AuthX Security Encyclopedia
Your go-to guide for all things cybersecurity – simplified, demystified, and always up to date. Whether you’re a seasoned security pro brushing up on key terms or a newcomer navigating the world of IAM, MFA, and Zero trust, the AuthX Security Encyclopedia is your trusted companion.
Curated by our subject matter experts, this living resource turns complex infosec concepts into clear, actionable knowledge.
A
Access Control
Mechanisms that restrict access to systems, networks, and data based on policies and user identity.
Adware
Software that displays unwanted advertisements, often bundled with free applications.
Advanced Persistent Threat (APT)
A stealthy, long-term cyberattack where the attacker remains undetected for an extended period.
Authentication
The process of verifying the identity of a user, device, or system.
Authorization
Granting or denying access to resources based on identity and permissions.
Attack Surface
All possible points where an unauthorized user might try to access a system.
Asset
Any data, device, or component that supports information-related activities and requires protection.
Antivirus
Software that detects, prevents, and removes malware, including viruses and trojans.
Audit Trail
A chronological log of system activities used for tracking and forensic analysis.
Asymmetric Encryption
Cryptography using public and private key pairs for secure communication.
Authentication Token
A physical or digital item used to confirm identity during authentication.
Anomaly Detection
Identifying deviations from normal behavior to detect potential threats.
Air Gap
A security measure involving physical isolation of systems from unsecured networks.
Attack Vector
The method or path used by an attacker to breach or infiltrate a system.
Active Directory (AD)
A Microsoft directory service that manages user access and security policies.
Active Directory Certificate Services (AD CS)
Manages digital certificates for secure communications.
Active Directory Federation Services (ADFS)
Enables single sign-on across multiple systems or organizations.
Adaptive Authentication
Adjusts authentication measures dynamically based on user context and risk.
Address Resolution Protocol (ARP) Poisoning
An attack that redirects network traffic using forged ARP messages.
Advanced Encryption Standard (AES)
A widely used symmetric encryption standard for securing data.
Adversary-in-the-Middle (AitM)
An attack where the adversary intercepts and possibly alters communication between two parties.
Attacker
A person or entity attempting to exploit vulnerabilities in a system.
B
Backdoor
A hidden method of bypassing normal authentication to access a system, often used by attackers or as a maintenance shortcut.
Backup
A copy of data stored separately to recover original information after a loss, breach, or ransomware attack.
Bandwidth Attack
A denial-of-service (DoS) attack that overwhelms a network’s bandwidth to disrupt services.
Behavioral Analytics
Detects unusual patterns in user behavior to flag potential insider threats or compromised accounts.
Biometric Authentication
Uses unique biological traits like fingerprints, facial recognition, or iris scans for identity verification.
Biometric Encryption
Integrates biometric data into encryption keys, enhancing the security of sensitive information.
Biometric Orchestration
The coordination of multiple biometric modalities (e.g., face + fingerprint) to improve authentication accuracy and user experience.
Biometrics Platform
A framework or solution enabling biometric data capture, storage, and matching across applications or systems.
Black Hat
A hacker who engages in malicious or unauthorized activities.
BlackEnergy
A known malware toolkit used in cyber-espionage and critical infrastructure attacks, notably in Eastern Europe.
Blacklist
A list of denied entities (like IPs or domains) known to be malicious or suspicious.
Blind Signature Scheme
A cryptographic method where a signer can sign a message without seeing its content, used in privacy-preserving systems like e-cash.
Block Cipher
A method of encrypting data in fixed-size blocks using a symmetric key (e.g., AES, Blowfish).
Blockchain Authentication
Uses blockchain technology to validate identities in a decentralized, tamper-proof way.
Blue Team
The defensive team in cybersecurity responsible for protecting and monitoring systems.
Bot
An automated software agent that performs tasks, often part of botnets in cyberattacks.
Botnet
A network of infected devices controlled by a malicious actor, typically used for DDoS, spam, or crypto-mining.
Brute Force Attack
A method where attackers try every possible combination to crack passwords or encryption keys.
Bring Your Own Device (BYOD)
A workplace policy allowing employees to use personal devices, introducing unique security risks.
Browser Hijacking
Malware that alters browser settings without permission, redirecting users to malicious or ad-heavy sites.
Baseline Security
The minimum set of security controls needed to protect a system or network.
C
Center for Internet Security Controls (CIS Controls)
A prioritized set of best practices developed by the Center for Internet Security to help organizations improve their cybersecurity posture.
Certificate Authority (CA)
A trusted entity that issues digital certificates to verify the identity of websites, users, or devices.
Challenge Handshake Authentication Protocol (CHAP)
A protocol used to authenticate a user or network host, employing a three-way handshake and repeated challenge-response mechanisms.
Cipher
An algorithm used to perform encryption or decryption of data.
Ciphertext
Encrypted data that is unreadable without the corresponding decryption key.
Ciphertext Indistinguishability
A cryptographic property ensuring that an attacker cannot distinguish between two ciphertexts, even if they know the plaintexts.
Cleartext
Unencrypted information that can be easily read and understood without any decoding.
Client to Authenticator Protocol (CTAP1, CTAP2)
Protocols used in FIDO2 authentication allowing communication between authenticators (like security keys) and client devices.
Cloud Access Security Broker (CASB)
positioned between cloud service consumers and providers to enforce enterprise security policies.
Cloud Security
Measures and technologies designed to secure cloud computing environments, including infrastructure, data, and applications.
Clickjacking
A deceptive technique where users are tricked into clicking on something different than what they perceive, often used to hijack actions.
Client-Side Attack
A type of attack targeting vulnerabilities in software running on a user's device, such as browsers or plug-ins.
Compliance
The act of conforming to laws, standards, or regulations related to data privacy and cybersecurity.
Continuous Authentication
An authentication method that verifies user identity continuously throughout a session by monitoring behavior and context.
Corporate Account Takeover
A cybercrime where attackers gain unauthorized access to a business’s accounts, often to conduct fraudulent financial transactions.
Credential Stuffing
A cyberattack where stolen username and password pairs are used to access multiple accounts through automated login attempts.
Cross-Site Request Forgery (CSRF)
An attack that tricks a user into unknowingly executing malicious actions on a trusted web application.
Cross-Site Scripting (XSS)
A web vulnerability that allows attackers to inject and execute malicious scripts in a victim’s browser.
Cryptanalysis
The science of analyzing and breaking cryptographic systems without access to the secret key.
Cryptographic Hash Function (CHF)
A function that converts data into a fixed-length string of characters (a hash), commonly used for verifying data integrity.
Cryptography
The practice and study of secure communication through the use of codes and ciphers.
Cyberattack
An attempt by hackers to damage, disrupt, or gain unauthorized access to computer systems or networks.
Cyber Espionage
The practice of using cyber methods to steal confidential or classified information from individuals or organizations.
Cyber Hygiene
Routine practices and steps users and organizations take to maintain system health and improve security.
Cyber Kill Chain
A model outlining the steps of a cyberattack, from reconnaissance to data exfiltration.
Cybercrime
Illegal activities conducted through computers or the internet, such as data theft or ransomware attacks.
Cybersecurity Mesh
A decentralized approach to security architecture that allows disparate services to interoperate securely.
D
DarkSide
A ransomware-as-a-service (RaaS) group known for targeting critical infrastructure and demanding large ransoms in cryptocurrency.
Data Breach
An incident where sensitive or confidential information is accessed, disclosed, or stolen without authorization.
Data Encryption Standard (DES)
An outdated symmetric-key encryption algorithm once widely used for securing data, now replaced by more secure standards like AES.
Data Exfiltration
The unauthorized transfer of data from a system, usually carried out stealthily by attackers.
Data Integrity
Ensuring that information remains accurate, consistent, and unaltered during its lifecycle.
Data Loss Prevention (DLP)
Tools and strategies used to detect, monitor, and prevent the unauthorized transmission of sensitive information.
Data Masking
The process of hiding real data with altered values to protect sensitive information in non-production environments.
Decryption
The act of converting encrypted (ciphertext) data back into its original readable (plaintext) form using a decryption key.
Defense Federal Acquisition Regulation Supplement (DFARS)
A U.S. government regulation that sets cybersecurity standards for contractors handling controlled unclassified information (CUI).
Defense in Depth
A layered security approach that uses multiple defenses at different points to protect against threats.
Demilitarized Zone (DMZ)
A perimeter network that acts as a buffer zone between an internal network and untrusted external networks like the internet.
Denial-of-Service (DoS) Attack
An attempt to make a machine or network resource unavailable by overwhelming it with traffic or requests.
Dictionary Attack
A brute force method of breaking passwords using a predefined list of likely passwords and variations.
Diffie–Hellman (DH) Algorithm
A cryptographic method for securely exchanging encryption keys over a public channel.
Diffie–Hellman (DH) Algorithm
A cryptographic method for securely exchanging encryption keys over a public channel.
Digest Access Authentication
An HTTP authentication method that uses MD5 hashing to send credentials securely without sending the actual password.
Digital Certificate
An electronic document used to prove ownership of a public key, issued by a trusted Certificate Authority (CA).
Digital Forensics
The science of collecting and analyzing digital data to investigate cybercrimes or data breaches.
Digital Identity
A representation of a person or entity in a digital context, often used in authentication and authorization.
Digital Rights Management (DRM)
Technologies that control access to copyrighted digital content to prevent unauthorized use.
Digital Signature
A cryptographic technique used to verify the authenticity and integrity of a digital message or document.
Digital Signature Standard (DSS)
A U.S. government standard for digital signatures, specifying algorithms such as DSA for secure communication.
Distributed Denial-of-Service (DDoS) Attack
A large-scale DoS attack launched from multiple systems to disrupt service availability.
Distributed Key
A cryptographic key management approach where keys are distributed among multiple parties or systems for secure handling.
DNS Spoofing
A technique where attackers falsify DNS records to redirect users to malicious websites.
Domain Generation Algorithm (DGA)
An algorithm used by malware to dynamically generate domain names for connecting to command-and-control servers.
Domain Hijacking
A cyberattack in which an unauthorized user takes control of a registered domain name, usually to reroute traffic or perform phishing attacks.
Drive-By Download
A type of attack where malicious software is downloaded to a user’s system without their consent when they visit a compromised site.
Dual Factor Authentication (2FA)
A security method requiring two forms of verification before granting access to a system or application.
E
Eavesdropping Attack
Unauthorized interception of data during transmission, often targeting network communications.
Edge Security
Security practices that protect network edge devices and services from unauthorized access and threats.
Email Spoofing
A technique where attackers forge email headers to make messages appear from a trusted source.
Email Security Gateway
A solution that monitors and filters inbound/outbound emails to block spam, malware, and phishing.
Encapsulation
Wrapping data with protocol-specific headers/footers for secure or structured transmission.
Encoding
Converting data into a different format using a scheme (like Base64) to ensure safe transmission—not for security.
Encryption
The process of scrambling data into ciphertext to protect it from unauthorized access.
End-to-End Encryption (E2EE)
A method where only the communicating users can decrypt the data, ensuring privacy.
Endpoint
Any device that connects to a network, such as laptops, smartphones, or IoT devices.
Endpoint Detection and Response (EDR)
Tools that provide real-time monitoring and response for endpoint threats.
Endpoint Protection Platform (EPP)
Security software that prevents malware and unauthorized access on endpoints.
Endpoint Security
A comprehensive approach to securing devices connected to a corporate network.
Enterprise Mobility Management (EMM)
Tools to secure and manage mobile devices and apps across an enterprise.
Enumeration
The process of extracting user names, machine names, or shared resources from a system.
Escrow Passwords
A backup system where passwords are held in trust and can be retrieved by authorized parties during emergencies.
Ethical Hacking
The authorized practice of testing systems for vulnerabilities to improve their security posture.
EternalBlue
A leaked NSA exploit that targets Microsoft Windows SMB protocol, used in major ransomware attacks like WannaCry.
Event Correlation
Analyzing multiple security events to detect patterns and identify threats.
Executable File (EXE)
A program file that runs directly on an operating system, often targeted for malware delivery.
Exploit
A technique or code that leverages a vulnerability in software or hardware.
Exploit Kit
A collection of tools used to deliver exploits to systems through malicious websites or downloads.
Exposure
A state of being vulnerable to potential security threats or data loss.
Elliptic Curve Digital Signature Algorithm (ECDSA)
A cryptographic algorithm used for digital signatures, known for its efficiency and strong security with smaller keys.
Encapsulating Security Payload (ESP)
A component of IPsec used to provide encryption, authentication, and integrity to IP packets.
Extensible Authentication Protocol (EAP)
A network access authentication framework used in wireless networks and point-to-point connections.
External Threat
Any cybersecurity risk originating outside the organization, such as hackers or state-sponsored attackers.
Exfiltration
The unauthorized copying, transfer, or retrieval of data from a system.
Eye Authentication
A biometric method that uses iris or retina scans to verify user identity.
Extended Detection and Response (XDR)
A consolidated threat detection and response solution that integrates data from multiple security layers.
F
Face Authentication
A biometric security method that uses facial recognition to verify user identity.
False Negative
When a real threat is missed or goes undetected by a security system.
False Positive
When a benign action is incorrectly flagged as malicious by a security system.
Fast Identity Online (FIDO)
A set of open standards that enable passwordless and secure authentication across devices and services.
Fast Identity Online (FIDO)
A set of open standards that enable passwordless and secure authentication across devices and services.
Federal Information Processing Standard (FIPS)
U.S. government standards for computer systems, including cryptographic modules and data security protocols.
Federated Identity Management (FIM)
A system that allows users to access multiple applications across different organizations using a single identity.
FIDO Biometrics
Biometric methods (like fingerprints or face scans) used as part of the FIDO authentication framework.
FIDO Client Software
Software that supports FIDO protocols on a user’s device to enable secure login experiences.
FIDO Cloud Authentication
A method that uses cloud services to authenticate users through FIDO protocols.
FIDO IOT Security
FIDO-based authentication and device attestation protocols tailored to securing Internet of Things (IoT) devices.
FIDO Server
The backend component that communicates with FIDO authenticators and validates login requests securely.
FIDO U2F (Universal Second Factor) Authentication
A FIDO standard that enables users to securely access online services using a physical security key as a second factor.
FIDO UAF (Universal Authentication Framework)
A FIDO protocol enabling passwordless biometric or PIN-based authentication.
FIDO2 Web Authentication
A modern standard that enables secure, passwordless web authentication through platform or roaming authenticators.
File Transfer Protocol (FTP)
A standard protocol used to transfer files between systems over a network; inherently insecure without encryption.
Fileless Malware
Malware that exists in memory or scripts, avoiding traditional file-based detection mechanisms.
Fingerprint Authentication
A biometric verification method using the unique patterns of a person's fingerprint.
Firewall
A hardware or software-based system that filters traffic based on security rules to prevent unauthorized access.
Firmware Attack
A type of cyberattack targeting firmware (low-level system software) to gain persistent and covert control.
Federated Identity
The use of a shared identity system across multiple organizations or domains, often implemented via SSO protocols.
File Integrity Monitoring (FIM)
A security process that checks files and systems for unauthorized changes.
Forensics (Digital)
The science of gathering and analyzing digital evidence from systems, devices, or networks.
Formjacking
Inserting malicious code into web forms to steal sensitive user data, such as payment info.
Forward Secrecy
A feature of encryption that ensures session keys are not compromised even if a private key is later exposed.
Fuzzing
A testing technique that inputs unexpected or random data into software to uncover vulnerabilities.
Function Creep
When a technology or dataset is gradually used beyond its original intent, raising privacy or security issues.
Full Disk Encryption (FDE)
Encrypting all contents of a disk to ensure data confidentiality at rest.
Flood Attack
An attempt to overwhelm a system with excessive requests to render it unusable (a type of DoS attack).
Fail-Open / Fail-Closed
Describes system behavior during a failure: Fail-Open allows access to maintain usability. Fail-Closed blocks access to preserve security.
G
Gateway
A network device or node that manages traffic between two different networks, often enforcing security policies.
General Data Protection Regulation (GDPR)
A European Union law focused on data protection and privacy for individuals within the EU and the European Economic Area.
Geofencing
A technique that uses GPS or RFID to define virtual boundaries and trigger responses when a device enters or exits them—often used for access control.
Geolocation Authentication
A method of authentication that uses a user's physical location as one of the factors to verify identity.
Ghostware
Stealthy malware that deletes its footprints and activity logs to avoid detection by security tools.
Golden Ticket
A type of Kerberos attack where an attacker forges authentication tickets (TGTs) to access any resource in a Windows domain, often after compromising a domain controller.
Google Authenticator
A mobile app that provides time-based one-time passwords (TOTP) for two-factor authentication.
Governance, Risk, and Compliance (GRC)
An integrated approach that aligns IT with business goals, manages risks, and ensures compliance with legal and regulatory requirements.
Gray Hat Hacker
An individual who may discover security flaws and disclose them without malicious intent, but often without authorization.
Group Policy Object (GPO)
A set of rules in Microsoft environments that controls the working environment of users and computers.
Granular Access Control
Security configurations that allow or restrict user access at a highly specific level—down to individual files, fields, or functions.
Global Threat Intelligence
Real-time data and insights about emerging threats gathered from a wide range of sources to improve proactive defenses.
GNU Privacy Guard (GPG)
A free encryption software that follows the OpenPGP standard, used for secure communications and data protection.
GUID (Globally Unique Identifier)
A 128-bit identifier used to uniquely identify resources or objects in software systems.
Guest Network
A segregated network offered to visitors that limits access to internal systems to reduce risk.
Gzip Bomb
A highly compressed file that, when decompressed, consumes excessive system resources, potentially causing system crashes or Denial-of-Service (DoS).
H
Hacker
An individual skilled in exploiting computer systems or networks. Can be ethical (white hat) or malicious (black hat).
Hacktivist
A hacker who targets systems for political or social causes rather than for profit.
Hardening
The process of securing a system by reducing its attack surface through configuration changes, patching, and disabling unnecessary features.
Hardware Root of Trust
A secure hardware component that validates a system's integrity during boot and protects sensitive operations.
Hardware Security Module (HSM)
A physical device that manages and safeguards cryptographic keys in a secure environment.
Hash Function
A one-way algorithm that converts input data into a fixed-length string, used in password storage and data integrity.
Hash Value
The result of a hash function; used to verify that data hasn't been altered.
Hashcat
A popular password recovery and cracking tool that uses GPU acceleration to efficiently break hashed passwords.
Hash Collision
Occurs when two different inputs produce the same hash output, posing risks to data integrity.
Health Insurance Portability and Accountability Act (HIPAA)
A U.S. law that sets standards for protecting sensitive patient health information.
Heuristic Analysis
A method used in cybersecurity to detect threats based on behavior and characteristics rather than known signatures.
Hijacking (Session Hijacking)
An attack where an intruder takes control of an active session between a user and a system.
Honeypot
A decoy system set up to lure attackers and study their methods without risking real assets.
Honeynet
A controlled network of honeypots used to monitor cyber threats and analyze attacker behaviour.
Host-Based Intrusion Detection System (HIDS)
A tool that monitors and analyzes the internals of a computer system for signs of attack.
HTTP Strict Transport Security (HSTS)
A security policy that forces web browsers to interact with websites only over secure HTTPS connections.
HTTPS (HyperText Transfer Protocol Secure)
A secure version of HTTP that uses encryption to protect data transmitted between a browser and a website.
Hybrid Attack
A password cracking technique that combines dictionary and brute-force methods to improve efficiency.
Human Firewal
Employees trained in cybersecurity best practices who act as a frontline defense against threats like phishing and social engineering.
Hypervisor Security
Measures taken to protect virtual machine environments and the software (hypervisor) that manages them.
Homomorphic Encryption
Encryption that allows computations to be carried out on ciphertexts, generating an encrypted result that, when decrypted, matches the result of operations on plaintext.
Heap Spraying
An attack technique that involves flooding memory (heap) with malicious code to exploit software vulnerabilities.
I
Identity and Access Management (IAM)
A system of policies and tools used to control user identities and regulate access to organizational resources.
Identity as a Service (IDaaS)
Cloud-based solutions for identity management, providing authentication, SSO, and directory services.
Identity Assurance
The confidence level in verifying that a person or entity is who they claim to be.
Identity-Based Encryption (IBE)
A form of public key encryption where a user’s unique identity (e.g., email) acts as the public key.
Identity Governance
A policy-based approach to managing user identities and their access privileges across systems.
Identity Sprawl
The uncontrolled spread of digital identities across systems, often leading to security and compliance challenges.
Identity Theft
When someone illegally obtains and uses another person’s personal data, typically for fraud or unauthorized access.
Identity Verification
The process of confirming that a person’s claimed identity matches their actual identity using credentials, biometrics, or documents.
Impersonation Attack
A tactic where an attacker pretends to be a legitimate user or service to gain unauthorized access.
Indicator of Compromise (IOC)
Digital evidence, such as file hashes or unusual traffic patterns, that suggests a security breach.
Industrial Control Systems (ICS)
Cyber-physical systems that control industrial operations; often targeted in critical infrastructure attacks.
Information Assurance (IA)
Practices ensuring information’s integrity, availability, confidentiality, and non-repudiation.
Information Security (InfoSec)
Measures taken to protect digital and physical data from unauthorized access or damage.
Infrastructure as a Service (IaaS)
Cloud computing model delivering virtualized computing resources over the internet.
Ingress Filtering
A technique to block malicious or suspicious inbound traffic at the network's edge.
Injection Attack
An exploit that sends malicious code or queries into a program to manipulate its execution (e.g., SQL injection).
Insider Threat
A risk posed by individuals within an organization who could cause harm, whether intentionally or unintentionally.
Integrity
Ensuring that data is accurate, complete, and has not been tampered with.
Integrated Risk Management (IRM)
An enterprise-wide strategy to assess and respond to various types of digital and operational risk.
Intellectual Property Theft
The act of stealing or using someone else's protected creations or innovations without authorization.
Interface Spoofing
Faking the appearance of a trusted interface to trick users into sharing credentials or actions.
International Data Encryption Algorithm (IDEA)
A symmetric encryption algorithm used for securing data, known for its strength and speed.
Internet Key Exchange (IKE)
A protocol used in IPsec to securely establish cryptographic keys between devices.
Internet of Things (IoT) Security
Protecting connected devices and their networks from vulnerabilities and attacks.
IoT Authentication
Verifying the identity of devices in an IoT network to ensure they are legitimate and secure.
Internet Protocol (IP)
The foundational communication protocol for sending data across networks.
Internet Protocol Security (IPsec)
A suite of protocols used to secure IP communications by authenticating and encrypting data packets.
Intrusion Detection and Prevention System (IDPS)
A security solution that detects and blocks potential threats in real time.
Intrusion Detection System (IDS)
Monitors network or system activities for signs of malicious actions or policy violations.
Intrusion Prevention System (IPS)
Detects and actively blocks incoming threats before they reach their target.
IP Spoofing
When an attacker sends IP packets from a false address to hide their identity or impersonate another system.
J
Jailbreaking
The process of removing software restrictions on a device (like iPhones) to gain full control, which can expose the device to security vulnerabilities.
Java Applet
A small Java application embedded in a web page. Historically used for dynamic content, but now largely deprecated due to security concerns.
JavaScript Injection
A type of code injection attack where malicious JavaScript is inserted into a trusted website, often to steal user data or perform unauthorized actions.
JSON Web Token (JWT)
A compact, URL-safe token format used to securely transmit information between parties, often for authentication and authorization.
Just-In-Time (JIT) Access
A security principle that grants users access to resources only when needed and for a limited time, minimizing risk exposure.
Juice Jacking
A cyberattack carried out via compromised public USB charging stations, which can install malware or steal data from connected devices.
Jitter
In security monitoring, irregular delay variations in network packet delivery can sometimes be an indicator of malicious interference or poor encryption performance.
Jamming Attack
A form of denial-of-service (DoS) attack that targets wireless communication by flooding the frequency with noise or interference.
K
Kerberos
A network authentication protocol using secret-key cryptography to verify identities over insecure networks.
Key
A piece of information used in cryptographic algorithms to encrypt or decrypt data. Keys must be kept secret to ensure security.
Keylogger
Malicious software or hardware that records keystrokes to steal information like passwords or credit card numbers.
Key Management
The process of generating, storing, distributing, rotating, and destroying cryptographic keys securely.
Key Escrow
A setup in which encryption keys are stored with a trusted third party to allow recovery in specific situations (e.g., law enforcement access or lost credentials).
Key Schedule
An algorithm that expands a short key into a set of round keys used in block ciphers such as AES.
Key Space
The range of all possible keys that can be used with a cryptographic algorithm. A larger key space increases resistance to brute-force attacks.
Key Splitting
A technique where a key is divided into multiple parts, and each part is stored separately to enhance security.
Key Pair
A set of linked public and private keys used in asymmetric encryption.
Key Distribution Center (KDC)
Part of the Kerberos protocol that issues session keys to users and services.
Key Rotation
The periodic replacement of cryptographic keys to reduce the risk of compromise.
Key Stretching
A method that enhances weak keys using algorithms like PBKDF2 or bcrypt, increasing resistance to brute-force attacks.
Key Exchange Algorithm
A protocol (e.g., Diffie-Hellman) that allows secure sharing of cryptographic keys between parties over an insecure channel.
Key Space Exhaustion Attack
An attack that attempts every possible key in the key space (brute-force).
Known-Plaintext Attack (KPA)
A cryptanalytic attack where the attacker has samples of both plaintext and corresponding ciphertext and uses them to deduce the encryption key.
L
LAN (Local Area Network)
A network that connects computers within a limited area such as a home, school, or office building.
LDAP (Lightweight Directory Access Protocol)
A protocol used to access and maintain distributed directory information services, like user data in Active Directory.
Least Privilege
A security principle where users are granted the minimum levels of access — or permissions — needed to perform their job functions.
Link Encryption
A method that encrypts all data along a communication path, including headers, addresses, and routing information.
Load Balancer
A system that distributes network or application traffic across multiple servers to increase reliability and performance.
Local Authentication
A method of authentication that uses credentials stored on the local device or system rather than a central server.
Logic Bomb
Malicious code triggered by a specific event, date, or action, often used in insider attacks.
Log Analysis
The process of reviewing and interpreting log files to detect suspicious activity, anomalies, or potential breaches.
Log Management
The process of collecting, storing, and managing log data for security auditing, compliance, and threat detection.
Login Credential
Information (usually a username and password) used to verify a user's identity when accessing a system.
Login Spoofing
A technique used by attackers to create a fake login page or prompt to steal user credentials.
Logical Access Control
Security measures that limit access to computer systems and data through software-based mechanisms like passwords and biometric scans.
Loopback Address
A special IP address (127.0.0.1) used to test networking on the local machine without external access.
Lateral Movement
A tactic used by attackers to move deeper into a network after an initial compromise to reach high-value assets.
Linux Security Modules (LSM)
A framework that enables the Linux kernel to support various security models like SELinux or AppArmor.
M
Malware
Malicious software designed to harm, exploit, or disable systems — includes viruses, worms, ransomware, etc.
Man-in-the-Middle (MITM) Attack
An attack where a hacker intercepts communication between two parties to eavesdrop or alter data.
Man-in-the-Browser Attack
Malware that infects a web browser and intercepts data before it’s encrypted — often used in financial fraud.
Meet-in-the-Middle (MitM) Attack
A cryptographic attack that targets symmetric encryption by simultaneously decrypting from both ends to find a key.
Mobile Device Management (MDM)
Software that secures, monitors, and manages mobile devices across an organization to enforce security policies.
Multi-Factor Authentication (MFA)
A security method that requires two or more verification factors like password + fingerprint to grant access.
Malvertising
Malicious online advertising used to spread malware, often through legitimate ad networks or websites.
Malicious Insider
An internal user who intentionally misuses access to harm the organization, steal data, or aid attackers.
Memory Scraping
Malware that scans system memory (RAM) to extract sensitive data like credit card information, often used in POS attacks.
MAC Filtering
A network security technique that allows or denies access to devices based on their unique MAC address.
Message Authentication Code (MAC)
A cryptographic checksum used to verify the integrity and authenticity of a message.
Mandatory Access Control (MAC)
A strict access control model where the system enforces rules based on classification labels (e.g., top secret).
Malware-as-a-Service (MaaS)
Cybercrime model where malware is sold or rented on the dark web, enabling non-technical attackers to launch attacks.
Micro segmentation
Dividing networks into small, isolated segments to limit lateral movement and contain breaches.
Misconfiguration
Insecure settings in software, systems, or networks that can be exploited by attackers (e.g., open ports, default passwords).
Mantrap
A physical security control; a small space with two doors, where one must close before the other opens, to restrict access.
Mail Spoofing
Forging email headers to make messages appear from a trusted source often used in phishing or business email compromise.
N
National Institute of Standards and Technology (NIST)
A U.S. agency that develops cybersecurity frameworks, standards, and guidelines widely used for compliance and best practices (e.g., NIST CSF, NIST SP 800-53).
Network Access Control (NAC)
Security solution that controls device access to a network based on compliance with security policies (e.g., antivirus status, device type).
Nonce
A random or pseudo-random number used once in cryptographic communication to prevent replay attacks.
NT LAN Manager (NTLM)
A legacy authentication protocol used in Windows systems, known for vulnerabilities like pass-the-hash attacks.
Network Firewall
A security device or software that filters incoming and outgoing network traffic based on pre-established security rules.
Network Segmentation
Dividing a network into multiple segments or subnets to contain attacks and limit lateral movement of threats.
Network Sniffing
Capturing and analyzing network traffic using tools (like Wireshark) to detect data leaks, credentials, or malicious activity.
Network Traffic Analysis
The process of intercepting and examining messages to identify suspicious patterns, performance issues, or data exfiltration.
Network Security Monitoring (NSM)
Continuous monitoring of network traffic for indicators of compromise or malicious activity using tools like Suricata or Zeek.
NAT Traversal (Network Address Translation Traversal)
Techniques that allow secure peer-to-peer communication across NAT devices, common in VPNs and VoIP applications.
Nmap (Network Mapper)
An open-source tool used for network discovery and security auditing by scanning ports and services on devices.
Next-Generation Firewall (NGFW)
Advanced firewall that combines traditional filtering with deep packet inspection, application awareness, intrusion prevention, and threat intelligence.
Network Forensics
The practice of capturing, recording, and analyzing network traffic to investigate security incidents or breaches.
Network Intrusion Detection System (NIDS)
Monitors network traffic for known attack signatures or anomalies and alerts when suspicious behavior is detected.
Network Intrusion Prevention System (NIPS)
Similar to NIDS but actively blocks or prevents identified malicious traffic from reaching its destination.
Nesting (Malware Technique)
A method where malicious code is hidden within layers of scripts, archives, or files to evade detection during analysis.
O
Offsite Data Protection (Vaulting)
Storing critical backups at a remote location to ensure recovery in case of disasters or cyber incidents.
Omni-Channel Authentication
Providing a consistent authentication experience across multiple platforms (web, mobile, in-person) for enhanced security and user convenience.
OAuth (Open Authorization)
A protocol that allows third-party apps to access user resources without exposing credentials, commonly used for secure sign-ins.
OpenID Connect
An identity layer on top of OAuth 2.0 used for verifying users' identities and obtaining profile information securely.
One-Time Password (OTP)
A temporary, single-use password used for authentication, often sent via SMS, email, or an authenticator app.
Open-Source Intelligence (OSINT)
Intelligence gathered from publicly available sources like websites, news, and social media, often used in threat hunting and investigations.
Out-of-Band Authentication
A two-factor authentication method that uses a separate communication channel (like a phone call or text) to verify identity.
Overflow Attack (Buffer Overflow)
A type of exploit where attackers write more data to a memory buffer than it can handle, potentially enabling code execution or system crashes.
Online Certificate Status Protocol (OCSP)
A protocol used to check the revocation status of digital certificates in real time, enhancing trust in secure communications.
Optical Hacking
Capturing sensitive information (like screen contents or keyboard input) through visual means such as cameras or line-of-sight attacks.
Ownership-Based Access Control
A model where access rights are determined by the resource owner, giving them full control over permissions and access levels.
P
Pairing-Based Cryptography
A type of cryptographic system based on bilinear pairings, often used in identity-based encryption and advanced security protocols.
Palm Authentication
A biometric authentication method that uses the unique vein patterns in a user’s palm for secure identity verification.
Passkeys
A phishing-resistant, passwordless login method based on cryptographic key pairs, offering stronger security than traditional passwords.
Password Spraying Attack
An attack where a small number of common passwords are tried across many accounts to avoid detection and lockouts.
Passwordless Authentication
A method of verifying identity without passwords, using biometrics, passkeys, or tokens for a more secure and user-friendly experience.
Patch Management
The process of managing, testing, and deploying patches to systems and applications to keep them secure and up to date.
Password Vault
A secure software application used to store, manage, and encrypt user passwords and credentials.
Payment Card Industry Data Security Standards (PCI DSS)
A set of security standards designed to protect cardholder data and reduce credit card fraud.
Payment Services Directive (PSD, PSD2)
European regulations aimed at enhancing consumer protection, fostering innovation, and improving security in digital payments.
Phishing
A deceptive attempt to obtain sensitive information (like credentials) by impersonating a trustworthy entity in digital communication.
Phone-as-a-Token Authentication
A method of using a mobile device as a second factor in multi-factor authentication, often through OTPs or app-based prompts.
Privilege Escalation
A type of attack where an attacker gains elevated access to systems or data, typically moving from a lower to higher privilege level.
Public Key Infrastructure (PKI)
A framework for managing digital certificates and public-key encryption to ensure secure electronic communications.
Privacy-Enhancing Technologies (PETs)
Tools and techniques that help protect user data and privacy, such as anonymization, encryption, and differential privacy.
Persistent Threat (APT)
An advanced, stealthy, and prolonged cyberattack where an attacker gains and maintains access to a network without being detected.
Public Key Cryptography
A cryptographic method that uses a pair of keys; public and private, for secure data exchange and authentication.
Pretexting
A social engineering tactic where an attacker fabricates a scenario or identity to manipulate a target into revealing confidential information.
Q
Quantum Encryption
Uses the principles of quantum mechanics to secure data, aiming to provide theoretically unbreakable encryption.
Quantum Cryptography
A broader field that includes quantum encryption and methods like QKD to secure communication.
Quantum Key Distribution (QKD)
A quantum cryptographic method to securely share encryption keys, ensuring that any interception attempt is detectable.
Quick Response Authentication (QRA)
An authentication method using QR codes to verify identity quickly and securely common in mobile MFA or app-based login.
Query String Injection
A web-based attack where malicious input is inserted into query strings (in URLs) to manipulate server behavior or gain unauthorized access.
Quantum-Safe Cryptography
Also known as post-quantum cryptography, this involves algorithms designed to be secure against quantum computing attacks.
Quantum-Safe Cryptography
Also known as post-quantum cryptography, this involves algorithms designed to be secure against quantum computing attacks.
R
Rainbow Table Attack
A method to crack hashed passwords by using precomputed tables of hash values.
Ransomware
Malware that encrypts a victim’s data and demands payment for the decryption key.
Relying Party (RP)
A service or application that depends on an identity provider (IdP) to authenticate users, common in SSO and federation.
Risk-Based Authentication (RBA)
Adaptive authentication that adjusts verification steps based on the risk level of the login attempt.
Role-Based Access Control (RBAC)
An access control model where permissions are assigned based on a user's role within an organization.
Remote Access Trojan (RAT)
Malware that provides an attacker with covert remote access and control over a compromised device.
Rekeying
The process of replacing old cryptographic keys with new ones to maintain secure communication.
Replay Attack
An attack where valid data transmission is maliciously repeated or delayed gaining unauthorized access.
Remote Code Execution (RCE)
A critical vulnerability that allows an attacker to run arbitrary code on a remote machine.
Recovery Time Objective (RTO)
The maximum acceptable time to restore a system or service after a failure.
Resilience (Cyber Resilience)
The ability of an organization to prepare for, respond to, and recover from cyberattacks or failures.
Residual Risk
The risk remaining after all mitigation measures have been applied.
S
Salt
Random data added to a password before hashing to make each hash unique and resist precomputed attacks.
Salted Challenge Response Authentication Mechanism (SCRAM)
A protocol that uses salted passwords and challenge-response authentication to verify users securely.
Salted Secure Hash Algorithm (SHA)
A hashing process where a salt is combined with input data before applying a Secure Hash Algorithm to prevent rainbow table attacks.
Secret Key
A private key used in symmetric encryption, shared between parties to encrypt and decrypt data.
Secret Sharing
A cryptographic method where a secret is divided into parts and distributed; only a subset of parts is needed to reconstruct the secret.
Secure Sockets Layer (SSL)
A now-deprecated protocol for encrypting communications over a network, replaced by TLS.
Security as a Service (SECaaS)
Cloud-based cybersecurity services provided by third-party vendors, such as antivirus, IAM, or SIEM.
Security Assertion Markup Language (SAML)
An XML-based framework for exchanging authentication and authorization data between identity providers and service providers.
Security Information and Event Management (SIEM)
A solution that aggregates, analyzes, and visualizes security event data in real-time for threat detection and response.
Security Key
A physical device (e.g., YubiKey) used in hardware-based authentication, often for multi-factor authentication (MFA).
Session Key
A temporary encryption key used during a single session, often in SSL/TLS communications.
Social Engineering
Psychological manipulation of individuals to trick them into divulging confidential information or performing harmful actions
Spoofing
Impersonating a legitimate user, device, or service to deceive systems or users includes email, IP, and DNS spoofing.
Supply Chain Attack
A cyberattack that targets vulnerabilities in third-party software or hardware suppliers to compromise downstream systems.
Smishing (SMS Phishing)
A phishing attack carried out through fraudulent SMS messages to trick recipients into revealing data or clicking malicious links.
Sniffing
Intercepting and capturing network traffic to analyze or steal data, often done using packet sniffers.
Security Operations Center (SOC)
A centralized team and facility that monitors, detects, and responds to security incidents in real-time.
Single Sign-On (SSO)
An authentication method that allows users to log in once and access multiple applications or systems without re-authenticating.
T
Tamper Resistance
Design approach or technology that prevents unauthorized access, modification, or reverse engineering of hardware/software.
Threat Assessment
A process for identifying, evaluating, and prioritizing potential security threats to an organization.
Threat Hunting
Proactive search for cyber threats or indicators of compromise (IOCs) within an organization’s environment.
Threat Intelligence
Information and insights about current and emerging cyber threats used to inform security decisions and defenses.
Third-Party Risk
Security risks that arise from vendors, partners, or service providers who have access to your data or systems.
Time-Based One-Time Password (TOTP)
A temporary, time-sensitive code used for multifactor authentication, typically generated every 30 seconds.
Time Bomb
A type of logic bomb that activates malicious code at a specific time or date.
Tokenization
A method of replacing sensitive data (e.g., credit card numbers) with unique, non-sensitive tokens.
Traffic Analysis
Interpreting patterns in encrypted or unencrypted network traffic to infer sensitive information or detect anomalies.
TLS (Transport Layer Security)
A cryptographic protocol that ensures privacy and data integrity between client/server communications.
TLS Inspection
The decryption and scanning of TLS-encrypted traffic to detect malware or data exfiltration.
Transmission Control Protocol (TCP)
A core protocol of the Internet protocol suite that ensures reliable, ordered, and error-checked delivery of data.
Trojan Horse
Malware that appears legitimate but contains malicious code, often used to gain access or exfiltrate data.
True Keyless Authentication
Passwordless login using biometrics or secure hardware tokens—no shared secrets involved.
Trust On First Use (TOFU)
A trust model where a user accepts a cryptographic key the first time it’s seen and trusts it in future interactions.
Trusted Access
Security approach ensuring only verified users and devices can access systems, apps, or data.
Trusted Platform Module (TPM)
A hardware-based security chip that stores cryptographic keys and supports secure boot and encryption.
Two-Factor Authentication (2FA)
A security mechanism requiring two independent credentials (e.g., password + OTP) to verify identity.
Twofish
A symmetric encryption algorithm known for its speed and security, one of the finalists for the AES competition.
Typo Squatting
A type of social engineering where attackers register URLs that are slight misspellings of legitimate domains to trick users.
Token (Authentication)
A physical or digital object used to prove identity in authentication systems (e.g., hardware token, software token).
U
UDP Flood Attack
A type of Denial of Service (DoS) attack where large numbers of UDP packets are sent to overwhelm a server or network.
Unauthorized Access
Gaining access to systems, networks, or data without permission, often the root cause of data breaches.
URL Filtering
A method to block or allow access to specific websites based on their URL, used in web security and content filtering.
URL Spoofing
A deception technique where attackers create a fake but legitimate-looking URL to trick users into visiting malicious sites.
Unsecure Protocols
Communication protocols that lack encryption or authentication, like HTTP, FTP, or Telnet posing major security risks.
User Authentication
The process of verifying the identity of a user, typically through passwords, biometrics, passkeys, or multi-factor methods.
User Behavior Analytics (UBA)
The use of machine learning and analytics to detect anomalies in user behavior that may indicate insider threats or compromised accounts.
V
Virtual Desktop Infrastructure (VDI)
A technology that hosts desktop environments on a centralized server, enhancing data security and remote access control.
Virtual Machine (VM)
A software emulation of a computer system that runs isolated applications or OS instances, commonly used for sandboxing or testing.
Virtual Private Network (VPN)
Encrypts internet traffic and masks IP addresses, enabling secure and private communication over public networks.
Voice Authentication
A biometric technique that uses voiceprint analysis to verify a user's identity during login or transaction authorization.
Vishing (Voice Phishing)
A social engineering attack using phone calls or voicemails to trick individuals into revealing sensitive information.
Volumetric Attack
A type of DDoS attack that floods a network or server with excessive bandwidth or packets to exhaust resources.
Vendor Risk Management
The process of identifying and mitigating security risks introduced by third-party vendors and suppliers.
Verification Code
A one-time code (often OTP) sent to a device or email to verify user identity in multi-factor authentication processes.
Version Control Security
Practices to secure code repositories (e.g., Git) against unauthorized access, data leaks, or unapproved changes.
VPN Leak
A situation where a VPN fails to fully hide the user's IP or data, potentially exposing browsing activity.
Vulnerability Assessment
The process of identifying, quantifying, and prioritizing security vulnerabilities in a system or network.
Vulnerability Disclosure
The practice of reporting security flaws to affected vendors or the public to allow for mitigation.
Vulnerability Exploit
A method or code that takes advantage of a vulnerability to execute malicious actions or gain control of systems.
Virtual Patch
A temporary security fix applied at the network or system level to protect against a known vulnerability without modifying the underlying code.
W
Web Authentication (WebAuthn)
A FIDO2 standard enabling passwordless, phishing-resistant authentication using public key cryptography and biometrics or hardware tokens.
White-box Cryptography
A method of securing cryptographic algorithms in environments where attackers may have full access to the execution context.
Whitelist
A security mechanism that allows only approved users, applications, or IPs to access resources, blocking all else by default.
Windows FIDO Login
Integration of FIDO2/WebAuthn with Windows Hello to enable secure, passwordless authentication on Windows devices.
Web Application Firewall (WAF)
A security solution that filters, monitors, and blocks malicious traffic to and from web applications.
Wi-Fi Protected Access (WPA/WPA2/WPA3)
Security protocols for wireless networks; WPA3 is the most secure, offering stronger encryption and protection from brute-force attacks.
Wi-Fi Phishing (Evil Twin Attack)
An attack where a rogue Wi-Fi hotspot mimics a legitimate one, tricking users into connecting and capturing their sensitive data.
Web Skimming (Magecart Attack)
The injection of malicious JavaScript into e-commerce checkout pages to steal credit card data in real time.
Whaling Attack
A form of spear phishing that targets high-level executives (“big fish”) with carefully crafted high-stakes email scams.
Wireless Intrusion Detection System (WIDS)
A system that monitors radio frequencies for unauthorized devices, rogue access points, or suspicious wireless behavior.
WebRTC Leak
A privacy flaw where WebRTC reveals users' real IP addresses, even when using a VPN, potentially exposing their location.
Z
Zero Day (0-Day)
A vulnerability that is unknown to the software vendor or public and is often exploited before a patch is available.
Zero Trust
A security model that assumes no user or system inside or outside the network should be trusted by default. It enforces strict identity verification and least privilege access.
Zeroization
The process of securely erasing sensitive data (e.g., cryptographic keys) from memory or storage to prevent unauthorized recovery.
Zeus Trojan (Zbot)
A notorious banking Trojan that steals login credentials via keystroke logging and form grabbing. It mainly targets financial services.
Zombie
A compromised device (usually part of a botnet) that is remotely controlled by an attacker to perform malicious tasks, like DDoS attacks.
Zone Transfer
A process in DNS where data is replicated between servers. If improperly configured, attackers can exploit it to gather sensitive domain info.
Z-Wave Vulnerability
Security flaws in Z-Wave protocol (used in smart home IoT devices) that can allow attackers to take over or disrupt devices.
Zero-Knowledge Proof
A cryptographic method that allows one party to prove to another that something is true without revealing any specific information.
ZigBee Exploits
Attacks targeting the ZigBee protocol, commonly used in smart devices, which can result in device hijacking or data interception.
