Cybersecurity Glossary

A sophisticated, long-term cyberattack where an intruder gains access to a network and remains undetected for an extended period. APTs are typically state-sponsored and target high-value organizations.

The practice of protecting Application Programming Interfaces (APIs) from attacks and misuse. Includes authentication, authorization, input validation, and rate limiting.

The sum of all potential entry points where an unauthorized user can access a system. Includes network interfaces, software, hardware, and human factors.

The process of verifying the identity of a user, device, or system. Common methods include passwords, biometrics, tokens, and multi-factor authentication.

A penetration testing approach where the tester has no prior knowledge of the target system. Simulates an external attacker with no inside information.

An attack method that uses trial-and-error to guess login credentials, encryption keys, or hidden web pages by systematically trying all possible combinations.

A program offered by organizations that rewards security researchers for discovering and responsibly disclosing vulnerabilities in their systems.

Council for Registered Ethical Security Testers. An international certification body that provides assurance of penetration testing quality and ethical standards.

A web security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users. Can steal session cookies, credentials, or perform actions on behalf of victims.

Common Vulnerabilities and Exposures. A standardized naming system for publicly known security vulnerabilities, each assigned a unique identifier (e.g., CVE-2024-1234).

Common Vulnerability Scoring System. A standardized framework for rating the severity of security vulnerabilities on a scale of 0-10.

An incident where sensitive, protected, or confidential data is accessed, copied, transmitted, or stolen by an unauthorized party.

Distributed Denial of Service. An attack that overwhelms a target with traffic from multiple sources, making services unavailable to legitimate users.

A security strategy that employs multiple layers of security controls throughout an IT system. If one layer fails, others continue to provide protection.

The process of converting data into a coded format to prevent unauthorized access. Can be symmetric (same key) or asymmetric (public/private key pairs).

Security solutions that continuously monitor and collect data from endpoints to detect, investigate, and respond to cyber threats.

Authorized testing of computer systems to identify security vulnerabilities. Also known as penetration testing or white-hat hacking.

A network security device that monitors and controls incoming and outgoing network traffic based on predetermined security rules.

The organized approach to addressing and managing a security breach or cyberattack. Includes preparation, detection, containment, eradication, and recovery phases.

A device or software that monitors network traffic for suspicious activity and alerts security teams when potential threats are detected.

Malicious software designed to harm, exploit, or otherwise compromise computer systems. Includes viruses, worms, trojans, ransomware, and spyware.

An authentication method requiring users to provide two or more verification factors: something you know, have, or are.

Offensive Security Certified Professional. A hands-on penetration testing certification that requires passing a 24-hour practical exam.

A standard awareness document representing the most critical security risks to web applications, updated periodically by the Open Web Application Security Project.

An authorized simulated cyberattack performed to evaluate the security of a system. Identifies vulnerabilities that could be exploited by attackers.

A social engineering attack using fraudulent communications that appear legitimate to trick users into revealing sensitive information or installing malware.

An attack technique where an attacker gains elevated access to resources that are normally protected from an application or user.

Malware that encrypts a victim's files and demands payment for the decryption key. Often spreads through phishing emails or exploiting vulnerabilities.

A group of security professionals that simulate real-world attacks to test an organization's defenses. Goes beyond penetration testing to include physical and social engineering.

Risk Management in Technology. Bank Negara Malaysia's policy document outlining technology risk management requirements for financial institutions.

A centralized unit that monitors, detects, analyzes, and responds to cybersecurity incidents using people, processes, and technology.

Security Information and Event Management. Technology that aggregates and analyzes security data from across an organization to detect threats.

Psychological manipulation techniques used to trick people into making security mistakes or giving away sensitive information.

A code injection technique that exploits security vulnerabilities in an application's database layer by inserting malicious SQL statements.

Any individual or group that poses a threat to cybersecurity. Includes hacktivists, cybercriminals, nation-states, and insider threats.

A weakness in a system that can be exploited by a threat actor to gain unauthorized access or cause harm.

A systematic process of identifying, quantifying, and prioritizing security vulnerabilities in a system without attempting exploitation.

A security solution that monitors, filters, and blocks HTTP traffic to and from a web application to protect against web-based attacks.

A software security flaw unknown to the vendor and without a patch. Called 'zero-day' because developers have had zero days to fix it.

A security framework requiring all users to be authenticated, authorized, and continuously validated before accessing applications and data.