromised firmware can persist across reboots and evade traditional security controls; hardware roots of trust and firmware integrity checks help mitigate these threats.
An automated testing technique that feeds unexpected or random data into programs to uncover coding errors and vulnerabilities. Fuzzers can find memory corruption, logic flaws and other issues that might be missed by traditional testing methods.
A system that allows users' authentication and attributes to be shared across independent domains. Federated identity enables single sign-on across organisations while maintaining local control; SAML, OAuth and OIDC protocols facilitate federation.
Encryption applied to an entire storage device to protect all data at rest. Full disk encryption ensures that if a laptop or server is lost or stolen, its data remains unreadable without the decryption key.
A backup operational mode that switches to a redundant system or component when the primary one fails. Failover reduces downtime and maintains service availability in the event of hardware, software or network failures.
In cybersecurity, frameworks such as NIST Cybersecurity Framework, ISO 27001 and CIS Controls provide structured guidelines for managing risk. They outline best practices across identify, protect, detect, respond and recover functions.
Measures and technologies used to detect and stop scams, account takeover and financial crime. Fraud prevention combines transaction analytics, behaviour modelling, device fingerprinting and multi-factor authentication to identify suspicious activities in real time.
Security controls applied at network gateways—such as routers, firewalls or proxies—to inspect and filter traffic entering or leaving an organisation. Gateway security prevents malicious traffic and enforces acceptable use policies.
An EU regulation that governs the collection, processing and transfer of personal data. GDPR requires organisations to implement privacy by design, provide data subject rights and notify authorities of breaches, with significant penalties for non-compliance.
A location-based security technique that restricts access or triggers alerts when a device moves outside or inside a predefined geographical area. Geofencing is used to control remote access, enforce policy compliance and detect unauthorized device movement.
An integrated discipline that ensures an organisation acts ethically and legally while achieving objectives. GRC solutions help manage policies, assess risks, monitor compliance with regulations and align security practices with business goals.
A security testing method where testers have partial knowledge of the target system's internal workings. Gray box testing combines aspects of white box (internal) and black box (external) testing to uncover vulnerabilities with improved efficiency.
A group that works between red (offensive) and blue (defensive) teams to integrate lessons learned and improve security posture. The green team focuses on fixing identified vulnerabilities, implementing controls and facilitating collaboration.
A feature in Microsoft Active Directory that allows administrators to centrally manage security settings, configurations and user permissions across domain-joined devices. Properly configured group policies enforce consistent security baselines.
Practices for securing virtual machines and container images. Guest OS security includes hardening configuration, patching, limiting services, enabling host isolation and monitoring for compromise within virtualised environments.
Protecting GraphQL APIs from risks such as injection attacks, excessive query depth and introspection abuse. Security measures include proper query validation, limiting complexity, implementing authentication and authorization, and rate limiting.
A Kerberos attack where an attacker who has obtained the Key Distribution Service account's secret key (KRBTGT) forges long-term Kerberos tickets. The forged "golden ticket" grants persistent access to any resource within the domain until the KRBTGT password is reset.
An algorithm that takes an input and produces a fixed-length string (hash) that uniquely represents the original data. Cryptographic hash functions like SHA-2 are designed to be one-way and collision-resistant, enabling integrity checks and digital signatures.
A mechanism that combines a cryptographic hash function with a secret key to provide message integrity and authentication. HMACs protect against tampering by enabling recipients to verify that data has not been altered and originates from a trusted source.
The practice of reducing attack surface by disabling unnecessary services, configuring secure defaults and applying best practices. Hardening involves operating systems, applications, network devices and databases and is essential for baseline security.
A physical device that securely generates, stores and manages cryptographic keys. HSMs provide tamper-resistant protection and perform cryptographic operations, isolating key material from general-purpose systems to prevent theft or exposure.
A detection approach used by security tools to identify unknown malware based on behavioural patterns rather than signatures. Heuristic analysis can flag suspicious file structures, system calls or activities indicative of malicious intent.
US legislation that establishes privacy and security requirements for protecting individuals' medical information. Covered entities must implement administrative, physical and technical safeguards and report breaches of protected health information.
A decoy system designed to attract attackers and monitor their activities. Honeypots gather intelligence on techniques and tools while diverting attackers from real assets; however, they require careful management to avoid becoming pivot points.
The combination of controls that protect workloads across on-premises and public cloud environments. Hybrid cloud security addresses connectivity, identity management, consistent policy enforcement, encryption, and visibility across multi-cloud infrastructures.
Software that allows multiple virtual machines to share hardware resources. Hypervisors (Type 1 "bare metal" or Type 2 hosted) must be hardened and patched, as exploitation could compromise all guest VMs on a host.
An advanced cryptographic technique that permits computations on ciphertext without decrypting it. Homomorphic encryption enables secure data processing in untrusted environments—such as cloud computing—though current implementations remain computationally intensive.
A framework of policies and technologies used to ensure that the right individuals have appropriate access to resources. IAM encompasses authentication, authorization, user provisioning, single sign-on, and lifecycle management across applications and services.
Technology that monitors networks or systems for suspicious activity or policy violations. IDS may be network-based (NIDS) or host-based (HIDS), detecting patterns, anomalies or signatures; alerts typically require human analysis.
A system that not only detects threats like an IDS but automatically blocks or rejects malicious traffic. IPS devices are placed inline and can disrupt attacks in real time, though they must balance security with availability.
The structured process of preparing for, detecting, containing, eradicating and recovering from cybersecurity incidents. Effective incident response includes playbooks, defined roles, regular training and post-incident lessons learned to improve resilience.
Artifacts such as IP addresses, file hashes, domain names or behaviours that suggest a system has been breached. IOCs help analysts detect, investigate and respond to incidents and feed threat intelligence sharing platforms.
Sector-specific organizations that facilitate sharing of threat intelligence, best practices and incident information among members and with government. ISACs enhance collective defense by disseminating timely alerts and coordinated responses.
A risk posed by individuals within an organization—employees, contractors or partners—who intentionally or unintentionally compromise security. Insider threat programs combine policies, monitoring and cultural awareness to detect and prevent misuse.
A security technique that separates processes, applications or networks to prevent lateral movement and reduce impact. Isolation may be achieved through virtual machines, containers, segmentation or sandboxing and is fundamental to zero-trust architectures.
Tools and processes that monitor identity infrastructure—such as Active Directory, Azure AD and IAM systems—to detect credential misuse, privilege escalation and other identity-centric attacks. ITDR complements EDR/XDR by focusing on identity threats.
A holistic approach to assessing, prioritizing and mitigating risks across business processes, technology and third-party relationships. Integrated risk management platforms align risk data with decision-making and compliance requirements.
The act of removing restrictions imposed by device manufacturers—commonly on iOS devices—to install unauthorized software. Jailbreaking exposes devices to malware and voids warranties; enterprise policies should detect and block jailbroken devices.
A flaw that occurs when untrusted data is deserialized into Java objects, potentially allowing arbitrary code execution. Secure coding practices include using safe deserialization libraries and validating or filtering input data.
A variation in latency during the transmission of packets over a network. High jitter can affect real-time applications and may be exploited in covert channels or signal security issues; network monitoring tools track jitter as part of performance and security analysis.
A buffer used in voice-over-IP and streaming applications to smooth variations in packet arrival times (jitter). Misconfigured jitter buffers can cause quality issues or be targeted by attackers seeking to disrupt communications.
The decision-making body within the US Federal Risk and Authorization Management Program (FedRAMP) responsible for granting provisional authorizations to cloud service providers. The JAB reviews security packages to ensure compliance with federal standards.
A set of workflows that manage user account provisioning when employees join, change roles or leave an organisation. A robust JML process ensures timely updates to access rights, reducing the risk of orphaned accounts.
A compact, URL-safe token format used to represent claims between parties. JWTs consist of a header, payload and signature, enabling stateless authentication and authorization. Proper expiration, signing and validation are necessary to prevent replay or forgery.
Exploiting the Joint Test Action Group (JTAG) debug interface on hardware devices to extract firmware, bypass security controls or modify behaviour. Protecting against JTAG attacks involves disabling unused debug ports and using tamper-resistant hardware.
Security considerations for interactive computing environments like Jupyter. Administrators must control access, patch underlying kernels, disable remote code execution by unauthorised users and manage secrets exposed in notebooks.
An authentication protocol that uses tickets to allow nodes to prove their identity over an untrusted network. Kerberos relies on a trusted third party (Key Distribution Center) and symmetric cryptography to authenticate users and services in many enterprise environments.
A cryptographic function used to derive one or more secret keys from a master key or password. KDFs add computational work, making it harder for attackers to brute force or guess derived keys; examples include PBKDF2, Argon2 and scrypt.
A service that handles the creation, storage, rotation and deletion of cryptographic keys. KMS solutions—often provided by cloud platforms—enforce access controls, key policies and logging to protect sensitive keys used in encryption and signing.
The periodic replacement of cryptographic keys to limit the window of exposure if a key is compromised. Automated key rotation policies in KMS reduce manual overhead and support compliance with industry standards.
Malware or hardware that secretly records keystrokes on a device, capturing passwords and other sensitive input. Defences include endpoint protection, anti-spyware tools and awareness training to avoid suspicious downloads.
A configuration that restricts a device—such as a tablet or terminal—to a single application or limited set of functions. Kiosk mode reduces attack surface by limiting user capabilities and preventing installation of unauthorized software.
An authentication method that relies on answers to personal questions or previously collected knowledge. KBA is prone to social engineering and data breaches; organisations often supplement or replace it with stronger factors like tokens or biometrics.
A publicly disclosed security flaw with available details, exploit code or patch guidance. Organisations should maintain inventories of assets and continuously apply updates to remediate known vulnerabilities before adversaries exploit them.
Practices and tools to secure Kubernetes clusters and containerised workloads. Key areas include role-based access control, network policies, secrets management, runtime monitoring and vulnerability scanning of container images and manifests.
The techniques attackers use to move from a compromised host to other systems within a network. Lateral movement involves leveraging stolen credentials, exploiting trust relationships and escalating privileges to achieve objectives.
Measures to secure the Lightweight Directory Access Protocol (LDAP), including enforcing TLS encryption, limiting anonymous binds and restricting directory queries. LDAP servers store sensitive credentials and directory information, requiring strong controls.
A principle stating that users and processes should be granted only the permissions necessary to perform their tasks. Applying least privilege reduces the impact of compromised accounts and limits access to sensitive data.
A process where an organisation preserves relevant data due to litigation or regulatory investigations. During a legal hold, data destruction policies are suspended, and chain-of-custody procedures ensure evidence integrity.
A free, automated certificate authority that provides digital certificates to enable HTTPS. Let’s Encrypt simplifies deployment of TLS on websites and promotes widespread adoption of secure connections.
IP addresses that are valid only within a local network segment and are not routable on the internet. Proper segmentation and firewall rules ensure link-local traffic does not leak into broader networks.
Securing load balancers that distribute traffic across servers. Considerations include TLS termination, access controls on management interfaces, DDoS protection and ensuring backend service authentication.
The centralized collection and storage of logs from various sources (servers, applications, network devices). Log aggregation facilitates monitoring, troubleshooting, compliance reporting and detection of security incidents.
Processes that record system and application events and continuously review them for anomalies. Effective logging captures sufficient context (timestamps, user actions, source IP) and is paired with monitoring tools and alerting to detect suspicious behaviour.
Malicious code inserted into software that triggers a harmful action when specific conditions are met (e.g., a date or event). Logic bombs can destroy data or disrupt operations; code reviews and integrity checks help detect them.
Manipulating the media access control (MAC) address of a network interface to impersonate another device. Attackers use spoofing to bypass access controls or anonymize traffic; network access control (NAC) and port security mitigate such threats.
The practice of securing machine-learning systems and using machine learning to enhance security. It covers protecting training data, preventing model theft or poisoning, and applying ML for anomaly detection and threat classification.
Malicious software designed to harm, exploit or steal from systems. Malware encompasses viruses, worms, trojans, ransomware and spyware; defences include antivirus, endpoint detection, behavioural analysis and user education.
An outsourced service that provides continuous threat monitoring, detection and response using advanced technologies and human expertise. MDR providers augment internal teams and deliver faster incident response and threat hunting.
The assurance that software cannot read or write memory outside of its allocated boundaries. Languages like Rust and modern runtimes provide memory safety, reducing buffer overflows and other memory corruption vulnerabilities.
Information that accompanies a message and allows the recipient to verify both integrity and authenticity. MACs include HMAC and cipher-based MACs; they differ from digital signatures because they use shared secret keys rather than public/private key pairs.
An openly available knowledge base of adversary tactics, techniques and procedures. ATT&CK is organised by phases of the attack lifecycle and used for threat modelling, detection engineering, red teaming and security gap analysis.
Software and policies that manage and secure mobile devices within an organisation. MDM handles device enrollment, configuration, updates, remote wipe and monitoring to enforce security on smartphones and tablets.
An authentication method requiring two or more independent factors—something you know (password), have (token) or are (biometric)—to verify identity. MFA significantly reduces the likelihood of successful credential-based attacks.
An architecture where multiple customers share the same underlying infrastructure or application instance. Cloud and SaaS providers must isolate tenants, enforce access controls and prevent data leakage between tenants.
Technologies that assess devices before granting network connectivity, ensuring compliance with security policies. NAC systems enforce health checks, device posture assessment and authentication to prevent unauthorized or non-compliant devices from connecting.
Dividing a network into separate zones or segments to restrict lateral movement and contain attacks. Segmentation can be implemented through VLANs, firewalls and microsegmentation policies.
Real-time collection of network data (flows, packets, metrics) used for monitoring performance and detecting anomalies. Telemetry feeds analytics and security tools like SIEM and network detection and response (NDR) platforms.
The abstraction of physical network resources into logical networks, enabling multiple virtual networks to run on shared hardware. Virtualization provides flexibility but requires careful management of isolation and security policies.
An advanced firewall that incorporates features like deep packet inspection, intrusion prevention, application awareness and user identity. NGFWs enable more granular policy enforcement and adapt to modern threats.
A voluntary framework developed by the US National Institute of Standards and Technology, providing guidelines for identifying, protecting, detecting, responding to and recovering from cybersecurity incidents. It aligns with risk management practices and is widely adopted across industries.
The assurance that an action or communication cannot later be denied. Cryptographic techniques, such as digital signatures and audit trails, provide evidence that a particular user performed an operation or sent a message.
A number used once in cryptographic protocols to prevent replay attacks and ensure uniqueness. Nonces are random or pseudo-random values included in authentication or encryption exchanges.
A US government repository of standards-based vulnerability information. The NVD provides CVE identifiers, severity scores (CVSS), reference links and data that organisations use for vulnerability management and compliance.
An anonymous connection to Windows servers using SMB or RPC that allows limited access to resources. Attackers leverage null sessions for reconnaissance; disabling anonymous logons and restricting access helps mitigate the threat.
An open standard for delegated authorization that allows users to grant third-party applications limited access to resources without sharing credentials. OAuth uses access tokens issued by an authorization server; secure implementation involves proper scope limitations and token management.
Security measures applied within an organisation’s own data centre or facilities, as opposed to cloud environments. On-prem security includes physical protection, network defenses, endpoint controls and adherence to internal policies.
An identity layer built on top of OAuth 2.0 providing authentication, standardized user profile information and session management. OIDC enables single sign-on across services using ID tokens signed by an identity provider.
The collection and analysis of publicly available information—such as social media, forums, DNS records and leaked data—to gather insights on threat actors or potential targets. OSINT supports threat intelligence, investigations and security assessments.
Protecting industrial control systems, SCADA environments and critical infrastructure from cyber threats. OT security requires specialised practices for legacy protocols, safety considerations and availability requirements distinct from IT systems.
In security contexts, the automated coordination of tasks and workflows across systems and tools. Orchestration platforms—often combined with automation in SOAR—accelerate response, enforce consistent processes and reduce manual effort.
A secondary authentication method delivered through a separate communication channel (e.g., SMS, phone call or hardware token) from the primary login. Out-of-band factors add resilience against man-in-the-middle attacks on a single channel.
A network built on top of another network using encapsulation to create virtual links and tunnels. Examples include VPNs, GRE tunnels and software-defined networking overlays. Security involves proper encryption, authentication and segmentation of overlay traffic.
An account granted more permissions than necessary. Overprivileged accounts increase risk if compromised; regular access reviews and least privilege policies help reduce excess privileges.
A widely referenced list of the top ten most critical web application security risks maintained by the Open Web Application Security Project. It includes injection, broken authentication, sensitive data exposure, security misconfiguration, cross-site scripting and other common flaws.
Controls and technologies that secure and monitor accounts with elevated permissions. PAM solutions include password vaults, session monitoring, least privilege enforcement and just-in-time access to reduce abuse of privileged accounts.
Policies requiring combinations of length, character variety and unpredictability to make passwords difficult to guess. Complexity rules should be balanced with usability and supplemented with multi-factor authentication and password managers.
The process of acquiring, testing and deploying updates to fix software vulnerabilities or improve functionality. Timely patching reduces exposure to known exploits and should be prioritised based on risk and criticality.
An authorised simulated attack on systems, networks or applications to identify vulnerabilities and evaluate defenses. Pen testers use manual and automated tools and report findings with remediation recommendations.
A social engineering attack where fraudulent messages—often emails or texts—trick recipients into revealing credentials, installing malware or transferring money. Anti-phishing training, email filtering and URL scanning help reduce susceptibility.
A framework for creating, distributing, managing and revoking digital certificates and public-key pairs. PKI underpins TLS/SSL, code signing and secure email by enabling trusted, authenticated communications.
Malicious code designed to run under multiple file formats or interpreters, enabling it to evade detection by masquerading as different types of files. Defending against polyglot malware requires multiple layers of scanning and behavioural analysis.
A principle that embeds privacy considerations into systems and processes from the outset, rather than as an afterthought. It emphasizes data minimization, user consent, transparency and secure defaults throughout the lifecycle of products and services.
The act of exploiting a vulnerability or misconfiguration to gain higher privileges than initially granted. Attackers perform vertical escalation (non-admin to admin) or horizontal escalation (accessing another user's privileges). Mitigation includes patching, least privilege and monitoring.
Cloud services delivered over the internet from third-party providers like Amazon Web Services, Microsoft Azure and Google Cloud. Public cloud offers scalability and efficiency but requires shared responsibility for security, identity management and configuration.
Processes ensuring that security requirements are correctly implemented and tested throughout software development. QA includes code reviews, security testing and validation to catch issues before deployment.
Threats that exploit or overwhelm network QoS mechanisms—such as packet prioritization—to degrade service for legitimate users. Attackers may misuse QoS to gain preferential bandwidth for malicious traffic or starve critical traffic.
A method of securely generating and exchanging cryptographic keys using quantum mechanics. Quantum key distribution can detect eavesdropping attempts because observing quantum states alters them; currently, it is mostly experimental and used in specialized environments.
A device that uses quantum phenomena—such as photon emission or radioactive decay—to generate truly random numbers. Quantum randomness enhances cryptographic key generation, making it harder for attackers to predict values.
Encryption algorithms designed to resist attacks by quantum computers. Also called post-quantum cryptography, these techniques include lattice-based, multivariate polynomial and hash-based schemes. Adoption ensures long-term confidentiality as quantum capabilities emerge.
The isolation of infected or suspicious files, systems or network segments to prevent malware spread. Quarantine is used by antivirus tools, email gateways and incident responders during containment phases.
A set of attributes in a dataset that can indirectly identify individuals when combined (e.g., birthdate, ZIP code and gender). Privacy-preserving techniques like k-anonymity mitigate re-identification of quasi-identifiers.
A web application attack that manipulates URL query parameters to change application behaviour, access sensitive data or execute unintended commands. Input validation and parameterised queries protect against injection attacks.
Phishing that uses QR codes to lure victims into visiting malicious websites or initiating fraudulent actions. Because QR codes are not human-readable, users should verify sources before scanning and disable automatic URL opening.
In distributed systems and cryptography, the minimum number of entities required to agree or participate for an action to be valid. Quorum mechanisms underpin consensus protocols, multi-party computation and secret-sharing schemes.
Malware that encrypts a victim's data and demands payment (often in cryptocurrency) for a decryption key. Prevention includes regular backups, patching, endpoint security and user awareness. Incident response should avoid paying ransoms when possible.
An adversarial assessment where a team simulates real-world attack scenarios to test an organisation's defences. Red teams employ offensive tactics to identify weaknesses and provide actionable recommendations to blue teams.
A vulnerability that allows an attacker to execute arbitrary code on a target system. RCE can lead to full compromise and is one of the most severe vulnerability classes; patching and input validation are essential defenses.
The ability of systems and organisations to withstand and recover from cyberattacks or disruptions. Resilience encompasses redundancy, business continuity planning, incident response and continuous improvement to reduce impact.
The process of identifying, analysing and prioritising threats and vulnerabilities to determine potential impact. Risk assessments inform security investments and are integral to frameworks like ISO 27001 and NIST CSF.
A widely used public-key encryption algorithm based on the difficulty of factoring large integers. RSA is used for secure key exchange, digital signatures and SSL/TLS; however, it may be vulnerable to quantum computing in the future.
A model that assigns permissions to roles rather than individuals. Users inherit access rights based on their roles, simplifying administration and supporting least privilege by tailoring roles to job functions.
A trusted set of functions—in hardware, firmware or software—that provide a secure foundation for a system’s operation. A root of trust is essential for secure boot, firmware verification and chain-of-trust architectures.
The process of securing network routers by disabling unnecessary services, enforcing strong authentication, updating firmware and implementing firewall rules. Hardening prevents attackers from exploiting default settings or misconfigurations.
Security measures that monitor and protect applications while they are running. Runtime Application Self-Protection (RASP) and cloud workload protection platforms detect and block attacks such as injection or memory exploitation during execution.
Tools that continuously monitor and manage the security configurations of software-as-a-service (SaaS) applications. SSPM solutions detect misconfigurations, enforce policies, manage permissions and assess third-party integrations.
Safeguarding Supervisory Control and Data Acquisition (SCADA) systems that monitor industrial processes. SCADA security must address legacy protocols, segmented networks, physical safety, remote connectivity and vendor patch cycles.
A hardware-based process that ensures only trusted software (signed firmware and operating systems) loads during startup. Secure boot prevents rootkits and bootkits from compromising the earliest stages of system operation.
Following best practices to design and implement software free from security vulnerabilities. Secure coding principles include input validation, error handling, proper authentication, least privilege and adherence to standards such as CERT C or OWASP guidelines.
A protocol providing secure remote command-line access and file transfers over an unsecured network. SSH uses public-key cryptography for authentication and encrypts session data, replacing older protocols like Telnet and rlogin.
An XML-based open standard that enables secure single sign-on (SSO) and identity federation. SAML exchanges authentication and authorization data between an identity provider and a service provider via signed assertions.
Platforms that collect and correlate security logs from across an organisation to detect, analyse and respond to incidents. SIEM combines real-time monitoring, rule-based correlation and analytics with dashboards and reporting.
Isolating applications, processes or code in a restricted environment to prevent them from affecting other parts of the system. Sandboxes are used for malware analysis, browser security and running untrusted code.
Securing functions deployed in serverless compute environments (e.g., AWS Lambda, Azure Functions). Concerns include least privilege permissions, event injection, insecure third-party libraries, secrets management and monitoring of function execution.
A formal record of all components, libraries and dependencies used in a software product. SBOMs enhance supply chain transparency, facilitate vulnerability management and are increasingly required by regulators and customers.
The collection, analysis and dissemination of information about adversaries' capabilities, infrastructure and intent. Threat intelligence helps organisations anticipate, detect and respond to attacks by providing context and indicators.
A structured approach to identify and prioritize potential threats and vulnerabilities in an application or system. Threat modeling techniques (e.g., STRIDE, DREAD) guide developers in building secure architectures and controls.
The successor to SSL, TLS is a cryptographic protocol providing confidentiality and integrity for data exchanged over networks. TLS relies on certificates and key exchange to establish secure sessions for web, email and other services.
Replaces sensitive data with non-sensitive tokens while preserving format and usability. Tokenization protects payment card numbers, personal data and health information by keeping original values only in a secure vault.
A temporary numeric code generated using a shared secret and the current time. TOTP is used in two-factor authentication applications (e.g., Google Authenticator) and provides short-lived codes that expire after a set interval.
Controlling network traffic flows to optimize performance and security. Traffic shaping prioritizes critical applications, limits bandwidth for non-essential services and can help mitigate DDoS attacks by rate limiting malicious traffic.
Malware that disguises itself as legitimate software to trick users into installing it. Once executed, a Trojan opens backdoors, steals data or drops additional malware. Education and endpoint protection help detect and block Trojans.
The observable patterns used by adversaries to achieve their objectives. TTPs are catalogued in frameworks like MITRE ATT&CK and help analysts map behaviors to specific groups and detect similar attacks.
A security principle requiring two authorised individuals to complete sensitive actions (e.g., cryptographic key generation or nuclear launch). This reduces risk of insider abuse or accidental actions and enforces checks and balances.
Registering or using domain names that closely resemble legitimate brands to trick users into visiting malicious sites. Typosquatting is used for phishing, malware distribution or advertising fraud; organisations monitor variations of their domains to mitigate risk.
Technology that profiles the behaviours of users, devices and applications to identify anomalies that may indicate insider threats or compromised accounts. UEBA solutions learn normal patterns and generate risk scores for suspicious activity.
A type of DDoS attack that overwhelms a target with a high volume of User Datagram Protocol (UDP) packets. Because UDP is connectionless and does not perform handshakes, attackers can easily spoof packet sources and consume network resources.
A security appliance that combines multiple network protection functions—such as firewall, intrusion prevention, antivirus and content filtering—into a single platform. UTM simplifies management for smaller organisations but may have performance limitations.
Blocking or permitting web traffic based on URLs or categories. URL filtering enforces acceptable use policies, prevents access to malicious sites and reduces the risk of malware infection and data leakage.
Balancing usability and security requirements so that controls do not overly hinder productivity. Poorly designed security can lead to user workarounds; adopting secure by default practices and providing clear guidance helps align experience with protection.
The exposure of information to individuals or systems not authorised to access it. Unauthorized disclosure can occur through misconfigurations, insider misuse or breaches; encryption and access controls help prevent it.
Any network segment not under an organisation’s control or containing unknown devices. When connecting to untrusted networks (e.g., public Wi-Fi), use VPNs, disable file sharing and restrict sensitive activities.
The frequency at which software updates and security patches are released. A predictable update cadence allows organizations to schedule testing and deployment while minimizing window of exposure to known vulnerabilities.
The practice of checking files uploaded by users for malware, file type mismatches and size constraints. Upload validation mitigates the risk of malicious files being stored or executed on a server.
The examination of data stored on USB drives and analysis of their usage on systems. Investigators look for evidence such as file timestamps, device serial numbers and artifacts that indicate insertion and data transfer.
An isolated section of a public cloud where customers can define virtual networks, subnets and security policies. VPCs provide control over routing, firewall rules and IP address spaces within a multi-tenant cloud environment.
A secure tunnel that encrypts traffic between a user and a remote network. VPNs provide confidentiality and authenticity for remote work, site-to-site connectivity and bypassing geolocation restrictions.
A temporary security measure—often implemented by a WAF or IPS—that blocks exploit attempts when underlying software cannot be patched immediately. Virtual patches provide short-term protection until vendors release updates.
Protecting virtual machines and hosts from hypervisor exploits, VM escape, misconfiguration and sprawl. Controls include patching hypervisors, isolating tenants, secure VM templates and monitoring inter-VM traffic.
A service that aggregates results from multiple antivirus engines to analyse files or URLs for malware. Submissions to VirusTotal help identify malicious indicators and contribute to shared threat intelligence.
Voice-based phishing where attackers use phone calls or voicemail messages to deceive victims into revealing sensitive information or transferring funds. Caller ID spoofing and social engineering make vishing convincing; awareness training and call-back procedures help mitigate.
Biometric authentication using unique characteristics of a person’s voice. Voiceprint systems analyse frequency, cadence and tone but must handle variability and defend against replay or deepfake attacks.
A configuration that allows some traffic to go through a VPN while other traffic accesses the internet directly. Split tunneling can improve performance but introduces risks if untrusted traffic bypasses corporate security controls.
The process of identifying, quantifying and prioritizing security weaknesses in systems, networks or applications. Vulnerability assessments often use automated scanners to detect misconfigurations and missing patches and are followed by remediation efforts.
An ongoing process of discovering, prioritizing, remediating and verifying fixes for vulnerabilities. Vulnerability management programs integrate scanning, asset inventory, risk scoring and coordination between security and operations teams.
A security solution that monitors, filters and blocks malicious HTTP/S traffic to and from web applications. WAFs protect against threats such as injection, cross-site scripting and bot attacks by applying rules at the application layer.
An attack in which adversaries compromise a website frequently visited by their target audience, injecting malware to exploit visitors. Users unknowingly download malicious code when they visit the infected site.
A form of spear-phishing that targets high-level executives or "big fish" within an organisation. Whaling emails often appear urgent and leverage authority to pressure recipients into transferring funds or disclosing sensitive data.
Security testing performed with full knowledge of the internal logic and implementation of an application. White box tests can examine code, configurations and design to identify vulnerabilities early in the development lifecycle.
The latest generation of Wi-Fi security that provides stronger encryption, protection against dictionary attacks and improved handshake security. WPA3 replaces WPA2 and includes features like forward secrecy and individualized data encryption.
Microsoft’s biometric and PIN-based authentication system for Windows devices. Windows Hello uses facial recognition, fingerprints or short PINs, stored in hardware enclaves, to provide secure, convenient logins.
A network protocol analyzer used to capture and inspect packets in real time. Wireshark aids troubleshooting, intrusion detection and protocol analysis; proper authorization is required to avoid privacy violations.
The practice of assigning unique identities and credentials to workloads—such as containers, serverless functions or VMs—rather than relying on shared secrets. Workload identities enable fine-grained authorization and auditing in cloud environments.
Self-replicating malware that spreads across networks without user intervention. Worms exploit vulnerabilities to move laterally and may deliver payloads such as ransomware or backdoors; network segmentation and patching help prevent their propagation.
A storage mechanism where data, once written, cannot be modified. WORM storage preserves records for regulatory compliance and forensic investigations; examples include immutable backups and log retention solutions.
A digital certificate format used in TLS/SSL for authenticating identities and establishing encrypted connections. X.509 certificates contain a public key, identifying information and a signature from a trusted certificate authority.
A high-performance packet processing framework in the Linux kernel that allows custom programs to run at the earliest point in packet reception. XDP can be used for DDoS mitigation, firewalling and telemetry with low latency.
An open-source hypervisor that supports the creation of virtual machines. Xen is used in many cloud providers; its security hinges on isolation between guest VMs, hypervisor hardening and patch management.
Standards that define how to encrypt and decrypt XML data. Proper implementation ensures confidentiality of sensitive elements within documents exchanged between services; misconfiguration can lead to XXE or signature wrapping attacks.
Securing the Extensible Messaging and Presence Protocol (XMPP) used for instant messaging. Security measures include TLS for encryption, SASL for authentication, server federation controls and protection against message spoofing.
One of the simplest symmetric encryption methods that applies the XOR operation between a key and plaintext bits. Although easy to implement, XOR alone is not secure; it’s primarily used within larger cryptographic algorithms or obfuscation.
A wireless interception technique using a directional Yagi antenna to capture long-distance Wi-Fi signals. Attackers may use Yagi antennas to sniff or jam communications; encryption and network segmentation help mitigate risks.
Refers to the 2013–2014 breaches of Yahoo that exposed billions of user accounts. The incident underscores the importance of encryption, credential hygiene, breach disclosure and due diligence during mergers.
Ensuring that configuration files in YAML are parsed securely. This includes controlling which classes can be instantiated during deserialization, validating schema and avoiding unsafe constructors.
Attacks that exploit insecure processing of YAML configuration files. Improper deserialization of untrusted YAML can lead to arbitrary code execution; applications should parse YAML using safe libraries and validate input.
Pattern matching rules used to identify malware, files or processes based on strings, regular expressions and conditions. Analysts craft YARA rules for threat hunting, malware classification and incident response.
Date-related software bugs that arise when systems cannot handle changes in calendar representations—such as two-digit years or leap seconds. Periodic code reviews and time-handling testing prevent similar issues.
A concept representing the collaboration between red, blue and green teams. Yellow teams focus on designing and implementing secure solutions and bridging communication between offensive and defensive groups.
An attack surface that increases over time due to new features, integrations or misconfigurations. Continuous monitoring and governance ensure that the yielding attack surface is managed and minimized.
A hardware security module (HSM) produced by Yubico that provides secure key generation, storage and cryptographic operations in a compact, USB-attached device. YubiHSMs are used to protect keys in servers and applications.
A hardware token produced by Yubico that implements FIDO and smartcard standards. Yubikeys provide strong multi-factor authentication, support cryptographic signing and reduce reliance on passwords or SMS codes.
Security measures applied to Z-Wave wireless communication protocols used in smart-home devices. Controls include encryption, network keys, and monitoring for unauthorized devices.
An open-source network security monitor that provides deep packet analysis and event-driven scripting. Zeek transforms raw traffic into high-level events for intrusion detection, forensics and analytics.
A vulnerability unknown to the vendor or public with no available patch. Attackers exploit zero-day flaws before they are discovered and patched. Defence relies on layered security, behaviour monitoring and vendor coordination.
A security model that assumes no implicit trust between network components and verifies every request based on identity, context and policy. Zero trust principles include continuous authentication, least privilege access and segmentation.
A subset of zero trust that focuses on controlling resource access based on context, identity and device posture rather than network location. ZTA solutions continuously assess risk and adapt policies for each session.
A malicious archive file that recursively expands to enormous size when decompressed. Zip bombs exhaust resources on scanning systems, potentially causing denial of service. Defenders limit recursion depths and file sizes during extraction.
A network of compromised computers ("zombies") controlled by an attacker. Zombie botnets are used for DDoS attacks, spam distribution and credential stuffing; detection requires anomaly detection and coordinated takedown efforts.
Dividing networks or data centres into zones with distinct security policies. Zoning restricts traffic between zones and isolates critical assets; it is a fundamental technique in network segmentation and compliance frameworks.
The unwanted intrusion into video conference calls, often accompanied by disruptive or abusive behaviour. Meeting passwords, waiting rooms and authenticated participants help prevent zoom bombing.
Expand your technical vocabulary with our other comprehensive guides
Definitions for software development concepts from variables to algorithms.
Master terminology for front-end, back-end, DevOps, and cloud computing.
Learn the language of search engines to improve your rankings.
Essential Artificial Intelligence definitions from ML to LLMs.
