Blog

Cybersecurity Terms Glossary

Published April 29, 2026

This article is intended for beginners to overcome the difficulties of understanding some terms when they first enter the field of information security.

Search the following cybersecurity definitions:

IAM (Identity and Access Management)

IAM is the system that controls who can access what inside an organization. It manages user accounts, roles, and permissions to ensure only the right people reach sensitive data. Think of it as a digital gatekeeper deciding who gets in and what they can do once inside. Examples: Okta, Azure AD, or AWS IAM.

MFA OR 2FA (Multi-Factor Authentication)

MFA adds extra layers of security beyond just a password. It requires two or more proofs of identity like a password plus a phone code or fingerprint. Even if someone steals your password, they can’t log in without the second factor. Example: logging into Gmail and confirming with a code sent to your phone.

SSO (Single Sign-On)

SSO lets you log in once and access multiple apps without re-entering credentials each time. Example: signing into Google and instantly getting access to Gmail, Drive, and YouTube. It improves user convenience while keeping password management simpler and safer. It’s like having one key that opens all your trusted doors.

Zero Trust

Zero Trust is a security approach based on the idea: “never trust, always verify.” Every user or device must prove its identity every time even if it’s already inside the network. It assumes no one is automatically safe, not even internal employees or systems. Example: before accessing a company’s file server, you must reauthenticate and pass checks.

Least Privilege

Least Privilege means giving users or systems only the minimum permissions they truly need. If someone only needs to read a file, they shouldn’t have permission to edit or delete it. This limits damage if an account is hacked or a mistake happens. It’s like giving a cleaner access to one room instead of the whole building.

SIEM (Security Information and Event Management)

SIEM collects and analyzes logs from different systems to detect unusual or malicious behavior. It’s like a central security camera for your digital environment. When something suspicious happens, it alerts security teams in real time. Examples: Splunk, IBM QRadar, or Azure Sentinel.

EDR (Endpoint Detection and Response)

EDR focuses on protecting endpoints like laptops and servers from attacks. It continuously monitors for unusual behavior and can isolate infected machines automatically. Example: if malware tries to encrypt files, EDR can block it and alert the SOC. Tools: CrowdStrike Falcon, SentinelOne.

XDR (Extended Detection and Response)

XDR expands EDR by combining data from endpoints, networks, emails, and cloud systems. It gives a full picture of an attack instead of isolated alerts from separate tools. This helps analysts detect complex, multi-stage threats faster. Think of it as connecting all security cameras into one control room.

WAF (Web Application Firewall)

A WAF protects websites and web apps from online attacks like SQL injection or cross-site scripting (XSS). It filters and inspects HTTP traffic, blocking anything suspicious before it reaches the app. Think of it as a security guard who reads every message coming to your website. Examples: Cloudflare WAF, AWS WAF, Imperva.

SOC (Security Operations Center)

A SOC is a team or department that monitors and defends an organization’s systems 24/7. They track alerts, investigate suspicious activity, and respond to security incidents. Think of them as digital firefighters always ready to act when an alarm goes off. They rely on tools like SIEM and EDR to stay aware of threats in real time.

CSP (Cloud Service Provider - Content Security Policy)

CSP can mean Cloud Service Provider or Content Security Policy, depending on context . Here are both definitions written clearly:

CSP (Cloud Service Provider)

A CSP is a company that delivers computing services like servers, databases, and software through the internet. Examples include AWS, Microsoft Azure, and Google Cloud. They handle all the physical infrastructure so customers can build, host, or run apps easily. Think of them as the landlords of the cloud you rent resources instead of buying hardware.

CSP (Content Security Policy)

CSP is a web browser security feature that helps prevent attacks like Cross-Site Scripting (XSS). It lets a website tell the browser which sources of scripts, images, or styles are trusted. If a hacker tries to load a malicious script from an unapproved source, the browser blocks it. It’s like a guest list for your website only trusted content is allowed to run

PKI (Public Key Infrastructure)

PKI is the system that manages digital certificates and encryption keys to secure communication. It ensures that data sent over the internet (like on HTTPS sites) is private and authentic. It works with two keys one public and one private to encrypt and verify information. Think of PKI as the ID card system of the digital world, proving who’s who online.

HSM (Hardware Security Module)

An HSM is a physical device that securely stores and manages encryption keys. It protects sensitive keys from being copied or stolen, even by internal employees. Banks and cloud providers use HSMs for things like digital signatures and secure transactions. It’s like a digital safe that only authorized systems can open. HSM examples: AWS CloudHSM, Thales Luna, Azure Key Vault HSM, IBM Cloud HSM, Entrust nShield.

CASB (Cloud Access Security Broker)

A CASB acts as a security checkpoint between users and cloud services. It monitors and controls how data moves in and out of cloud apps like Google Drive or Salesforce. CASBs help enforce company policies, detect risky behavior, and prevent data leaks. Think of it as a security guard watching all cloud traffic for your organization. CASB examples: Netskope, McAfee MVISION Cloud, Microsoft Defender for Cloud Apps, Palo Alto Prisma Cloud, Cisco Cloudlock.

DevSecOps

DevSecOps means adding security into every stage of the software development process. Instead of checking for security only at the end, developers, security teams, and operations work together from the start. Example: automatically scanning code for vulnerabilities each time it’s updated. It’s like building safety into a car while designing it not after it’s already on the road.

BCP (Business Continuity Plan)

A BCP is a plan that keeps a business running during emergencies like cyberattacks, fires, or power outages. It defines backup systems, communication steps, and recovery methods. Example: having cloud backups ready so operations can continue even if the main office is down. It’s basically a “what to do when things go wrong” guide for companies.

DRP (Disaster Recovery Plan)

A DRP is a detailed guide for restoring systems and data after a disaster like ransomware, fire, or server failure. It focuses on getting IT systems back online quickly and minimizing downtime. Example: restoring backups to new servers after a cyberattack. Think of it as an emergency kit that helps your business survive and recover fast.

RBAC (Role-Based Access Control)

RBAC gives users permissions based on their job roles. For example, an accountant can view financial data, but a developer cannot. It simplifies management you just assign roles instead of individual permissions. It’s like giving keys only to people whose job requires entering certain rooms.

ABAC (Attribute-Based Access Control)

ABAC controls access based on user attributes (like department, location, or time). It’s more flexible than RBAC because it checks multiple conditions before granting access. Example: “Allow access if user is in HR and it’s during work hours.” It’s like a smart lock that opens only when all conditions are met.

Threat Modeling

Threat Modeling is the process of identifying how an attacker could harm a system and how to stop them. It helps teams find weak spots early before real hackers do. Example: analyzing a banking app to see if attackers could steal data through insecure APIs. It’s like planning your defense by thinking the way an enemy would.

SOAR (Security Orchestration, Automation, and Response)

SOAR tools help security teams automate responses to incidents. They connect systems like SIEM, firewalls, and ticketing tools to act automatically when threats appear. Example: if malware is detected, SOAR can isolate the device and alert the team instantly. It’s like having a smart assistant that handles emergencies on its own.

SOAR examples: Palo Alto Cortex XSOAR - Splunk SOAR (formerly Phantom)

DLP (Data Loss Prevention)

DLP prevents sensitive information from being leaked, stolen, or sent outside the company. It monitors emails, file uploads, and USB transfers to stop data from leaving unauthorizedly. Example: blocking a user from emailing a spreadsheet with customer credit card numbers. It’s like a security guard ensuring confidential files never leave the building.

DLP examples: Symantec Data Loss Prevention (Broadcom) - McAfee Total Protection for DLP

IDS (Intrusion Detection System)

An IDS monitors network traffic or system activity to detect suspicious or malicious behavior. It doesn’t block attacks it only alerts security teams when something looks wrong. Example: noticing unusual login attempts from foreign IPs. It’s like a burglar alarm that warns you when someone’s trying to break in.

IPS (Intrusion Prevention System)

An IPS does everything an IDS does but also takes action to stop attacks. It can block malicious traffic, reset connections, or quarantine systems automatically. Example: detecting a SQL injection attempt and instantly blocking that request. It’s like a security guard who not only sounds the alarm but tackles the intruder.

Honeypot

A Honeypot is a fake system or service set up to attract hackers and study their behavior. It looks real but contains no valuable data, so it’s safe to monitor. Example: a fake login portal that records attack methods used by cybercriminals. It’s like bait a trap to learn how thieves operate.

Honeypot examples: Cowrie – Dionaea – Honeyd – Kippo

Honeynet

A Honeynet is a collection of multiple Honeypots connected together. It simulates an entire network environment to observe more advanced attacks. Researchers use it to understand large-scale or coordinated hacking tactics. Think of it as a whole fake neighborhood built to catch and study burglars.

Honeynet examples: The Honeynet Project – MHN (Modern Honey Network) - Honeywall

Air Gap

An Air Gap means completely isolating a computer or network from the internet or other systems. It’s used to protect highly sensitive environments like military or industrial systems. Example: a nuclear plant control network not physically connected to any external network. It’s like keeping your most valuable treasure in a locked room with no doors or Wi-Fi.

Network Segmentation

Network Segmentation divides a network into smaller sections to limit access and damage. If one part is compromised, the attacker can’t easily reach the rest. Example: separating office computers from servers that store customer data. It’s like putting fire doors in a building to stop flames from spreading.

examples : Cisco ACI (Application Centric Infrastructure) – VMware NSX – Illumio Core

VLAN (Virtual Local Area Network)

A VLAN is a virtual way to separate devices on the same physical network. It organizes traffic so that only specific devices can talk to each other securely. Example: keeping the HR department’s computers on a different VLAN from IT’s. It’s like invisible walls inside one office building that divide departments.

NAC (Network Access Control)

NAC checks every device that tries to connect to a network before letting it in. It can block unknown or non-compliant devices automatically. Example: denying access to a laptop without updated antivirus software. It’s like a digital bouncer only trusted, healthy devices get through the door.

MDM (Mobile Device Management)

MDM is software that lets companies control and secure mobile devices used for work. It can enforce password policies, encrypt data, or remotely wipe a lost device. Example: if a phone with company emails is stolen, IT can erase it instantly. Tools: Microsoft Intune, VMware Workspace ONE, Jamf.

BYOD (Bring Your Own Device)

BYOD means employees use their personal phones, laptops, or tablets for work tasks. It’s convenient but risky, since personal devices may not follow company security rules. Example: an employee checking work emails on their own smartphone. Companies often use MDM tools to keep BYOD devices secure and compliant.

Secure Boot

Secure Boot is a feature that ensures a device starts only with trusted, verified software. When a computer powers on, it checks the digital signatures of system files before running them. If malware or unauthorized firmware is detected, the boot process stops. It’s like checking IDs before letting anyone enter the building during startup.

TPM (Trusted Platform Module)

A TPM is a small hardware chip that securely stores encryption keys and system integrity data. It helps verify that a computer hasn’t been tampered with during startup. TPMs are used for features like Windows BitLocker encryption and Secure Boot. Think of it as a digital safe built right into your motherboard.

Certificate Pinning

Certificate Pinning links an app or website to a specific SSL certificate or public key. Even if a hacker tricks a browser with a fake certificate, the app won’t trust it. Example: a banking app only accepting its real server certificate, blocking impostors. It’s like knowing your friend’s exact voice you won’t believe an imitator.

Supply Chain Security

Supply Chain Security focuses on protecting every step involved in creating and delivering software or hardware. It ensures no one injects malicious code, tools, or components during production or updates. Example: verifying third-party libraries before including them in your app. It’s like checking every link in a delivery chain to make sure no package was tampered with.

SBOM (Software Bill of Materials)

An SBOM is a detailed list of all the components, libraries, and dependencies inside a software product. It helps developers and security teams know what’s in their code and where vulnerabilities might hide. Example: if a library like Log4j is found vulnerable, an SBOM helps you locate and patch it fast. It’s like an ingredient label for software.

Immutable Infrastructure

Immutable Infrastructure means servers or containers are never modified after deployment. If an update is needed, a new instance is built and replaces the old one completely. This prevents hidden configuration drift and makes environments more predictable. It’s like replacing a damaged car part with a new one instead of trying to repair it in place.

examples: Docker - Kubernetes

Containerization

Containerization is a method of packaging applications with all their dependencies into isolated units called containers. It ensures consistency across environments (development, testing, production). Containers are lightweight and portable compared to virtual machines. Examples: Docker, Podman, LXC, containerd.

Kubernetes Security

Kubernetes Security focuses on protecting containerized workloads managed by Kubernetes. It involves securing clusters, nodes, network policies, secrets, and access control. Common practices include using Role-Based Access Control (RBAC), image scanning, and runtime monitoring. Examples: Kube-bench, Aqua Security, Prisma Cloud, Falco.

Secrets Management

Secrets Management handles sensitive information like passwords, API keys, and certificates. It ensures secure storage, controlled access, and automated rotation of secrets across systems. Examples: HashiCorp Vault, AWS Secrets Manager, Azure Key Vault, Google Secret Manager.

Key Rotation

Key Rotation is the process of periodically changing encryption or access keys to reduce the impact of key compromise. It strengthens data protection and is often automated in secure systems. Examples: AWS KMS automatic rotation, Azure Key Vault rotation policies, Google Cloud KMS rotation.

Log Management

Log Management involves collecting, storing, and analyzing system and application logs to detect issues, track user actions, and support security investigations. It’s vital for incident response and compliance. Examples: Splunk, Graylog, ELK Stack (Elasticsearch, Logstash, Kibana).

Insider Threat

An Insider Threat occurs when someone within an organization ike an employee or contractor misuses their access to harm the company. This could be stealing data, sabotaging systems, or leaking information accidentally. Examples: Edward Snowden case, or an employee copying confidential client data.

Chaos Engineering

Chaos Engineering is the practice of intentionally breaking parts of a system to test its resilience and recovery. The goal is to find weaknesses before real failures happen. Example: Netflix’s Chaos Monkey tool randomly shuts down services to test system stability.

OAuth

OAuth is a technology that lets users log in to websites using existing accounts from other platforms like Google or Facebook without sharing their passwords. Example: Clicking “Login with Google” on a new website uses OAuth.

OpenID Connect (OIDC)

OpenID Connect is built on top of OAuth 2.0 and adds identity verification. While OAuth focuses on authorization (what you can do), OIDC adds authentication (who you are). Example: When an app confirms your identity via your Google profile before granting access.

SAML (Security Assertion Markup Language)

SAML is an older XML-based standard used to share login credentials between systems, often in enterprise environments for single sign-on (SSO). Example: Logging into multiple corporate apps through one company portal uses SAML.

PKCE (Proof Key for Code Exchange)

PKCE is an extension of OAuth 2.0 that makes authentication safer, especially for mobile and single-page apps. It prevents attackers from stealing authorization codes by using a unique secret for each login attempt. Example: Used when a mobile app logs you in via Google securely without exposing tokens.

DNSSEC (Domain Name System Security Extensions)

DNSSEC adds cryptographic signatures to DNS records to prevent attackers from redirecting users to fake websites (DNS spoofing). Example: When a browser verifies that bank.com truly comes from the legitimate DNS server, not a malicious one.

DoH (DNS over HTTPS)

DoH encrypts DNS requests using HTTPS, hiding them from eavesdroppers like ISPs or hackers. It protects user privacy by preventing DNS-based tracking or manipulation. Example: Firefox and Chrome use DoH to securely resolve website names.

RASP (Runtime Application Self-Protection)

RASP is a security technology built into an application that monitors its own behavior and blocks attacks in real time like SQL injection or XSS while the app is running. Examples: Contrast Security, Imperva RASP, Signal Sciences RASP.

Runtime Monitoring

Runtime Monitoring tracks what an application or system does while it’s running to detect abnormal behavior, performance issues, or attacks in real time. It helps catch threats that static analysis might miss. Examples: Datadog, Dynatrace, New Relic, Falco (for containers).

Threat Intelligence

Threat Intelligence involves collecting and analyzing data about current and emerging cyber threats to predict and prevent attacks. It includes attacker tactics, tools, and indicators of compromise (IOCs). Examples: Recorded Future, Mandiant Threat Intelligence, IBM X-Force.

MITRE ATT&CK

MITRE ATT&CK is a global knowledge base that documents real-world attacker techniques and tactics used during cyber intrusions. It helps organizations understand, detect, and respond to threats effectively. Example: Security teams map attacks like phishing or lateral movement to MITRE ATT&CK techniques for analysis.

Secure SDLC (Software Development Life Cycle)

Secure SDLC integrates security practices into every stage of software development from planning and coding to testing and deployment to build more secure applications. Examples: Microsoft SDL, OWASP SAMM frameworks.

Code Signing

Code Signing uses digital certificates to verify the authenticity and integrity of software. It ensures that the code hasn’t been tampered with and comes from a trusted developer. Examples: Microsoft Authenticode, Apple Developer Certificates, DigiCert.

Firmware Security

Firmware Security focuses on protecting the low-level software that runs hardware devices (like BIOS or UEFI). Attackers who compromise firmware can control a system before the OS even loads, making detection hard. Examples: Intel Boot Guard, HP Sure Start, Eclypsium firmware protection.

API Gateway

An API Gateway acts as a central entry point for APIs it manages authentication, rate limiting, encryption, and logging. It helps control and secure how clients interact with backend services. Examples: Kong, NGINX API Gateway, AWS API Gateway, Apigee.

Webhooks Security

Webhooks let applications automatically send data to each other over HTTP. Securing them means verifying requests (via signatures or tokens), using HTTPS, and restricting allowed IPs to prevent spoofing or abuse. Example: GitHub or Stripe webhooks secured with HMAC signatures.

Endpoint Hardening

Endpoint Hardening means securing devices like laptops, servers, and mobile phones by reducing their attack surface disabling unused ports, enforcing patches, encryption, and security policies. Examples: Microsoft Intune, CrowdStrike Falcon, CIS Hardening Benchmarks.

Configuration Management

Configuration Management ensures all systems and software are set up securely and consistently. It prevents configuration drift, where small untracked changes can create security gaps. Examples: Ansible, Puppet, Chef.

Vulnerability Management

Vulnerability Management is the continuous process of identifying, assessing, prioritizing, and fixing security weaknesses in systems and applications before attackers exploit them. Examples: Tenable Nessus, Qualys, Rapid7 InsightVM.

Patch Management

Patch Management involves regularly applying software updates and security fixes to close known vulnerabilities. It’s essential for defending against exploits targeting outdated systems. Examples: WSUS (Windows Server Update Services), ManageEngine Patch Manager Plus, Ivanti.

Privacy Impact Assessment (PIA)

A PIA is an evaluation that determines how a project or system might affect personal data privacy and ensures compliance with privacy laws like GDPR. Example: Conducting a PIA before launching a new customer data analytics platform

Consent Management

Consent Management handles how organizations collect, store, and manage user permissions for data processing. It ensures users control how their personal information is used. Examples: OneTrust, TrustArc, Cookiebot.

SOC 2 (System and Organization Controls 2)

SOC 2 is a security and privacy auditing standard used to evaluate how companies protect customer data. It focuses on areas like security, availability, confidentiality, processing integrity, and privacy. Many SaaS companies use SOC 2 reports to prove they handle data responsibly. It’s like an official inspection report showing whether a company follows good security practices.

ISO 27001

ISO 27001 is an international standard for building and managing an Information Security Management System (ISMS). It helps organizations create policies and controls to protect sensitive information. Companies that follow ISO 27001 show customers they take security seriously. It’s like having a global rulebook for running security properly.

ISMS (Information Security Management System)

An ISMS is a structured framework of policies, processes, and controls used to manage security risks. It helps organizations protect data in a systematic way instead of handling security randomly. ISO 27001 is based on building a good ISMS. Think of it as the operating system for a company’s security program.

GRC (Governance, Risk, and Compliance)

GRC is the practice of aligning security, business goals, and legal requirements. Governance means setting rules, risk means identifying dangers, and compliance means following laws and standards. It helps organizations make smart and secure decisions. It’s like the management layer that keeps security organized and accountable.

PCI DSS (Payment Card Industry Data Security Standard)

PCI DSS is a security standard for organizations that store, process, or transmit credit card data. It includes requirements like encryption, access control, and regular testing. Businesses that accept card payments must follow it to reduce fraud risk. It’s like a safety checklist for handling payment card information.

GDPR (General Data Protection Regulation)

GDPR is a privacy law from the European Union that protects personal data. It gives people rights over their information, such as the right to access, delete, or correct it. Companies that collect data from EU residents must follow GDPR rules. It’s like a law that says people should stay in control of their personal information.

HIPAA (Health Insurance Portability and Accountability Act)

HIPAA is a U.S. law that protects sensitive health information. Hospitals, clinics, and healthcare companies must use safeguards to keep patient data private and secure. It includes rules about who can access medical records and how data should be protected. It’s like a privacy shield for health information.

NIST CSF (NIST Cybersecurity Framework)

The NIST Cybersecurity Framework is a set of best practices for managing cybersecurity risks. It is built around functions like Identify, Protect, Detect, Respond, and Recover. Many organizations use it to improve their security programs step by step. It’s like a roadmap for building stronger cybersecurity.

CIS Benchmarks

CIS Benchmarks are detailed security configuration guides for operating systems, cloud platforms, and software. They explain the safest way to set up systems to reduce risk. Security teams use them to harden servers, laptops, and applications. Think of them as trusted setup instructions for secure technology.

Attack Surface

Attack Surface refers to all the possible points where an attacker could try to enter or damage a system. This includes apps, servers, devices, APIs, cloud services, and even people. The larger the attack surface, the more opportunities attackers have. It’s like counting every door and window a thief could use to enter a house.

Attack Vector

An Attack Vector is the specific path or method an attacker uses to gain access. Examples include phishing emails, weak passwords, exposed ports, or vulnerable web apps. Knowing attack vectors helps defenders understand how attacks begin. It’s like the exact route a burglar takes to break into a building.

Exploit

An Exploit is code or a technique that takes advantage of a vulnerability to perform unauthorized actions. Attackers use exploits to gain access, run malware, or steal data. If a bug is the weakness, the exploit is the weapon used against it. It’s like using a broken lock to get into a room.

Payload

A Payload is the part of an attack that performs the harmful action after access is gained. It could be ransomware, spyware, a remote shell, or data-stealing malware. In other words, it’s what the attacker delivers after getting in. Think of it as the dangerous package hidden inside an attack.

IOC (Indicator of Compromise)

An IOC is a clue that shows a system may already be compromised. Examples include strange IP addresses, malicious file hashes, suspicious domain names, or unusual login activity. Security teams use IOCs to detect and investigate attacks. It’s like finding footprints that show an intruder was already in the house.

IOA (Indicator of Attack)

An IOA is a sign that an attack is happening based on behavior, not just known bad files or IPs. For example, a process trying to dump passwords from memory could be an IOA. Unlike IOCs, IOAs help detect attacks earlier, even when malware is new. It’s like spotting someone acting suspiciously before they actually steal something.

TTPs (Tactics, Techniques, and Procedures)

TTPs describe how attackers operate. Tactics are their goals, techniques are the methods they use, and procedures are the detailed steps they follow. Security teams study TTPs to understand and predict attacker behavior. It’s like learning a criminal’s habits, tools, and plans.

Kill Chain

The Kill Chain is a model that describes the stages of a cyberattack, from reconnaissance to actions on objectives. It helps defenders understand where they can detect or stop an attack. Common stages include delivery, exploitation, installation, and command and control. It’s like breaking a robbery into steps so police can stop it earlier.

Lateral Movement

Lateral Movement is when an attacker moves from one compromised system to other systems inside the same environment. After getting initial access, they explore the network to find more valuable targets. This often leads to bigger damage like domain takeover or data theft. It’s like a burglar entering one room and then moving through the whole building.

Privilege Escalation

Privilege Escalation happens when an attacker gains higher permissions than they originally had. For example, they may move from a normal user account to administrator access. This gives them more control and allows deeper compromise. It’s like sneaking into a building as a visitor and somehow getting the master key.

Persistence

Persistence means an attacker keeps access to a system even after reboots, password changes, or temporary cleanup. They may create hidden accounts, scheduled tasks, or malicious services to stay inside. This helps them return whenever they want. It’s like a thief secretly making a copy of the house key before leaving.

C2 / C&C (Command and Control)

Command and Control is the communication channel attackers use to control infected systems remotely. Malware often connects to a C2 server to receive instructions or send stolen data. Detecting C2 traffic is important during incident response. It’s like a remote control center telling the attacker’s infected machines what to do.

Exfiltration

Exfiltration is the act of stealing data from a system and sending it outside the organization. Attackers may exfiltrate files, passwords, emails, or customer records. This usually happens quietly to avoid detection. It’s like someone sneaking confidential papers out of an office in a backpack.

RCE (Remote Code Execution)

RCE is a vulnerability that allows an attacker to run code on a system from a remote location. It is one of the most dangerous types of bugs because it can lead to full system compromise. Attackers love RCE flaws in web apps, servers, and devices. It’s like being able to control someone’s computer from far away without permission.

Sandboxing

Sandboxing means running a program in an isolated environment so it cannot freely affect the rest of the system. Security teams use sandboxes to safely test suspicious files or emails. Browsers and apps also use sandboxing to limit damage from malicious code. It’s like letting a risky experiment happen inside a sealed glass box.

Fuzzing

Fuzzing is a testing method where random, unexpected, or malformed input is sent to software to see if it crashes or behaves unsafely. It helps developers find hidden bugs and vulnerabilities. Many serious security flaws have been discovered through fuzzing. It’s like stress-testing a machine by pressing every button in strange ways.

CVE (Common Vulnerabilities and Exposures)

A CVE is a public identifier given to a known security vulnerability. It helps security teams and vendors talk about the same issue using one standard name. Example: CVE-2021-44228 refers to Log4Shell. It’s like giving every known bug its own official ID number.

CVSS (Common Vulnerability Scoring System)

CVSS is a scoring system used to measure how severe a vulnerability is. Scores usually range from 0 to 10, with higher scores meaning more dangerous issues. It helps teams decide what to patch first. It’s like a rating system that tells you which problems are most urgent.

CWE (Common Weakness Enumeration)

CWE is a list of common software weakness types, such as buffer overflows or improper input validation. While CVE identifies a specific vulnerability, CWE identifies the general category of weakness behind it. Developers use CWEs to understand root causes. It’s like grouping many similar mistakes under one label.

Buffer Overflow

A Buffer Overflow happens when a program writes more data into memory than it was designed to hold. This can crash the app or allow an attacker to run malicious code. It’s a classic security issue in lower-level programming languages like C and C++. It’s like pouring too much water into a cup until it spills everywhere.

Race Condition

A Race Condition happens when software depends on the timing of events, and attackers exploit that timing to cause unexpected behavior. For example, two actions may happen at the same time in a way developers did not expect. This can lead to privilege abuse or inconsistent data. It’s like two people reaching for the same key at the same moment and confusing the system.

MITM (Man-in-the-Middle)

A MITM attack happens when an attacker secretly intercepts communication between two parties. They may read, change, or steal the data being exchanged. This can happen on insecure Wi-Fi or through fake certificates. It’s like someone secretly standing between you and your friend, listening and changing the messages you send.

Replay Attack

A Replay Attack is when an attacker captures valid data, such as an authentication token or login request, and sends it again later to gain access. The original data may be real, but it is reused maliciously. Systems use timestamps, nonces, or session controls to stop this. It’s like recording someone saying a password and replaying it to fool the door lock.

Brute Force Attack

A Brute Force Attack is when an attacker tries many passwords or keys until one works. This can be done manually or automatically using scripts and bots. Weak passwords are especially vulnerable to brute force attacks. It’s like trying every key on a giant keyring until one opens the door.

Credential Stuffing

Credential Stuffing is when attackers use stolen username and password combinations from one breach to try logging into other services. It works because many people reuse the same password across multiple sites. MFA helps reduce this risk. It’s like using a stolen house key to see if it also opens the office and the car.

Password Spraying

Password Spraying is a login attack where attackers try a few common passwords against many accounts instead of trying many passwords against one account. This helps them avoid account lockouts. Examples include trying passwords like “Welcome123” or “Summer2026!”. It’s like testing one common key on every door in a hallway.

Phishing

Phishing is a social engineering attack where attackers trick people into revealing passwords, clicking malicious links, or downloading malware. It often happens through fake emails, messages, or websites. Example: a fake Microsoft login page sent by email. It’s like someone pretending to be your bank to trick you into giving away your account details.

Spear Phishing

Spear Phishing is a targeted form of phishing aimed at a specific person or company. The attacker often uses personal details to make the message look real and convincing. Example: an email that looks like it came from your manager asking you to open an attachment. It’s like a scam letter written just for you instead of a random crowd.

Whaling

Whaling is a phishing attack aimed at high-level executives or important decision-makers like CEOs or CFOs. These targets often have access to sensitive systems or can approve payments. Because the stakes are higher, the messages are usually carefully crafted. It’s like hunting the biggest fish in the pond instead of the smaller ones.

Smishing

Smishing is phishing done through SMS or text messages. Attackers may send fake delivery notices, bank alerts, or urgent account warnings with malicious links. Since people trust text messages more than emails, smishing can be very effective. It’s like phishing, but sent to your phone instead of your inbox.

Vishing

Vishing is phishing done through voice calls. Attackers pretend to be bank staff, IT support, or government officials to trick victims into sharing sensitive information. They may use fear or urgency to pressure people. It’s like a scammer calling you and acting trustworthy so you reveal secrets.

BEC (Business Email Compromise)

BEC is an attack where criminals use email to impersonate executives, vendors, or employees to steal money or sensitive information. They often request urgent wire transfers or invoice payments. These attacks may not use malware at all just deception. It’s like a criminal wearing your boss’s name tag and asking finance to send money.

Ransomware

Ransomware is malware that encrypts files or systems and demands payment to restore access. It can stop business operations completely and may also involve data theft. Victims are pressured to pay quickly to avoid downtime or leaks. It’s like a thief locking all your rooms and demanding money for the keys.

Wiper Malware

Wiper Malware is malicious software designed to destroy data permanently instead of holding it for ransom. Its goal is usually disruption, sabotage, or retaliation rather than profit. This makes it especially dangerous for governments and critical infrastructure. It’s like someone entering your office just to shred everything beyond repair.

Botnet

A Botnet is a network of infected devices controlled by an attacker. These devices can be used to send spam, launch DDoS attacks, or spread malware. The owners of the devices often do not even know they are infected. It’s like turning thousands of hijacked computers into a remote-controlled army.

DDoS (Distributed Denial of Service)

A DDoS attack overwhelms a server, website, or service with huge amounts of traffic so real users cannot access it. Attackers often use botnets to generate the traffic. The goal is disruption, downtime, or pressure on the victim. It’s like flooding a store with fake customers so real customers cannot get in.

Malvertising

Malvertising means using online ads to spread malware or redirect users to malicious websites. A person may get infected simply by clicking an ad or, in some cases, just loading a compromised page. This makes normal browsing risky if ad networks are abused. It’s like hiding a trap inside a normal-looking billboard.

Drive-By Download

A Drive-By Download happens when visiting a malicious or compromised website silently causes malware to download onto a device. The victim may not even realize anything happened. These attacks often exploit browser or plugin vulnerabilities. It’s like stepping onto a sidewalk tile that secretly opens a trapdoor.

Watering Hole Attack

A Watering Hole Attack happens when attackers compromise a website that a specific group of people often visits. Instead of attacking victims directly, they wait for targets to come to the infected site. This is common in espionage and targeted campaigns. It’s like poisoning a water source you know your targets will eventually use.

Session Hijacking

Session Hijacking happens when an attacker steals or takes over a user’s active login session. This can happen through stolen cookies, malware, or insecure connections. Once successful, the attacker can act as the user without needing their password. It’s like stealing someone’s visitor badge after they already entered the building.

Tokenization

Tokenization replaces sensitive data, like credit card numbers, with a non-sensitive substitute called a token. The token has no useful value if stolen, while the real data is stored securely elsewhere. This reduces the risk of exposing the original data. It’s like replacing a treasure chest with a numbered claim ticket.

Data Masking

Data Masking hides real sensitive information by replacing it with fake but realistic-looking values. It is often used in testing or analytics so teams can work with data safely. For example, a real credit card number may be replaced with a fake one that looks similar. It’s like covering important words in a document so others can use it without seeing the secrets.

SaaS (Software as a Service)

SaaS means you use ready-made software over the internet instead of installing it on your computer. The provider handles everything servers, updates, and security while you simply use the app. It’s like renting a finished apartment: you only move in and live.

PaaS (Platform as a Service)

PaaS gives developers a full platform to build and run apps without managing servers or databases. You write code, and the provider takes care of hosting, scaling, and maintenance. Example: Google App Engine or Heroku. Think of it like renting a workshop that already has tools and electricity you just create.

IaaS (Infrastructure as a Service)

IaaS offers raw computing power virtual machines, storage, and networks over the cloud. You control the operating systems and apps but don’t worry about physical hardware. Examples: AWS EC2, Microsoft Azure, DigitalOcean. It’s like renting empty land you decide what to build on it.

SAST (Static Application Security Testing)

SAST checks your app’s source code or binaries before running them to find security bugs early. It’s like proofreading a book before publishing you catch mistakes in the text itself. Developers use it during coding to fix issues such as SQL injection or insecure data handling. Tools: SonarQube, Checkmarx, or Fortify.

DAST (Dynamic Application Security Testing)

DAST tests a running application from the outside, just like a hacker would. It sends requests and observes responses to find security weaknesses in real time. Think of it as testing a locked door to see if it can be forced open. Tools: OWASP ZAP, Burp Suite.

KYC (Know Your Customer)

KYC is a process companies use to verify the identity of users before allowing access or transactions. It helps prevent fraud, money laundering, and fake accounts. Example: when a bank asks for your ID, photo, or address proof before opening an account. In online services, KYC may include document uploads or facial recognition.