Cybersecurity Glossary

A comprehensive glossary of cybersecurity terms, acronyms, and concepts for security professionals and enthusiasts.

A

Access Control: The selective restriction of access to resources or data based on user identity, role, or other attributes.
Active Directory (AD): Microsoft’s directory service for Windows domain networks, managing users, computers, and other resources.
Advanced Persistent Threat (APT): A prolonged and targeted cyberattack where an intruder gains unauthorized access and remains undetected for an extended period.
Air Gap: Physical isolation of a computer or network from unsecured networks, including the Internet.
Anti-virus (AV): Software designed to detect, prevent, and remove malicious software (malware).
API (Application Programming Interface): A set of protocols and tools for building software applications, defining how components should interact.
Attack Surface: The total number of points where an unauthorized user can try to enter or extract data from a system.
Authentication: The process of verifying the identity of a user, device, or system.
Authorization: The process of granting or denying access rights to resources after authentication.

B

Backdoor: A method of bypassing normal authentication to gain unauthorized access to a system while remaining undetected.
Baseline: A reference point for comparison, typically the minimum security requirements for a system.
Blue Team: The defensive security team responsible for protecting systems and responding to incidents.
Botnet: A network of compromised computers (bots) controlled by an attacker to perform coordinated malicious activities.
Brute Force Attack: An attack method that tries all possible combinations to crack passwords or encryption keys.
Buffer Overflow: A vulnerability where a program writes data beyond the allocated memory buffer, potentially allowing code execution.
Bug Bounty: A program where organizations reward security researchers for discovering and reporting vulnerabilities.

C

Certificate Authority (CA): A trusted entity that issues digital certificates to verify identities on the Internet.
CIA Triad: The three core principles of information security: Confidentiality, Integrity, and Availability.
Command and Control (C2/C&C): Infrastructure used by attackers to communicate with and control compromised systems.
Common Vulnerabilities and Exposures (CVE): A standardized identifier for known security vulnerabilities and exposures.
Credential Stuffing: An attack where stolen username/password pairs are used to gain unauthorized access to user accounts.
Cross-Site Request Forgery (CSRF): An attack that tricks a user’s browser into executing unwanted actions on a trusted site where they’re authenticated.
Cross-Site Scripting (XSS): A vulnerability allowing attackers to inject malicious scripts into web pages viewed by other users.
Cryptography: The practice of securing information through encryption and other mathematical techniques.
CVE Score (CVSS): Common Vulnerability Scoring System - a standardized method for rating the severity of security vulnerabilities.

D

Data Breach: Unauthorized access to confidential data, resulting in its disclosure, theft, or use.
DDoS (Distributed Denial of Service): An attack overwhelming a system with traffic from multiple sources to make it unavailable.
Defense in Depth: A security strategy employing multiple layers of protection.
Demilitarized Zone (DMZ): A network segment that sits between an internal network and untrusted external networks.
Dictionary Attack: A password attack using a list of common words and passwords.
Digital Forensics: The process of collecting, analyzing, and preserving electronic evidence for investigation.
DNS (Domain Name System): The system that translates human-readable domain names into IP addresses.
DNS Spoofing/Poisoning: An attack corrupting DNS cache data to redirect users to malicious sites.

E

Encryption: The process of converting data into an unreadable format to prevent unauthorized access.
Endpoint: Any device connected to a network, such as computers, smartphones, or IoT devices.
Endpoint Detection and Response (EDR): Security solutions that monitor and respond to threats on endpoint devices.
Enumeration: The process of gathering information about a target system or network.
Escalation of Privilege: Gaining higher-level access or permissions than originally granted.
Ethical Hacking: Authorized testing of systems to identify vulnerabilities before malicious hackers can exploit them.
Exploit: Code or technique that takes advantage of a vulnerability to compromise a system.
Exploit Kit: A toolkit containing pre-packaged exploits for various vulnerabilities.

F

False Positive: When a security system incorrectly identifies benign activity as malicious.
Firewall: A network security device that monitors and filters incoming and outgoing traffic based on security rules.
Footprinting: The process of gathering information about a target system or organization.
Forensics: See Digital Forensics.
Fuzzing: An automated testing technique that provides invalid, unexpected, or random data as inputs to discover vulnerabilities.

G

Gray Hat: A hacker who operates between ethical (white hat) and malicious (black hat) hacking.
Governance, Risk, and Compliance (GRC): A framework for managing an organization’s security, risk, and regulatory compliance.

H

Hash Function: A mathematical function that converts input data into a fixed-size string, used for data integrity and password storage.
Honeypot: A decoy system designed to attract and detect attackers.
HTTP (Hypertext Transfer Protocol): The protocol for transmitting web pages over the Internet.
HTTPS (HTTP Secure): HTTP with encryption using TLS/SSL for secure communication.

I

Incident Response (IR): The process of detecting, analyzing, and responding to security incidents.
Indicator of Compromise (IoC): Evidence that a security breach has occurred or is occurring.
Information Security (InfoSec): The practice of protecting information from unauthorized access, use, or destruction.
Injection Attack: An attack inserting malicious code into an application (e.g., SQL injection, command injection).
Insider Threat: A security risk posed by individuals within an organization with legitimate access.
Intrusion Detection System (IDS): A system that monitors network traffic for suspicious activity and alerts administrators.
Intrusion Prevention System (IPS): Similar to IDS but can actively block detected threats.
ISO 27001: An international standard for information security management systems (ISMS).

K

Kerberos: A network authentication protocol using tickets to allow secure authentication over non-secure networks.
Keylogger: Malware that records keystrokes to steal sensitive information like passwords.
Kill Chain: A model describing the stages of a cyberattack, from reconnaissance to action on objectives.

L

Lateral Movement: An attacker’s technique of moving through a network after initial compromise to access additional systems.
Least Privilege: The security principle of granting users only the minimum access necessary to perform their duties.
LDAP (Lightweight Directory Access Protocol): A protocol for accessing and maintaining directory services over a network.
Log Analysis: Examining log files to identify security incidents, troubleshoot issues, or ensure compliance.

M

Malware: Malicious software designed to damage, disrupt, or gain unauthorized access to systems.
Man-in-the-Middle (MitM): An attack where an attacker intercepts and potentially alters communication between two parties.
Multi-Factor Authentication (MFA): Authentication requiring two or more verification factors (something you know, have, or are).

N

Network Segmentation: Dividing a network into smaller segments to improve security and performance.
NIST (National Institute of Standards and Technology): A U.S. agency that develops cybersecurity frameworks and standards.
Nmap: A popular open-source network scanning and enumeration tool.
NTLM (NT LAN Manager): A Microsoft authentication protocol used in Windows environments.

O

Open Source Intelligence (OSINT): Information gathering from publicly available sources.
OWASP (Open Web Application Security Project): A nonprofit organization focused on improving software security.
OWASP Top 10: A list of the ten most critical web application security risks.

P

Patch: A software update that fixes vulnerabilities or bugs.
Patch Management: The process of testing and deploying software updates to systems.
Payload: The malicious code delivered by an exploit.
Penetration Testing (Pentest): Simulated cyberattacks to identify vulnerabilities in systems.
Phishing: Social engineering attacks using fraudulent messages to trick users into revealing sensitive information.
Pivot/Pivoting: Using a compromised system as a launching point to attack other systems on the network.
Port: A numbered endpoint for network communication.
Port Scanning: Probing a system to identify open ports and services.
Privilege Escalation: Gaining higher-level permissions than initially granted.
Proxy: An intermediary server that forwards requests between clients and servers.
Public Key Infrastructure (PKI): A framework for managing digital certificates and public-key encryption.

R

Ransomware: Malware that encrypts files and demands payment for decryption.
Red Team: The offensive security team that simulates attacks to test defenses.
Remote Code Execution (RCE): A vulnerability allowing an attacker to execute arbitrary code on a target system.
Reverse Engineering: Analyzing software or hardware to understand its functionality and identify vulnerabilities.
Reverse Shell: A connection initiated from a target system back to an attacker’s system.
Risk Assessment: The process of identifying, analyzing, and evaluating security risks.
Rootkit: Malware designed to hide its presence and maintain privileged access to a system.

S

Sandbox: An isolated environment for safely executing and analyzing suspicious code.
SIEM (Security Information and Event Management): Systems that collect, analyze, and correlate security logs from multiple sources.
Social Engineering: Manipulating people into divulging confidential information or performing actions.
Spear Phishing: Targeted phishing attacks directed at specific individuals or organizations.
SQL Injection (SQLi): An injection attack inserting malicious SQL code into database queries.
SSH (Secure Shell): A cryptographic network protocol for secure remote access.
SSL/TLS (Secure Sockets Layer/Transport Layer Security): Protocols for encrypting data transmitted over networks.
SUID (Set User ID): A Unix permission allowing users to execute files with the permissions of the file owner.

T

Threat Actor: An individual or group responsible for a security incident.
Threat Hunting: Proactively searching for threats that have evaded automated detection.
Threat Intelligence: Information about threats and adversaries used to inform security decisions.
Threat Model: A structured approach to identifying and prioritizing potential threats.
TLS (Transport Layer Security): See SSL/TLS.
Token: A digital object representing authentication credentials or authorization.
Trojan Horse (Trojan): Malware disguised as legitimate software.
Two-Factor Authentication (2FA): See Multi-Factor Authentication.

V

Virtual Private Network (VPN): A secure, encrypted connection over a public network.
Virus: Self-replicating malware that spreads by attaching to files or programs.
Vulnerability: A weakness in a system that can be exploited by threats.
Vulnerability Assessment: The process of identifying and evaluating security vulnerabilities.
Vulnerability Scanner: Automated tools that identify known vulnerabilities in systems.

W

Web Application Firewall (WAF): A firewall specifically designed to protect web applications.
Whaling: Phishing attacks targeting high-profile individuals like executives.
White Hat: An ethical hacker who uses their skills for defensive purposes.
Worm: Self-replicating malware that spreads independently without human interaction.

X

XSS (Cross-Site Scripting): See Cross-Site Scripting.

Z

Zero-Day: A vulnerability unknown to the vendor or public, or for which no patch exists.
Zero Trust: A security model that assumes no user or system should be automatically trusted.
Zombie: A compromised computer controlled by an attacker, typically part of a botnet.

Last Updated: March 2025

This glossary is continuously updated. If you notice any missing terms or have suggestions, please contact us.