Security Definitions & Glossary
Comprehensive glossary of 305+ terms related to SSL certificates, identity verification, and website security. Search or browse alphabetically to find definitions.
2FA
Two-Factor Authentication. Security process requiring two different authentication methods to verify user identity.
3D Secure
Authentication protocol for online credit/debit card transactions providing additional security layer.
Access Control
Security technique regulating who can view or use resources in computing environment.
Adware
Software displaying unwanted advertisements on user's device, often bundled with free programs.
AES
Advanced Encryption Standard. Symmetric encryption algorithm widely used for data protection.
Algorithm
Step-by-step procedure for solving problems or performing computations in cryptography.
Anti-Malware
Software designed to detect, prevent, and remove malicious software from systems.
Antivirus
Software program detecting and removing computer viruses and other malicious software.
API
Application Programming Interface. Set of protocols allowing different software applications to communicate.
API Key
Unique identifier used to authenticate requests to an API service.
Application Security
Measures taken to improve security of applications by finding and fixing vulnerabilities.
APT
Advanced Persistent Threat. Sophisticated, continuous cyber attack targeting specific organizations.
ARP Spoofing
Attack technique where attacker sends falsified ARP messages to link their MAC address with legitimate IP.
ASV
Approved Scanning Vendor. Company approved by PCI SSC to conduct vulnerability scans.
Asymmetric Encryption
Encryption using paired public and private keys for secure data transmission.
Attack Surface
Total sum of vulnerabilities that can be exploited to carry out security attack.
Attack Vector
Path or means by which attacker gains access to computer or network.
Authentication
Process of verifying identity of user, device, or system attempting access.
Authorization
Process of granting or denying specific permissions to authenticated users.
Backdoor
Hidden method for bypassing normal authentication to gain access to system.
Backup
Copy of data stored separately for protection against data loss.
Bandwidth
Maximum rate of data transfer across network connection.
Baseline
Reference point for normal network or system behavior used for comparison.
BEC
Business Email Compromise. Scam targeting businesses conducting wire transfers.
BGP
Border Gateway Protocol. Core routing protocol of the Internet.
Biometric Authentication
Security process using unique biological characteristics for identity verification.
Blacklist
List of entities denied access or privileges within system.
Blockchain
Distributed ledger technology storing data in blocks linked cryptographically.
Bot
Automated software program performing repetitive tasks, often malicious when part of botnet.
Botnet
Network of infected computers controlled remotely by cybercriminals.
Breach
Security incident where sensitive data is accessed without authorization.
Browser
Software application for accessing and viewing websites on the Internet.
Brute Force Attack
Attack method trying many passwords or keys until correct one is found.
Buffer Overflow
Security vulnerability where program writes data beyond allocated memory buffer.
Bug
Error or flaw in software causing incorrect or unexpected results.
Bug Bounty
Program offering rewards for finding and reporting software vulnerabilities.
CA
Certificate Authority. Trusted entity issuing digital certificates for SSL/TLS.
Cache
Hardware or software storing data for faster future access.
CAPTCHA
Challenge-response test determining whether user is human or automated bot.
CDN
Content Delivery Network. Distributed servers delivering web content based on geographic location.
CERT
Computer Emergency Response Team. Group handling computer security incidents.
Certificate Chain
Sequence of certificates from end-user to root CA establishing trust.
Certificate Pinning
Security mechanism associating host with expected certificate or public key.
Certificate Transparency
Framework for monitoring and auditing SSL certificates.
Checksum
Value used to verify integrity of data during transmission.
CI/CD
Continuous Integration/Continuous Deployment. Development practice for frequent code updates.
CIAM
Customer Identity and Access Management. System managing customer identities and access.
Cipher
Algorithm for performing encryption or decryption.
Cipher Suite
Set of algorithms used together for secure network connections.
CIS
Center for Internet Security. Organization developing security best practices.
CISO
Chief Information Security Officer. Executive responsible for organization's information security.
Clickjacking
Attack tricking users into clicking hidden or disguised elements.
Cloud Security
Technologies and policies protecting cloud computing environments.
CMS
Content Management System. Software for creating and managing digital content.
COBIT
Control Objectives for Information Technologies. Framework for IT governance.
Code Injection
Attack inserting malicious code into vulnerable application.
Code Review
Systematic examination of source code to find bugs and vulnerabilities.
Code Signing
Digital signature confirming software author and integrity.
Cold Boot Attack
Attack exploiting data remanence in RAM after power loss.
Compliance
Adherence to laws, regulations, and standards for data protection.
Container Security
Protection of containerized applications and infrastructure.
Cookie
Small data file stored by websites on user's device.
Credential Stuffing
Attack using stolen credentials to access user accounts.
CRL
Certificate Revocation List. List of digital certificates revoked before expiration.
CRM
Customer Relationship Management. System for managing customer interactions.
Cryptanalysis
Study of analyzing and breaking encryption systems.
Cryptography
Practice of secure communication through codes and ciphers.
Cryptojacking
Unauthorized use of computer resources to mine cryptocurrency.
CSP
Content Security Policy. Security standard preventing XSS and data injection attacks.
CSR
Certificate Signing Request. Encoded text containing public key and identity information.
CSRF
Cross-Site Request Forgery. Attack forcing users to execute unwanted actions.
CSS
Cascading Style Sheets. Language for describing presentation of web documents.
CVE
Common Vulnerabilities and Exposures. Database of publicly disclosed security flaws.
CVSS
Common Vulnerability Scoring System. Framework for rating severity of vulnerabilities.
Cyber Insurance
Insurance coverage for losses from cyber incidents.
Cybercrime
Criminal activities carried out using computers or Internet.
Cybersecurity
Practice of protecting systems and networks from digital attacks.
Dark Web
Part of Internet requiring specific software to access, often used for illegal activities.
Data Breach
Security incident where sensitive information is accessed without authorization.
Data Classification
Organizing data by sensitivity levels for appropriate protection.
Data Encryption
Converting data into code to prevent unauthorized access.
Data Exfiltration
Unauthorized transfer of data from computer or network.
Data Integrity
Accuracy and consistency of data throughout its lifecycle.
Data Masking
Hiding original data with modified content for protection.
Data Privacy
Proper handling of sensitive information regarding collection and use.
Data Residency
Physical location where data is stored and processed.
Database Security
Measures protecting databases from threats and unauthorized access.
DDoS
Distributed Denial of Service. Attack overwhelming target with traffic from multiple sources.
Decryption
Process of converting encrypted data back to original form.
Deep Packet Inspection
Examining data packets in detail for security threats.
Defense in Depth
Layered security approach using multiple defensive measures.
Digital Certificate
Electronic document proving ownership of public key.
Digital Forensics
Investigation of digital devices to recover and analyze evidence.
Digital Rights Management
Technologies controlling use of copyrighted digital materials.
Digital Signature
Mathematical scheme verifying authenticity of digital messages.
Directory Traversal
Attack accessing files outside intended directory.
Disaster Recovery
Planning and procedures for recovering from catastrophic events.
DKIM
DomainKeys Identified Mail. Email authentication method using digital signatures.
DLP
Data Loss Prevention. Strategy preventing sensitive data from leaving organization.
DMARC
Domain-based Message Authentication. Email validation system preventing spoofing.
DMZ
Demilitarized Zone. Network area between internal network and Internet.
DNS
Domain Name System. Translates domain names to IP addresses.
DNS Cache Poisoning
Attack corrupting DNS resolver cache with false information.
DNS Hijacking
Attack redirecting DNS queries to malicious servers.
DNSSEC
DNS Security Extensions. Protocols adding security to DNS.
DOM
Document Object Model. Programming interface for web documents.
Domain Validation
Basic SSL certificate verification confirming domain ownership.
DoS
Denial of Service. Attack making resource unavailable to intended users.
Drive-by Download
Unintended download of malicious software when visiting website.
Dumpster Diving
Searching through trash for sensitive information.
ECC
Elliptic Curve Cryptography. Public-key cryptography using elliptic curves.
EDR
Endpoint Detection and Response. Security solution monitoring endpoints.
Egress Filtering
Monitoring and restricting outbound network traffic.
Email Security
Techniques protecting email accounts and communications from threats.
Encryption
Process of encoding information to prevent unauthorized access.
Encryption Key
String of characters used to encrypt and decrypt data.
Endpoint
Device connected to network such as computer or mobile device.
Endpoint Security
Approach to protecting network endpoints from threats.
Enterprise Security
Comprehensive approach protecting large organization's IT infrastructure.
Enumeration
Process of extracting information about network resources.
Ethical Hacking
Authorized attempt to gain unauthorized access to test security.
EV Certificate
Extended Validation Certificate. Highest level SSL certificate with rigorous verification.
Event Log
Record of events occurring within organization's systems.
Exploit
Code or technique taking advantage of security vulnerability.
Exploit Kit
Toolkit automating exploitation of vulnerabilities.
Failover
Switching to backup system when primary system fails.
False Positive
Incorrect identification of benign activity as malicious.
Federation
Linking user identities across multiple systems.
File Encryption
Converting files into unreadable format for protection.
FIM
File Integrity Monitoring. Detecting changes to critical files.
Fingerprinting
Collecting information about system to identify it.
Firewall
Network security device monitoring and controlling traffic based on security rules.
Firmware
Low-level software stored in hardware providing basic operations.
Forensics
Scientific analysis of digital evidence for investigations.
FTP
File Transfer Protocol. Standard protocol for file transfer.
Full Disk Encryption
Encrypting all data on storage device.
Fuzzing
Testing technique providing invalid data to find vulnerabilities.
Gateway
Network point acting as entrance to another network.
GDPR
General Data Protection Regulation. EU law on data protection and privacy.
Grayware
Software between normal and malware, potentially unwanted.
Hacker
Person using technical knowledge to overcome problems or limitations.
Hardening
Process of securing system by reducing attack surface.
Hash
Fixed-size string representing data, used for integrity verification.
Hash Function
Algorithm producing fixed-size hash value from input data.
Honeypot
Decoy system attracting and detecting attackers.
Host
Computer or device connected to network.
Hotfix
Quick software update fixing specific issue.
HSTS
HTTP Strict Transport Security. Forcing secure connections to server.
HTTP
Hypertext Transfer Protocol. Foundation of data communication on web.
HTTPS
HTTP Secure. Encrypted version of HTTP using SSL/TLS.
Hybrid Cloud
Computing environment combining public and private clouds.
Identity Management
Framework for managing digital identities and access.
Identity Theft
Fraudulent acquisition and use of person's private information.
Identity Verification
Process confirming person is who they claim to be.
IDS
Intrusion Detection System. Monitoring network for malicious activities.
Incident Response
Organized approach addressing and managing security breaches.
Information Security
Protecting information from unauthorized access and threats.
Infrastructure
Physical and virtual resources supporting IT operations.
Injection Attack
Inserting malicious code into vulnerable applications.
Insider Threat
Security risk from people within organization.
IoT Security
Protecting Internet of Things devices and networks.
IP Address
Numerical label identifying device on network.
IPS
Intrusion Prevention System. Actively blocking detected threats.
IPSec
Internet Protocol Security. Protocols securing IP communications.
ISO 27001
International standard for information security management.
KBA
Knowledge-Based Authentication. Verifying identity through personal questions.
Key
Piece of information determining output of cryptographic algorithm.
Key Exchange
Method for sharing cryptographic keys between parties.
Key Management
Managing cryptographic keys throughout their lifecycle.
Keylogger
Software or hardware recording keystrokes.
Keystroke Dynamics
Biometric authentication based on typing patterns.
KYC
Know Your Customer. Process of verifying client identity.
LAN
Local Area Network. Network connecting devices in limited area.
LDAP
Lightweight Directory Access Protocol. Protocol for accessing directory services.
Least Privilege
Security principle granting minimum necessary access rights.
Log Analysis
Examining log files to identify security incidents.
Log Management
Collecting, storing, and analyzing log data.
Logic Bomb
Malicious code triggered by specific conditions.
Malware
Malicious software designed to damage or unauthorized access systems.
Malware Analysis
Studying malware to understand behavior and impact.
Managed Security
Outsourced monitoring and management of security devices.
MFA
Multi-Factor Authentication. Using multiple methods to verify identity.
MITM
Man-in-the-Middle. Attack intercepting communication between parties.
ML
Machine Learning. AI subset enabling systems to learn from data.
Mobile Security
Protecting mobile devices from threats and vulnerabilities.
NAC
Network Access Control. Restricting network access based on policies.
Network Security
Protecting network infrastructure from unauthorized access.
Network Segmentation
Dividing network into multiple segments for security.
NIST
National Institute of Standards and Technology. US agency developing standards.
OAuth
Open standard for access delegation.
OCSP
Online Certificate Status Protocol. Checking certificate revocation status.
OS
Operating System. Software managing computer hardware and software.
OV Certificate
Organization Validation Certificate. SSL certificate verifying organization identity.
OWASP
Open Web Application Security Project. Community improving software security.
Packet
Unit of data transmitted over network.
Packet Sniffing
Capturing and analyzing network traffic.
Password Manager
Software storing and managing user passwords securely.
Password Policy
Rules defining acceptable passwords for security.
Patch
Software update fixing vulnerabilities or bugs.
Patch Management
Process of managing software updates across systems.
Payload
Component of malware performing malicious action.
PCI DSS
Payment Card Industry Data Security Standard. Requirements for card payment security.
Penetration Testing
Simulated cyber attack to evaluate security.
Perimeter Security
Security measures at network boundary.
Phishing
Fraudulent attempt to obtain sensitive information through deception.
PII
Personally Identifiable Information. Data identifying specific individual.
PKI
Public Key Infrastructure. Framework managing digital certificates.
Port
Communication endpoint for network connections.
Port Scan
Probing system for open ports to find vulnerabilities.
Privacy
Right to control personal information collection and use.
Private Key
Secret key in asymmetric cryptography for decryption.
Privilege Escalation
Gaining elevated access to resources normally restricted.
Protocol
Set of rules governing data communication.
Proxy
Intermediary server between client and destination server.
Public Key
Publicly shared key in asymmetric cryptography for encryption.
Quarantine
Isolating suspicious files or systems for analysis.
Rainbow Table
Precomputed table for cracking password hashes.
Ransomware
Malware encrypting files and demanding payment for decryption.
RAT
Remote Access Trojan. Malware providing unauthorized remote access.
RBAC
Role-Based Access Control. Restricting access based on user roles.
RDP
Remote Desktop Protocol. Protocol for remote computer access.
Red Team
Group simulating attacks to test organization's defenses.
Remediation
Process of fixing vulnerabilities or security issues.
Remote Access
Ability to access computer or network from distant location.
Risk Assessment
Identifying and evaluating potential security risks.
Risk Management
Process of identifying, assessing, and controlling threats.
Root Certificate
Top-level certificate in certificate chain.
Rootkit
Malware hiding presence on infected system.
S/MIME
Secure/Multipurpose Internet Mail Extensions. Standard for encrypted email.
SAML
Security Assertion Markup Language. Standard for exchanging authentication data.
SAN Certificate
Subject Alternative Name. SSL certificate covering multiple domains.
Sandbox
Isolated environment for testing potentially malicious code.
Scareware
Malware using fear to manipulate users into purchasing software.
Script Kiddie
Inexperienced attacker using existing tools without understanding.
Security Audit
Systematic evaluation of organization's information security.
Security Awareness
Knowledge and attitude regarding protection of assets.
Security Controls
Safeguards or countermeasures avoiding security risks.
Security Framework
Set of guidelines for managing organizational security.
Security Incident
Event potentially compromising confidentiality, integrity, or availability.
Security Policy
Document outlining organization's security requirements.
Security Posture
Overall security status of organization's networks and systems.
Security Token
Physical or digital device for authentication.
Session Hijacking
Stealing user session to gain unauthorized access.
Shadow IT
IT systems used without organizational approval.
Shoulder Surfing
Obtaining information by looking over someone's shoulder.
SIEM
Security Information and Event Management. Analyzing security alerts in real-time.
Signature
Pattern identifying specific malware or attack.
Smishing
Phishing attack using SMS text messages.
SMS
Short Message Service. Text messaging service for mobile devices.
SMTP
Simple Mail Transfer Protocol. Standard for email transmission.
Sniffer
Tool capturing and analyzing network traffic.
SOAR
Security Orchestration, Automation and Response. Coordinating security tools.
SOC
Security Operations Center. Facility monitoring and analyzing security.
Social Engineering
Manipulating people to divulge confidential information.
Spam
Unsolicited bulk messages, often containing malware.
Spear Phishing
Targeted phishing attack on specific individuals.
SPF
Sender Policy Framework. Email authentication preventing spoofing.
Spoofing
Falsifying data to impersonate another entity.
Spyware
Software secretly monitoring user activity.
SQL Injection
Code injection exploiting vulnerabilities in database queries.
SSH
Secure Shell. Protocol for secure remote login and commands.
SSL
Secure Sockets Layer. Cryptographic protocol for secure communications.
SSL Certificate
Digital certificate authenticating website identity and enabling encryption.
SSO
Single Sign-On. Authentication allowing access to multiple systems with one login.
Steganography
Hiding information within other non-secret data.
Supply Chain Attack
Targeting less-secure elements in supply network.
Symmetric Encryption
Encryption using same key for encryption and decryption.
Threat
Potential cause of unwanted security incident.
Threat Actor
Individual or group posing security threat.
Threat Hunting
Proactively searching for cyber threats in network.
Threat Intelligence
Information about existing or emerging threats.
Threat Modeling
Identifying and prioritizing potential threats.
TLS
Transport Layer Security. Updated version of SSL protocol.
Token
Object representing right to perform some operation.
Tokenization
Replacing sensitive data with non-sensitive tokens.
Trojan
Malware disguised as legitimate software.
Trust Store
Repository of trusted certificates.
Two-Way SSL
Mutual authentication between client and server.
UDP
User Datagram Protocol. Connectionless communication protocol.
URL
Uniform Resource Locator. Web address.
USB Security
Protecting against threats from USB devices.
Virus
Malware replicating itself by modifying other programs.
Vishing
Voice phishing using phone calls.
VPN
Virtual Private Network. Secure connection over public network.
Vulnerability
Weakness that can be exploited by threats.
Vulnerability Assessment
Identifying and evaluating system vulnerabilities.
Vulnerability Management
Ongoing process of identifying and addressing vulnerabilities.
Vulnerability Scanner
Tool automatically detecting security vulnerabilities.
WAF
Web Application Firewall. Filtering HTTP traffic to web applications.
WAN
Wide Area Network. Network covering broad area.
Waterhole Attack
Compromising websites frequently visited by targets.
Web Security
Protecting websites and web applications from threats.
WebAuthn
Web standard for passwordless authentication.
Webhook
HTTP callback triggered by specific events.
Whaling
Phishing attack targeting high-profile individuals.
White Hat
Ethical hacker working to improve security.
Whitelist
List of approved entities granted access.
Wildcard Certificate
SSL certificate securing domain and all subdomains.
Worm
Self-replicating malware spreading across networks.
XML
Extensible Markup Language. Format for storing and transporting data.
XSS
Cross-Site Scripting. Injecting malicious scripts into web pages.
YAML
Human-readable data serialization language.
Zero Trust
Security model requiring verification for every access request.
Zero-Day
Vulnerability unknown to those who should fix it.
Zombie
Computer infected and controlled as part of botnet.