Glossary -

learn django 90% discount Offer Click here

0-9

A

Authentication: the process of verifying the identity of a user or device.

Authenticatation: the process of verifying the identity of a user or device. Examples of authentication include passwords, biometrics, smart cards, and tokens.

Adware: software that displays unwanted ads or pop-ups on a user’s device. Examples of adware include pop-up ads, banner ads, and sponsored content.

Antivirus: Software that is designed to detect, prevent, and remove malware. Examples of antivirus software include Norton, McAfee, and Bitdefender.

Authentication: When you log into your email account and are prompted to enter your username and password, that is an example of authentication. The system is verifying your identity to ensure that only you can access your account.

Adware: A common example of adware is when you visit a website and are bombarded with pop-up ads. Adware is often bundled with free software, such as browser extensions or toolbars, and can be difficult to remove.

Antivirus: A common example of antivirus software is Windows Defender, which is built into Windows operating systems. Other popular antivirus software options include Norton, McAfee, and Bitdefender.

Adware: Software that displays unwanted advertisements on a user’s computer or mobile device. An example of adware is when a user installs a free software application, such as a browser extension, that displays pop-up ads or redirects the user to unwanted websites.

Antivirus: Software that detects and removes computer viruses and other malicious software. An example of antivirus is Norton Antivirus, which scans a user’s computer for viruses and malware and alerts the user if any threats are found.

Access control: The process of restricting access to computer systems and data to authorized users or processes. An example of access control is when a company sets up role-based access control (RBAC), which allows users to access only the data and systems necessary for their job functions.

Access control list (ACL): A list of rules that determines which users or systems are allowed to access a particular resource, such as a file or network device.

Advanced persistent threat (APT): A type of cyber attack in which a hacker gains unauthorized access to a network or system, and remains undetected for an extended period of time. APTs are often used for espionage or data theft, and are typically carried out by sophisticated attackers with significant resources.

Application security: The practice of securing software applications from unauthorized access, modification, or exploitation. Application security may involve measures such as input validation, code reviews, and vulnerability scanning.

Access token: A unique identifier that is granted to an authorized user or system, and is used to access specific resources or services. Access tokens may be used in a variety of contexts, including web applications, mobile apps, and APIs.

Adversary: A person, group, or organization that is actively working to harm or compromise a target system or network. Adversaries may use a variety of techniques, including social engineering, phishing, and malware.

Active Directory: A Microsoft directory service that is used to manage and authenticate users and systems in a Windows environment. Active Directory may be used to enforce security policies, control access to resources, and manage user accounts.

API security: The practice of securing APIs (Application Programming Interfaces) that are used to interact with applications or systems. API security may involve measures such as access control, data validation, and encryption.

Asset management: The practice of identifying, tracking, and managing assets that are critical to the operation of a system or network. Asset management may include physical assets, such as hardware and software, as well as digital assets, such as data and intellectual property.

Attack surface: The collection of all possible entry points that an attacker could use to gain unauthorized access to a system or network. The attack surface may be affected by a variety of factors, including the complexity of the system, the number of network connections, and the security posture of the system.

Attribute-based access control (ABAC): A type of access control that uses a variety of attributes to determine whether a user or system is allowed to access a particular resource or service. Attributes may include factors such as job role, location, or time of day.

Audit log: A record of all events and actions that occur within a system or network, including user logins, file accesses, and system changes. Audit logs may be used to track user activity, detect security breaches, and ensure compliance with security policies.

Anomaly detection: The practice of identifying patterns or behaviors that deviate from the expected norm, and may indicate the presence of a security threat. Anomaly detection may be used to detect a wide range of threats, including malware, insider threats, and network intrusions.

Authorization: The process of granting or denying access to a particular resource, service, or network, based on the results of an authentication process. Authorization may be based on a wide range of factors, including user credentials, job roles, and network location.

Automated vulnerability scanning: The use of software tools to automatically scan a system or network for vulnerabilities or weaknesses that may be exploited by attackers. Automated vulnerability scanning may be used to identify and prioritize security issues, and can help to reduce the risk of a successful attack.

Availability: A key principle of information security, which refers to the ability of a system or network to remain operational and accessible to authorized users. Availability may be affected by a wide range of factors, including hardware failures, network congestion, and security breaches.

Authorization code: A unique code or token that is used to grant access to a specific resource, service, or network. Authorization codes may be generated through a variety of methods, such as two-factor authentication, and may be used to help prevent unauthorized access.

Ad hoc network: A type of wireless network that is created on an impromptu or temporary basis, typically to enable communication between devices in a specific location or context. Ad hoc networks may be vulnerable to a variety of security risks, including unauthorized access and data interception.

Attribution: The process of identifying the source or origin of a cyber attack or security breach, typically through the use of forensic techniques and analysis of digital evidence. Attribution may be used to help identify and prosecute attackers, and may be an important factor in determining appropriate response and mitigation measures.

Anti-malware: Software or systems designed to detect, prevent, or remove malicious software, such as viruses, worms, and Trojan horses. Anti-malware may be used on individual devices or on a network-wide basis, and may be implemented through a variety of methods, such as signature-based detection or behavioral analysis.

Access point: A device or component that enables wireless connectivity to a network or service. Access points may be used to provide Internet access to mobile devices or other wireless clients, and may be used in a variety of settings, such as homes, businesses, and public spaces.

Asymmetric encryption: A form of encryption that uses two separate keys, one for encryption and one for decryption. Asymmetric encryption may be used in a variety of security applications, such as secure communication or data storage.

Attack vector: The means or method by which a system or network may be breached or compromised. Attack vectors may include vulnerabilities in software or hardware, social engineering tactics, or other methods of attack. Understanding and mitigating attack vectors is a key aspect of effective security planning and risk management.

Air gap: A physical or logical separation between two or more systems or networks. Air gaps are often used to enhance security by preventing unauthorized access or data transfer between systems, and may be implemented through the use of network segmentation, physical barriers, or other methods.

ARP (Address Resolution Protocol): A protocol used to map a network address (such as an IP address) to a physical (MAC) address. ARP is used in many network environments to facilitate communication between devices, and may be vulnerable to various attacks, such as ARP spoofing.

ABE (Attribute-Based Encryption): A form of encryption that uses attributes or characteristics of a user or device to determine access to data or resources. ABE may be used in a variety of security contexts, such as cloud computing and data sharing.

Algorithm: A set of rules or instructions used to perform a specific task or solve a problem. Algorithms may be used in a variety of security contexts, such as encryption and decryption, intrusion detection, and risk analysis.

B

Backdoor: The backdoor discovered in SolarWinds software in late 2020 is a recent example of a backdoor. The software was used by thousands of government agencies and private companies, and the backdoor was used to gain access to sensitive information.

Bot: An example of a bot is a web crawler used by search engines to index websites. The bot crawls through the website, following links and collecting information that can be used to improve search results.

Botnet: The Mirai botnet, which was responsible for the largest DDoS attack in history in 2016, is a well-known example of a botnet. Mirai infected thousands of internet-connected devices, such as routers and cameras, and used them to launch attacks on websites and services.

Brute force attack: In 2012, a LinkedIn data breach exposed over 6 million user passwords. The passwords were encrypted, but not salted, which made it easier for hackers to use brute force attacks to crack the passwords and gain access to user accounts.

Backdoor: A method of bypassing the normal authentication procedures of a system to gain unauthorized access. An example of a backdoor is when a hacker exploits a vulnerability in a website or software to gain access to sensitive information.

Bot: A computer program that performs automated tasks on the internet. An example of a bot is a web crawler, which is used by search engines to index and categorize websites.

Botnet: A network of computers that are infected with malware and controlled by a central command and control server. An example of a botnet is the Mirai botnet, which was used to launch a massive distributed denial of service (DDoS) attack on the internet infrastructure in 2016.

Brute force attack: A method of guessing a user’s password by trying every possible combination until the correct password is found. An example of a brute force attack is when a hacker uses a computer program to try every possible combination of letters, numbers, and symbols until they guess the correct password.

Bootkit: A type of malware that modifies the boot process of a computer to gain persistence and control over the operating system. An example of a bootkit is the TDL4 rootkit, which infects the master boot record (MBR) of the hard drive and allows the attacker to bypass antivirus and other security measures.

Biometric authentication: Biometric authentication: A security measure that uses unique physical or behavioral characteristics, such as fingerprints, voice, or facial recognition, to verify a user’s identity. An example of biometric authentication is when a user unlocks their phone using facial recognition or provides a fingerprint to access a secure building.

Bluejacking: A type of cyber attack that involves sending unsolicited messages or data to Bluetooth-enabled devices. An example of bluejacking is when an attacker sends a message to a nearby Bluetooth device, such as a smartphone, without the user’s permission or knowledge.

Brute force attack: A type of password cracking attack in which an attacker attempts to guess a user’s password by trying all possible combinations of characters. Brute force attacks may be automated or manual, and may be used to compromise a wide range of systems and applications.

C

Cipher: An algorithm used to encrypt and decrypt data. An example of a cipher is the Advanced Encryption Standard (AES), which is widely used to secure sensitive information in many applications.

Cloud computing: The delivery of computing services over the internet, such as storage, processing power, and software applications. An example of cloud computing is when a company uses a cloud-based customer relationship management (CRM) system to manage their customer interactions.

Cookie: A small file stored on a user’s computer or mobile device by a website, which is used to track user behavior and preferences. An example of a cookie is when a user visits an e-commerce website and adds items to their shopping cart, the website may use a cookie to remember the user’s preferences between visits.

Cryptography: The practice of securing communications and data by using codes and ciphers. An example of cryptography is the Secure Sockets Layer (SSL) protocol, which is used to encrypt data sent between a user’s device and a web server, providing a secure connection for online transactions.

Cyber attack: An attempt by a hacker or group of hackers to gain unauthorized access to a computer system or network. An example of a cyber attack is the WannaCry ransomware attack in 2017, which infected hundreds of thousands of computers worldwide and encrypted files, demanding a ransom in exchange for the decryption key.

Cybercrime: Criminal activities that are conducted over the internet, such as fraud, identity theft, and hacking. An example of cybercrime is when a hacker steals a user’s personal information, such as credit card numbers and passwords, and uses that information to make unauthorized purchases.

Cyber espionage: The practice of using the internet to gather intelligence on individuals or organizations for political, military, or economic purposes. An example of cyber espionage is when a government-sponsored hacking group targets a foreign company to steal sensitive information or intellectual property.

Cross-site scripting (XSS): A type of vulnerability that allows an attacker to inject malicious code into a website, which can then be executed by users who visit the site. An example of XSS is when an attacker uses a web form to enter a script that steals the user’s cookies or personal information.

Code review: The process of analyzing software code to identify security vulnerabilities, programming errors, and other issues. An example of code review is when a development team uses a tool like static code analysis to scan their code for potential security flaws.

Cyber kill chain: A framework that describes the stages of a cyber attack, from the initial reconnaissance and delivery of malware to the final exfiltration of data. The cyber kill chain model can be used to develop effective cybersecurity strategies and defenses.

Cloud security: The practice of securing data and applications that are hosted in cloud environments, such as public or private clouds. Cloud security may involve a variety of measures, including data encryption, access control, and vulnerability management.

Cyber hygiene: The practice of maintaining good cyber security habits and behaviors, in order to protect against a wide range of cyber threats. Cyber hygiene may involve measures such as regular software updates, strong passwords, and user education.

D

Data breach: An incident in which sensitive or confidential information is accessed, stolen, or exposed without authorization. An example of a data breach is when a hacker gains access to a company’s database and steals customer names, addresses, and credit card numbers.

Denial of Service (DoS): An attack in which a system or network is flooded with traffic, overwhelming its resources and preventing legitimate users from accessing it. An example of a DoS attack is when a hacker uses a botnet to send a massive amount of traffic to a website, causing it to crash or become unresponsive.

Distributed Denial of Service (DDoS): An attack in which a large number of computers or devices are used to flood a system or network with traffic, making it difficult or impossible for legitimate users to access it. An example of a DDoS attack is the Mirai botnet attack on internet infrastructure in 2016, which disrupted access to popular websites and online services.

Dark web: A hidden portion of the internet that can only be accessed through specialized software, and is often used for illegal activities such as drug trafficking, hacking tools, and stolen data. An example of the dark web is the Silk Road marketplace, which was used to buy and sell drugs and other illegal goods using the cryptocurrency Bitcoin.

Digital forensics: The process of collecting, analyzing, and preserving digital evidence for use in legal proceedings. An example of digital forensics is the analysis of a computer hard drive to recover deleted files or trace the source of a cyber attack.

Deobfuscation: The process of reversing code obfuscation, which is used to hide the true purpose of malware and make it more difficult to analyze. An example of deobfuscation is when a security researcher uses tools and techniques to convert obfuscated code back into its original, readable form.

Digital forensics: The process of collecting, analyzing, and preserving electronic data for use as evidence in a legal investigation or cybercrime case. An example of digital forensics is when a computer forensics expert analyzes a suspect’s computer to gather evidence of criminal activity, such as financial fraud or intellectual property theft.

DNSSEC (Domain Name System Security Extensions): A protocol that provides additional security to the Domain Name System (DNS), which translates domain names into IP addresses. DNSSEC uses digital signatures to verify the authenticity of DNS responses, helping to prevent DNS hijacking and other attacks.

E

Encryption: The process of converting plain text data into an unreadable format, which can only be deciphered with a key or password. An example of encryption is when a user sends an email using a secure email client, which encrypts the message to protect it from unauthorized access.

Encryption: The process of converting plain text into a coded, unreadable format to prevent unauthorized access. An example of encryption is when a user encrypts their hard drive using BitLocker or VeraCrypt, which makes the data unreadable without a decryption key.

Eavesdropping: The act of intercepting and listening to communications, such as network traffic or phone conversations, without the knowledge or consent of the participants. An example of eavesdropping is when an attacker uses a packet sniffer to intercept and read unencrypted data transmitted over a wireless network.

Endpoint security: A branch of cybersecurity that focuses on securing individual devices or endpoints, such as laptops, smartphones, and IoT devices, against attacks and data breaches. Endpoint security typically involves the use of antivirus software, firewalls, and other security measures to protect devices from malware and other threats.

F

Firewall: A security system that monitors and controls incoming and outgoing network traffic to protect against unauthorized access. An example of a firewall is the Windows Firewall, which is a built-in security feature that blocks incoming traffic by default and allows the user to configure exceptions for specific applications or services.

Fileless malware: A type of malware that operates entirely in memory, without leaving any files on the victim’s computer. An example of fileless malware is the Poweliks Trojan, which hides in the Windows registry and uses PowerShell to download and execute malicious code.

Fileless malware: A type of malware that resides in memory or uses legitimate system tools to perform malicious actions, making it difficult to detect and remove. An example of fileless malware is the PowerShell Empire framework, which can be used to create and deploy malware that runs entirely in memory.

G

Grayware: Software that is not inherently malicious, but is still considered undesirable or potentially harmful, such as adware or spyware. An example of grayware is the WeatherBug desktop application, which is often bundled with other software and can collect and transmit user data.

GPG: Gnu Privacy Guard (GPG) is a free and open-source software that provides encryption and digital signature capabilities, often used to secure email communication and files. An example of GPG is when a user encrypts an email using GPG to protect sensitive information from being intercepted or viewed by unauthorized parties.

Grey hat: A hacker or security professional who operates in a grey area between black hat (malicious) and white hat (ethical) hacking. Grey hat hackers may use their skills for both legal and illegal purposes, often with the goal of exposing vulnerabilities or promoting awareness of cybersecurity issues.

H

Hacking: The unauthorized access to a computer system or network with malicious intent. An example of hacking is when a cybercriminal uses a vulnerability in a website or software to gain access to sensitive information or install malware.

Honeypot: A decoy system or network that is designed to lure attackers and gather information about their methods and tactics. An example of a honeypot is a computer system that is intentionally left vulnerable, in order to attract attackers and study their behavior.

Hash function: A cryptographic function that converts data of any size into a fixed-size string of characters, often used to verify data integrity and prevent tampering. An example of a hash function is the Secure Hash Algorithm (SHA), a widely used algorithm that generates a fixed-size output that can be used to verify the integrity of data.

Hacking-as-a-Service: A business model in which individuals or groups offer hacking services for hire, often on the dark web or other underground marketplaces. Hacking-as-a-Service can be used for a variety of purposes, including cyber espionage, financial fraud, and political activism.

I

Identity theft: The unauthorized use of another person’s personal information to commit fraud or other illegal activities. An example of identity theft is when a hacker steals a user’s name, address, and Social Security number to open credit card accounts or take out loans in the user’s name.

Internet of Things (IoT): A network of physical devices, vehicles, home appliances, and other objects that are connected to the internet and can collect and exchange data. An example of IoT is a smart thermostat that allows the user to remotely control the temperature in their home using a mobile app.

Intranet: A private computer network that is used within an organization and is accessible only to authorized personnel. An example of an intranet is a company’s internal website, which may contain sensitive information and resources that are not accessible to the public.

ICS (Industrial Control System) security: A branch of cybersecurity that focuses on protecting critical infrastructure, such as power plants, water treatment facilities, and transportation systems, from cyber attacks. ICS security typically involves the use of specialized security measures and protocols, as well as training for ICS operators and engineers.

Identity and Access Management (IAM): A framework of policies and technologies that manages digital identities and access to resources within a network. IAM systems typically include tools for authentication, authorization, and identity governance, and may be used to enforce security policies and compliance requirements.

J

Jailbreaking: The process of removing software restrictions imposed by a mobile device’s operating system, which allows users to install apps or perform actions that are normally prohibited. An example of jailbreaking is when an iPhone user installs a third-party app store to download apps that are not available on the official App Store.

Jamming: The act of disrupting or disabling wireless communications by broadcasting interference on the same frequency as the communication signal. An example of jamming is when an attacker uses a jamming device to interfere with the signals of GPS navigation systems, making it difficult or impossible for vehicles or aircraft to navigate.

Jump box: A dedicated system that is used to manage and access other systems within a network. A jump box is typically secured and isolated from the rest of the network, and is used to control and monitor remote access to other systems.

JTAG (Joint Test Action Group): A standard for testing and debugging electronic circuits, which can also be used to bypass security measures on devices such as smartphones and gaming consoles. JTAG attacks may be used to extract data or install malware on a device, and can be difficult to detect.

K

Keylogger: Software or hardware that records every keystroke made by a user, including passwords and other sensitive information. An example of a keylogger is when a cybercriminal installs malware on a user’s computer to record their keystrokes and steal their login credentials.

Kerberos: A network authentication protocol that is used to verify the identities of users and services on a network. An example of Kerberos is the authentication mechanism used in Microsoft Active Directory, which allows users to access resources on a network using a single set of credentials.

L

Logic bomb: A type of malicious code that is triggered by a specific event, such as a date or time, to cause damage or steal data. An example of a logic bomb is when a disgruntled employee sets a program to delete all files on the company’s server at a certain time.

Least privilege: The principle of granting users or systems only the minimum level of access required to perform their functions, in order to limit the potential damage that can be caused by a security breach. Least privilege can be enforced through access controls and other security policies.

M

Malware: Any software designed to harm, disrupt, or gain unauthorized access to a computer system or network. An example of malware is a Trojan horse, which appears to be a legitimate software application but contains malicious code that can infect a user’s computer or steal sensitive information.

Man-in-the-browser (MITB): A type of malware that intercepts and modifies web traffic between a user’s browser and a web server, allowing an attacker to steal sensitive information, such as login credentials or financial data. An example of MITB is the Zeus banking Trojan, which injects code into web pages to collect user data and redirect transactions to the attacker’s account.

Man-in-the-Browser: A type of cyber attack that involves intercepting and modifying web browser traffic, often used to steal login credentials or other sensitive information. An example of a man-in-the-browser attack is when an attacker injects malicious code into a victim’s web browser, which then captures and sends sensitive data to the attacker.

Malware-as-a-Service: A business model in which cyber criminals offer malware for hire, often on the dark web or other underground marketplaces. Malware-as-a-Service can be used for a variety of purposes, including data theft, financial fraud, and ransomware attacks.

Malvertising: The use of online advertising to distribute malware or other malicious content. Malvertising attacks may exploit vulnerabilities in ad networks or use social engineering to trick users into downloading or installing malicious software.

N

Non-repudiation: A security measure that ensures that a user cannot deny performing a specific action, such as sending a message or making a transaction. An example of non-repudiation is a digital signature that provides evidence of the signer’s identity and ensures the integrity of the message.

Network segmentation: The practice of dividing a network into smaller, more secure subnetworks or segments, typically based on functional or security requirements. Network segmentation can help to limit the impact of a security breach, as an attacker may be able to access only a portion of the network rather than the entire network.

Non-repudiation: The ability to prove that a particular action or transaction was performed by a specific user or system, and cannot be denied or repudiated later. Non-repudiation may be achieved through the use of digital signatures, audit trails, and other forensic techniques.

O

Open source software: Software that is distributed with its source code available for modification and distribution by users. An example of open source software is the Linux operating system, which is freely available and can be modified and distributed by anyone.

Obfuscation: The act of intentionally making code or data difficult to understand or analyze, often to protect intellectual property or to prevent reverse engineering. An example of obfuscation is when a programmer uses techniques such as code obfuscation or encryption to protect their software from being analyzed or tampered with.

Open Web Application Security Project (OWASP): An open community dedicated to improving software security, which produces tools and resources for developers and security professionals. OWASP is best known for its Top Ten list of the most critical web application security risks.

P

Phishing: A type of social engineering attack that is designed to trick users into giving up sensitive information, such as usernames and passwords. An example of phishing is when a user receives an email that appears to be from their bank, asking them to click a link and enter their login credentials, which are then stolen by the attacker.

Penetration testing: The process of testing a computer system, network, or application for vulnerabilities and security weaknesses, using techniques similar to those used by attackers. An example of penetration testing is when a company hires a third-party security firm to simulate an attack on their network or systems, in order to identify vulnerabilities and recommend ways to improve security.

Q

Quarantine: A security measure that isolates potentially harmful files or programs to prevent them from spreading or causing damage. An example of quarantine is when an antivirus software identifies a suspicious file and moves it to a separate folder for analysis or deletion.

Quantum encryption: A method of encrypting data using principles of quantum mechanics, which makes it theoretically impossible for an eavesdropper to intercept or read the encrypted message. Quantum encryption has the potential to provide much stronger security than traditional cryptographic methods.

R

Ransomware: A type of malware that encrypts a user’s files and demands payment in exchange for the decryption key. An example of ransomware is the WannaCry attack, which infected hundreds of thousands of computers worldwide and demanded a ransom to unlock the encrypted files.

Red team: A group of cybersecurity professionals who are hired to simulate cyber attacks and test the effectiveness of an organization’s security defenses. Red team exercises can be used to identify weaknesses in security protocols and improve overall cybersecurity posture.

S

Social engineering: The use of psychological manipulation to trick users into giving up sensitive information or performing actions that are harmful to their organization. An example of social engineering is when a hacker impersonates a trusted individual, such as a bank employee or IT support, to gain access to sensitive information or systems.

Spear phishing: A type of phishing attack that is targeted at specific individuals or organizations, using personalized emails or other communication. An example of spear phishing is when a hacker targets a specific executive in a company, using information gathered from social media or other

SSL/TLS: Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are protocols used to encrypt data that is transmitted over the internet. An example of SSL/TLS is when a user accesses a website with HTTPS in the URL, which indicates that the website is using SSL/TLS encryption to protect the user’s data.

Spoofing: The practice of disguising the source or identity of a message or communication, often used to carry out phishing or other attacks. An example of spoofing is when an attacker sends an email that appears to be from a trusted sender, but actually contains a malicious link or attachment.

Spoofing: A technique that involves disguising an identity or a communication to deceive a user or gain unauthorized access to a system. An example of spoofing is when an attacker uses a fake email address or website to trick a user into revealing sensitive information or installing malware.

Script kiddie: A derogatory term for a hacker who lacks advanced technical skills and instead relies on pre-packaged tools and scripts to carry out attacks. Script kiddies are often motivated by a desire for notoriety or attention rather than financial gain or political activism.

Secure coding: The practice of writing software code with security in mind, in order to prevent vulnerabilities and reduce the risk of cyber attacks. Secure coding may involve following best practices and standards, such as the OWASP Top Ten, and using specialized tools and techniques to detect and fix security flaws.

T

Two-factor authentication (2FA): A security measure that requires two forms of authentication, such as a password and a unique code sent to a user’s phone, to access a system or account. An example of 2FA is when a user logs in to a bank’s online banking platform, and is prompted to enter a unique code that is sent to their mobile phone, in addition to their password.

Trojan: A type of malware that appears to be a legitimate program, but is actually designed to perform malicious actions, such as stealing data or giving attackers remote access to the victim’s computer. An example of a Trojan is the Zeus banking Trojan, which was used to steal login credentials from online banking users.

Threat hunting: The proactive process of searching for and identifying cyber threats within a network, in order to detect and respond to them before they can cause damage or steal data. Threat hunting may involve using specialized tools and techniques to analyze network traffic, logs, and other data, as well as leveraging human expertise to identify suspicious activity.

U

User behavior analytics (UBA): A method of detecting security threats by analyzing user behavior, in order to identify anomalies or deviations from expected patterns. UBA may be used to detect insider threats, credential theft, or other types of attacks.

V

Vulnerability: A weakness or flaw in a system or software that can be exploited by attackers to gain unauthorized access or cause damage. An example of a vulnerability is a software bug that allows an attacker to execute code remotely and gain access to a computer system.

Vulnerability: A weakness or flaw in a computer system, network, or application that can be exploited by an attacker. An example of a vulnerability is an unpatched software bug that allows an attacker to execute code on a victim’s computer.

Virtual machine: A software program that creates a virtual environment that emulates a physical computer, which can be used to test software or isolate potentially harmful programs. An example of a virtual machine is the Oracle VirtualBox, which allows users to run multiple operating systems on the same physical computer.

VPN: A virtual private network that provides a secure, encrypted connection between a user and a network or the Internet, often used to protect online privacy and data transmission. An example of VPN is when a user connects to their company’s network remotely, using a VPN to access resources and communicate securely.

W

Web application security: The practice of securing web applications from attacks such as cross-site scripting (XSS), SQL injection, and others. An example of web application security is when a developer uses input validation to ensure that user input does not contain malicious code that could harm the application or the underlying database.

Web application firewall (WAF): A type of firewall that specifically targets web traffic and provides protection against attacks such as cross-site scripting (XSS) and SQL injection. An example of a WAF is the open source ModSecurity, which can be used to filter and block malicious traffic before it reaches the web application.

WPA3: A wireless security protocol that provides stronger encryption and authentication for Wi-Fi networks, designed to protect against attacks and improve security for connected devices. An example of WPA3 is when a user connects to a Wi-Fi network that uses this protocol, providing enhanced security and privacy for their communication.

Watering hole attack: A type of cyber attack in which an attacker compromises a website that is frequently visited by a target group, in order to distribute malware or steal sensitive information. Watering hole attacks may be used to target organizations or individuals with specific interests or affiliations.

X

X.509: A widely used standard for digital certificates, which are used to verify the identity of a user, device, or organization. An example of X.509 is the SSL/TLS certificates used to secure web traffic by authenticating the identity of the website owner and encrypting data transmitted between the website and user.

Y

Yellow team: A group within an organization’s cybersecurity program that is responsible for monitoring and improving the effectiveness of the blue team (defenders) and red team (attackers). An example of a yellow team is when an organization hires a group of security experts to perform ongoing assessments and provide feedback to the blue and red teams.

Z

Zero-day vulnerability: A security vulnerability that is unknown to the vendor or developer and has not yet been patched. An example of a zero-day vulnerability is when a researcher discovers a previously unknown vulnerability in a software program, and uses it to gain unauthorized access or steal sensitive data.

Zombie:: A computer that has been infected with malware and is controlled remotely by an attacker without the knowledge of the owner. An example of a zombie computer is one that is used to send spam emails, launch DDoS attacks, or carry out other malicious activities without the owner’s knowledge or consent.

Zero-day exploit: A type of cyber attack that targets a previously unknown vulnerability in software, before a patch or update is available to fix it. Zero-day exploits may be used by hackers or other attackers to gain unauthorized access to systems, steal data, or install malware.