Common Cybersecurity Terms and Definitions

Below is a comprehensive list of over 500 common cybersecurity terms along with their meanings,
organized alphabetically for easy reference. This glossary covers key concepts, technologies, threats,
and practices in the field of cybersecurity.

1. Access Control: Mechanisms and policies to restrict access to systems, applications, or data
to authorized users only.

2. Access Control List (ACL): A list of permissions attached to an object specifying which users
or processes can access it and what operations are allowed.

3. Active Directory (AD): A Microsoft directory service for managing permissions and access to
networked resources in Windows environments.

4. Adware: Software that automatically displays or downloads advertisements, often installed

without user consent.

5. Advanced Persistent Threat (APT): A prolonged and targeted cyberattack where an intruder
gains access to a network and remains undetected for an extended period.

6. Air Gap: A security measure where a computer or network is physically isolated from
unsecured networks, such as the internet.

7. Alert Fatigue: Overwhelm caused by excessive security alerts, leading to reduced

responsiveness to genuine threats.

8. Allow List: A list of entities (e.g., IP addresses, applications) explicitly permitted to access a
system or network.
9. Anomaly Detection: Identifying unusual patterns or behaviors in network traffic or system
activity that may indicate a security threat.
10. Anti-Malware: Software designed to detect, prevent, and remove malicious software
(malware).
11. Anti-Virus: Software that detects and removes viruses and other malicious code from
systems.

12. Application Security: Practices and tools to protect software applications from vulnerabilities
and attacks.

13. Asymmetric Encryption: A cryptographic system using two keys—a public key for encryption
and a private key for decryption.

14. Attack Surface: The total sum of vulnerabilities in a system that could be exploited by an
attacker.

15. Attack Vector: The method or pathway used by an attacker to gain unauthorized access to a
system or network.

16. Authentication: The process of verifying the identity of a user, device, or system.
 17. Authorization: Determining what an authenticated user or system is allowed to do.

18. Availability: Ensuring that systems, applications, and data are accessible to authorized users
when needed.

19. Backdoor: A hidden method for bypassing normal authentication to gain unauthorized
access to a system.

20. Backup: A copy of data created to restore the original in case of loss or corruption.

21. Bandwidth Throttling: Intentionally slowing down internet traffic, sometimes used to
mitigate Distributed Denial-of-Service (DDoS) attacks.
22. Baseline: A standard set of security configurations or system states used for comparison to
detect deviations.

23. Biometric Authentication: Using unique physical characteristics (e.g., fingerprints, facial
recognition) to verify identity.

24. Black Hat: A hacker who exploits vulnerabilities for malicious or illegal purposes.

25. Block Cipher: A cryptographic algorithm that encrypts data in fixed-size blocks.

26. Blockchain: A decentralized, tamper-resistant ledger used for secure transactions and data
storage.

27. Blue Team: A cybersecurity team focused on defending systems and responding to incidents.

28. Boot Sector Virus: A virus that infects the boot sector of a storage device, executing when
the system starts.

29. Bot: A software program that performs automated tasks, often maliciously in the context of
botnets.

30. Botnet: A network of compromised devices controlled by an attacker to perform coordinated

attacks.

31. Breach: An incident where unauthorized access to data, systems, or networks occurs.

32. Bring Your Own Device (BYOD): A policy allowing employees to use personal devices for
work, introducing security challenges.

33. Brute Force Attack: Attempting to crack a password or encryption by systematically trying all
possible combinations.

34. Buffer Overflow: A vulnerability where a program writes more data to a buffer than it can
hold, potentially allowing malicious code execution.

35. Business Continuity Plan (BCP): A strategy to ensure critical business functions continue
during and after a disruption.

36. Certificate Authority (CA): An entity that issues digital certificates to verify the identity of
users or devices.
 37. Cipher: An algorithm used for encryption or decryption.

38. Ciphertext: Data that has been encrypted and is unreadable without decryption.

39. Clickjacking: A technique where users are tricked into clicking on something different from
what they perceive, often to steal data.

40. Cloud Security: Practices and technologies to protect cloud-based systems, data, and
infrastructure.

41. Cold Boot Attack: Exploiting data remnants in a computer’s RAM after a power-off to
retrieve encryption keys.

42. Command and Control (C2): Infrastructure used by attackers to communicate with
compromised systems.

43. Compliance: Adhering to laws, regulations, and standards relevant to cybersecurity (e.g.,
GDPR, HIPAA).

44. Compromise: When a system or network is successfully infiltrated by an unauthorized party.

45. Confidentiality: Ensuring data is accessible only to authorized individuals.

46. Cookie: A small data file stored on a user’s device by a website, sometimes used to track
behavior.

47. Credential Stuffing: Using stolen username-password pairs to gain unauthorized access to
other accounts.

48. Cross-Site Request Forgery (CSRF): An attack that tricks a user into performing unintended
actions on a web application.

49. Cross-Site Scripting (XSS): Injecting malicious scripts into websites viewed by other users.

50. Cryptocurrency Mining Malware: Malware that uses a victim’s computing resources to mine
cryptocurrencies.

51. Cryptography: The science of securing information through encryption and decryption.

52. Cyberattack: Any attempt to disrupt, disable, or gain unauthorized access to a system or
network.

53. Cybercrime: Criminal activities conducted via computers or the internet.

54. Cybersecurity: The practice of protecting systems, networks, and data from digital attacks,
unauthorized access, or damage.

55. Cyber Threat Intelligence (CTI): Information about threats and threat actors used to improve
security defenses.

56. Dark Pool: A private network or system not visible on the public internet, often used for
malicious activities.

57. Data Breach: Unauthorized access to or disclosure of sensitive data.

 58. Data Encryption Standard (DES): An older symmetric encryption algorithm, largely replaced
by AES.

59. Data Integrity: Ensuring data remains accurate, complete, and unaltered.

60. Data Loss Prevention (DLP): Tools and processes to prevent unauthorized access or loss of
sensitive data.

61. Data Masking: Obscuring sensitive data to protect it while maintaining usability for testing or
analysis.

62. Decryption: Converting encrypted data back into its original, readable form.

63. Deepfake: AI-generated media (e.g., videos, audio) used to impersonate individuals.

64. Defense-in-Depth: A layered approach to security using multiple controls to protect assets.

65. Demilitarized Zone (DMZ): A network segment that acts as a buffer between an internal
network and external networks.

66. Denial-of-Service (DoS): An attack that overwhelms a system to disrupt its availability.

67. Digital Certificate: An electronic document verifying the identity of a user, device, or
organization.

68. Digital Forensics: Investigating digital devices to gather evidence of cybercrimes.

69. Digital Signature: A cryptographic mechanism to verify the authenticity and integrity of a
message or document.

70. Directory Traversal: An attack exploiting vulnerabilities to access restricted directories or

files.

71. Disaster Recovery Plan (DRP): A strategy to restore systems and data after a major
disruption.

72. Distributed Denial-of-Service (DDoS): A DoS attack using multiple compromised systems to
overwhelm a target.

73. Domain Name System (DNS): A system translating domain names (e.g., example.com) to IP
addresses.

74. DNS Spoofing: Redirecting DNS queries to malicious servers to steal data or redirect users.

75. Drive-by Download: Malware installed on a device without user interaction, often through
compromised websites.

76. Eavesdropping: Intercepting private communications without permission.

77. Elevation of Privilege: Gaining higher access rights than authorized, often through exploiting
vulnerabilities.

78. Email Spoofing: Forging an email’s sender address to deceive recipients.

79. Encryption: Converting data into a coded form to prevent unauthorized access.
 80. Endpoint: Any device (e.g., laptop, smartphone) connected to a network.

81. Endpoint Protection: Security solutions to protect devices from threats like malware and
unauthorized access.

82. Exploit: A piece of code or technique that takes advantage of a vulnerability to cause harm.

83. Exploit Kit: A toolkit used by attackers to deliver exploits to vulnerable systems.

84. Exposure: A weakness or misconfiguration that could be exploited by an attacker.

85. False Positive: A security alert incorrectly identifying benign activity as malicious.

86. Fileless Malware: Malware that operates in memory without writing files to disk, making
detection harder.

87. Firewall: A network security device that monitors and controls incoming and outgoing traffic
based on rules.

88. Firmware: Software embedded in hardware devices, which can be a target for attacks.
89. Fishing: A typo-squatting technique where attackers register domains similar to legitimate
ones to deceive users.

90. Forensic Analysis: Examining digital evidence to investigate cyber incidents.

91. Formjacking: Stealing data entered into web forms, often on e-commerce sites.

92. Full Disk Encryption (FDE): Encrypting an entire storage device to protect data at rest.

93. Gateway: A device that routes traffic between networks, often with security features like
filtering.

94. General Data Protection Regulation (GDPR): EU regulation governing data protection and
privacy.

95. Gray Hat: A hacker who operates between ethical (white hat) and malicious (black hat)
intentions.

96. Group Policy: A Windows feature for managing user and computer settings in a network.

97. Hacker: An individual who uses technical skills to gain unauthorized access to systems, with
varying motives.

98. Hardening: Strengthening a system’s security by reducing its attack surface and
vulnerabilities.

99. Hashing: Converting data into a fixed-size string (hash) to verify integrity or store passwords
securely.

100. Health Insurance Portability and Accountability Act (HIPAA): U.S. law mandating
security for healthcare data.
 101. Honeypot: A decoy system designed to attract and analyze attacker behavior.

102. Host-Based Intrusion Detection System (HIDS): Software that monitors a single host
for suspicious activity.

103. HTTP Secure (HTTPS): A secure version of HTTP using SSL/TLS to encrypt web traffic.

104. Hybrid Attack: A password attack combining brute force and dictionary attack
techniques.

105. Identity and Access Management (IAM): Frameworks for managing user identities
and their access to resources.
106. Identity Theft: Stealing personal information to impersonate someone for fraudulent
purposes.

107. Incident Response (IR): A structured approach to identifying, responding to, and
recovering from cybersecurity incidents.

108. Information Assurance: Ensuring the security, integrity, and availability of

information.

109. Information Security (InfoSec): Protecting information from unauthorized access,

use, or destruction.

110. Injection Attack: Inserting malicious code or data into a system (e.g., SQL injection,
command injection).

111. Inline Security Device: A device placed directly in the network traffic path to monitor
or block threats.

112. Insider Threat: A security risk posed by individuals within an organization,

intentional or accidental.

113. Integrity: Ensuring data remains accurate and unaltered except by authorized
processes.

114. Internet of Things (IoT): Networked devices (e.g., smart appliances) that can be
vulnerable to attacks.

115. Intrusion Detection System (IDS): A tool that monitors network or system activity for
signs of malicious behavior.

116. Intrusion Prevention System (IPS): An IDS that actively blocks detected threats.

117. IP Spoofing: Forging an IP address to impersonate a trusted system.

J
118. Jailbreaking: Removing software restrictions on devices (e.g., iPhones) to install
unauthorized apps, potentially introducing vulnerabilities.

119. JSON Web Token (JWT): A token used for secure data exchange, often in
authentication.
K

120. Kerberos: A network authentication protocol using tickets to secure communication.

121. Keylogger: Software or hardware that records keystrokes to capture sensitive

information like passwords.

122. Kill Chain: A model describing the stages of a cyberattack, from reconnaissance to
exfiltration.

123. Known Vulnerability: A documented weakness in software or hardware that

attackers can exploit.

L
124. Lateral Movement: An attacker moving within a network to gain access to additional
systems or data.

125. Least Privilege: Granting users or processes only the access necessary to perform
their tasks.

126. Lightweight Directory Access Protocol (LDAP): A protocol for accessing and
managing directory services.

127. Log Analysis: Reviewing system logs to identify security incidents or anomalies.

128. Logic Bomb: Malicious code that triggers Logic Bomb: Malicious code that triggers
harmful actions under specific conditions.

129. Machine Learning Security: Using AI to detect threats or identify vulnerabilities, but
also a target for adversarial attacks.

130. Malware: Malicious software designed to harm or exploit systems, including viruses,
worms, and ransomware.

131. Man-in-the-Middle (MitM) Attack: Intercepting communication between two

parties to steal data or manipulate messages.

132. Managed Security Service Provider (MSSP): A company offering outsourced

cybersecurity services.

133. Metadata: Data about data, often used in forensic analysis or inadvertently exposing
sensitive information.

134. Microsegmentation: Dividing a network into smaller, isolated segments to limit

lateral movement.

135. Mitre ATT&CK: A framework cataloging adversary tactics and techniques for threat
hunting.

136. Multi-Factor Authentication (MFA): Requiring multiple forms of verification (e.g.,

password and token) for access.

N
 137. Network Access Control (NAC): Policies and tools to control which devices can
connect to a network.

138. Network Intrusion Detection System (NIDS): A system monitoring network traffic for
suspicious activity.

139. Network Segmentation: Dividing a network into smaller zones to improve security
and contain breaches.

140. Non-Repudiation: Ensuring a party cannot deny having sent or received a message
or transaction.

141. Nonce: A random number used once in cryptographic processes to prevent replay
attacks.

142. Obfuscation: Hiding the true nature of code or data to evade detection.

143. Open Source Intelligence (OSINT): Collecting and analyzing publicly available data
for security purposes.

144. Operating System (OS) Hardening: Securing an OS by disabling unnecessary services

and applying patches.

145. Out-of-Band Communication: Using a separate channel for authentication or

verification to enhance security.

146. Over-the-Shoulder Attack: Observing someone entering credentials to steal them.

147. Packet Sniffing: Capturing and analyzing network packets to steal data or monitor
activity.

148. Pass-the-Hash: Using stolen password hashes to authenticate without knowing the
actual password.

149. Password Cracking: Attempting to recover passwords through guessing, brute force,
or other methods.

150. Patch Management: The process of applying updates to software to fix

vulnerabilities.

151. Payload: The malicious component of an exploit that performs the harmful action.

152. Penetration Testing (Pen Test): Simulating cyberattacks to identify vulnerabilities in a

system.

153. Personally Identifiable Information (PII): Data that can identify an individual, such as
names or Social Security numbers.

154. Pharming: Redirecting users from legitimate websites to fraudulent ones to steal
data.

155. Phishing: Fraudulent emails or messages tricking users into revealing sensitive
information.
 156. Physical Security: Protecting physical assets, such as servers, from unauthorized
access or damage.

157. Pivoting: Using a compromised system as a base to attack other systems in a

network.

158. Plaintext: Unencrypted, readable data.

159. Policy Enforcement Point (PEP): A component that enforces security policies, often
in a zero-trust architecture.

160. Port Scanning: Probing a system to identify open ports and potential vulnerabilities.

161. Post-Quantum Cryptography: Encryption methods resistant to attacks by quantum

computers.

162. Privilege Escalation: Gaining higher access rights than originally granted, often
through exploits.

163. Proxy Server: An intermediary server that forwards requests, sometimes used to
hide the client’s identity.

164. Public Key Infrastructure (PKI): A framework for managing digital certificates and
public-key encryption.

165. Quantum Cryptography: Using quantum mechanics principles to secure

communications.

166. Quarantine: Isolating a potentially malicious file or device to prevent harm.

167. Rainbow Table: A precomputed table of password hashes used to crack passwords
quickly.

168. Ransomware: Malware that encrypts data and demands payment for decryption.

169. Reconnaissance: Gathering information about a target before launching an attack.

170. Red Team: A group simulating real-world attacks to test an organization’s defenses.
171. Remote Access Trojan (RAT): Malware providing attackers with remote control of a
system.

172. Replay Attack: Reusing intercepted data (e.g., authentication credentials) to gain
unauthorized access.

173. Reputation-Based Security: Blocking or allowing traffic based on the reputation of

IPs, domains, or files.

174. Reverse Engineering: Analyzing software or hardware to understand its functionality,

often for malicious purposes.

175. Risk Assessment: Evaluating potential threats and vulnerabilities to determine risk
levels.
 176. Rootkit: Malware that hides its presence and provides privileged access to attackers.

177. Runtime Application Self-Protection (RASP): Security technology embedded in an

application to detect and block attacks.

178. Sandboxing: Running code in an isolated environment to analyze its behavior

without risking harm.

179. Secure Boot: A process ensuring only trusted software loads during system startup.

180. Secure Sockets Layer (SSL): A protocol for encrypting data transmitted over the
internet (superseded by TLS).
181. Security Information and Event Management (SIEM): A system for collecting and
analyzing security event data.

182. Security Operations Center (SOC): A centralized unit for monitoring and responding
to security incidents.

183. Security Orchestration, Automation, and Response (SOAR): Tools to automate and
streamline incident response.

184. Security Posture: The overall strength and effectiveness of an organization’s

cybersecurity measures.

185. Session Hijacking: Taking over a user’s active session to gain unauthorized access.

186. Shadow IT: Unauthorized use of IT systems or services within an organization.

187. Shellcode: Small pieces of code used as payloads in exploits to gain control of a
system.

188. Side-Channel Attack: Exploiting physical or environmental information (e.g., power

consumption) to extract cryptographic keys.

189. Signature-Based Detection: Identifying threats by comparing them to known

patterns or signatures.

190. Single Sign-On (SSO): Allowing users to authenticate once and access multiple
systems.

191. Skimmer: A device or malware that captures payment card information.

192. Smishing: Phishing attacks conducted via SMS/text messages.

193. Social Engineering: Manipulating individuals to divulge sensitive information or

perform actions.

194. Spear Phishing: Targeted phishing attacks aimed at specific individuals or

organizations.

195. Spyware: Malware that secretly monitors and collects user information.

196. SQL Injection: Inserting malicious SQL code into a database query to manipulate or
extract data.
 197. State-Sponsored Attack: A cyberattack backed by a government or nation-state.

198. Steganography: Hiding data within other data (e.g., images) to evade detection.

199. Supply Chain Attack: Targeting a weaker link in an organization’s supply chain to
compromise the primary target.

200. Symmetric Encryption: Using the same key for both encryption and decryption.

201. Tailgating: Gaining physical access to a restricted area by following an authorized

person.

202. Tamper-Proofing: Designing systems to resist unauthorized modifications.

203. Threat Actor: An individual or group responsible for a cyberattack.

204. Threat Hunting: Proactively searching for hidden threats within a network.

205. Threat Intelligence: Data and insights about cyber threats to inform security
decisions.
206. Threat Modeling: Identifying potential threats and vulnerabilities in a system’s
design.

207. Time-Based One-Time Password (TOTP): A temporary code generated for

authentication, valid for a short period.

208. Tokenization: Replacing sensitive data with unique identifiers (tokens) to protect it.

209. Traffic Analysis: Inferring information from patterns in communication without

accessing content.

210. Transport Layer Security (TLS): A protocol for securing internet communications,
succeeding SSL.
211. Trojan Horse: Malware disguised as legitimate software to trick users into installing
it.

212. Trusted Execution Environment (TEE): A secure area in a processor to protect

sensitive operations.
213. Two-Factor Authentication (2FA): Using two different authentication methods to
verify identity.

214. Typosquatting: Registering domain names similar to popular sites to trick users.

215. Unified Threat Management (UTM): A single device combining multiple security
functions (e.g., firewall, antivirus).

216. URL Filtering: Blocking or allowing web access based on URL categories or
reputation.

217. User and Entity Behavior Analytics (UEBA): Monitoring user and system behavior to
detect anomalies.
 218. User Awareness Training: Educating employees about cybersecurity best practices.

219. Virtual Private Network (VPN): A secure tunnel for transmitting data over public
networks.

220. Virus: Malware that spreads by attaching itself to legitimate programs or files.

221. Vishing: Phishing attacks conducted via voice calls.

222. Vulnerability: A weakness in a system that can be exploited by attackers.

223. Vulnerability Assessment: Identifying and prioritizing vulnerabilities in a system.

224. Vulnerability Management: The process of identifying, evaluating, and mitigating

vulnerabilities.

225. Wardriving: Searching for unsecured Wi-Fi networks while moving, often to exploit
them.
226. Watering Hole Attack: Compromising a website frequented by a target group to
infect visitors.

227. Web Application Firewall (WAF): A firewall protecting web applications from
common attacks.

228. Whaling: Phishing attacks targeting high-profile individuals, such as executives.

229. White Hat: An ethical hacker who tests systems to improve security.

230. Whitelisting: Allowing only approved entities (e.g., apps, IPs) to access a system.

231. Wi-Fi Protected Access (WPA): A security protocol for securing wireless networks.

232. Wiper Malware: Malware designed to erase data, often to cause disruption.

233. Wiretapping: Illegally intercepting communications, often through network sniffing.

234. Worm: Self-replicating malware that spreads across networks without user
interaction.

235. X.509 Certificate: A standard format for digital certificates used in PKI.

236. XML Injection: Injecting malicious XML content to manipulate or extract data.

237. XSS (Cross-Site Scripting): Injecting malicious scripts into web pages viewed by users.

238. YARA: A tool for identifying and classifying malware based on patterns.

239. Yellow Team: A cybersecurity team focused on building and improving security tools
and processes.
Z

240. Zero-Day Exploit: An attack targeting a vulnerability before it’s known or patched.

241. Zero Trust: A security model requiring continuous verification of all users and
devices, regardless of location.

242. Zombie: A compromised device controlled by an attacker, often part of a botnet.

Additional Terms (243–500+)

To meet the requirement of over 500 terms, below are additional cybersecurity terms, continuing
from the above list. These include more specialized, emerging, or niche terms to expand the glossary.

243. Account Takeover (ATO): Gaining unauthorized control of a user’s account.

244. Active Defense: Proactively disrupting attacker activities, such as through deception
or counterattacks.

245. Adversarial Machine Learning: Attacks that manipulate AI models to produce

incorrect outputs.

246. API Security: Protecting application programming interfaces from unauthorized

access or abuse.

247. Application Whitelisting: Allowing only approved applications to run on a system.

248. Attack Simulation: Mimicking attacker behavior to test defenses.

249. Attribute-Based Access Control (ABAC): Access control based on attributes of users,
resources, or environments.

250. Audit Trail: A record of system activities used for monitoring and investigation.

251. Authenticated Encryption: Combining encryption and authentication to secure and

verify data.

252. Automated Penetration Testing: Using tools to automate vulnerability discovery and
exploitation.

253. Baiting: Luring victims with physical or digital traps, such as infected USB drives.

254. Behavioral Biometrics: Authenticating users based on behavioral patterns, like

typing speed.

255. Big Data Security: Protecting large-scale data environments from breaches or
misuse.

256. Binary Analysis: Examining compiled code to identify vulnerabilities or malicious

behavior.

257. Black Box Testing: Testing a system without knowledge of its internal workings.

258. Blind SQL Injection: A SQL injection attack where the attacker infers results without
direct feedback.
259. Bluejacking: Sending unsolicited messages to Bluetooth-enabled devices.

260. Browser Fingerprinting: Identifying users based on unique browser configurations.

261. Brute Force Login: Repeatedly attempting login credentials to gain access.

262. Business Email Compromise (BEC): Scams targeting businesses via compromised
email accounts.

263. Cache Poisoning: Corrupting a cache with malicious data to redirect users or steal
information.

264. Canary Token: A trap (e.g., a fake file) that alerts defenders when accessed.

265. Certificate Pinning: Associating a host with a specific certificate to prevent MitM
attacks.

266. Chain of Custody: Documenting the handling of digital evidence to ensure its
integrity.

267. Client-Side Attack: Exploiting vulnerabilities in a user’s browser or device.

268. Cloud Access Security Broker (CASB): A tool enforcing security policies between
users and cloud services.

269. Code Signing: Adding a digital signature to software to verify its authenticity.

270. Cognitive Bias: Exploiting human psychological tendencies in social engineering

attacks.

271. Command Injection: Executing arbitrary commands on a system via a vulnerable

application.

272. Container Security: Protecting containerized applications (e.g., Docker, Kubernetes).

273. Content Disarm and Reconstruction (CDR): Removing potentially malicious content
from files.

274. Continuous Monitoring: Ongoing surveillance of systems for security events.

275. Credential Dumping: Extracting credentials from a system’s memory or storage.

276. Cross-Origin Resource Sharing (CORS): A security feature controlling resource

sharing between web origins.

277. Crypto Jacking: Unauthorized use of a device to mine cryptocurrency.

278. Cyber Extortion: Demanding payment to prevent or stop a cyberattack.

279. Cyber Kill Chain: A model outlining the phases of a cyberattack.

280. Dark Web: A hidden part of the internet often used for illegal activities.

281. Data Exfiltration: Unauthorized transfer of data from a system.

282. Data Provenance: Tracking the origin and history of data to ensure trustworthiness.

283. Deauthentication Attack: Forcing devices to disconnect from Wi-Fi networks.

284. Deep Packet Inspection (DPI): Analyzing the content of network packets for security
purposes.

285. DevSecOps: Integrating security into the DevOps lifecycle.

286. Digital Rights Management (DRM): Technologies to control access to digital content.

287. Directory Harvesting Attack (DHA): Collecting valid email addresses from a domain.

288. Distributed Ledger Technology (DLT): Decentralized databases, like blockchain, used
for secure transactions.

289. Domain Fronting: Hiding malicious traffic by routing it through a legitimate domain.

290. DomainKeys Identified Mail (DKIM): An email authentication method to prevent

spoofing.

291. Double Extortion: Combining ransomware with data theft to pressure victims.

292. Dynamic Application Security Testing (DAST): Testing applications in runtime to find
vulnerabilities.

293. Egress Filtering: Monitoring and controlling outbound network traffic.

294. Email Gateway: A system filtering email for spam, phishing, and malware.

295. Embedded System Security: Protecting devices with integrated software, like IoT
devices.

296. Encrypted Traffic Analysis: Analyzing encrypted traffic patterns to detect threats.

297. End-to-End Encryption (E2EE): Encrypting data so only the sender and recipient can
access it.

298. Evil Twin Attack: Creating a rogue Wi-Fi access point to intercept data.

299. Exploit Chaining: Combining multiple exploits to achieve a larger attack goal.

300. Extended Detection and Response (XDR): A unified platform for threat detection
and response.

301. Fail2Ban: A tool that bans IPs after repeated failed login attempts.

302. False Negative: Failing to detect a genuine threat.

303. Federated Identity: Sharing identity information across trusted systems.

304. File Inclusion Attack: Exploiting vulnerabilities to include malicious files in a web
application.

305. File Transfer Protocol Secure (FTPS): A secure version of FTP using SSL/TLS.

306. Fuzzing: Inputting random or malformed data to discover software vulnerabilities.

307. Governance, Risk, and Compliance (GRC): Frameworks for aligning security with
business objectives.
308. Graph-Based Security Analytics: Using graph theory to analyze relationships in
security data.

309. Gray Box Testing: Testing with partial knowledge of a system’s internal structure.

310. Group Policy Object (GPO): A set of rules for managing Windows systems in a
domain.

311. Hardware Security Module (HSM): A physical device for managing cryptographic
keys.

312. Hashcat: A tool for password cracking using various attack methods.

313. Heap Overflow: Exploiting a program’s memory allocation to execute malicious

code.

314. Homomorphic Encryption: Encryption allowing computations on encrypted data

without decryption.

315. Host Intrusion Prevention System (HIPS): Software preventing unauthorized actions
on a host.

316. Hotspot: A Wi-Fi access point, sometimes used maliciously to capture data.

317. Human Firewall: Employees trained to act as a first line of defense against threats.

318. Hypervisor Security: Protecting the software managing virtual machines.

319. Identity Provider (IdP): A service authenticating users for access to multiple
applications.

320. Immutable Infrastructure: Systems that are replaced rather than updated to reduce
vulnerabilities.

321. Incident Response Plan (IRP): A documented strategy for handling security incidents.

322. Indicator of Compromise (IoC): Evidence of a security breach, like a malicious IP

address.

323. Information Disclosure: Unintentionally revealing sensitive data.

324. Infrastructure as Code (IaC): Managing infrastructure through code, requiring

security considerations.

325. Inline Proxy: A proxy that actively processes traffic for security purposes.

326. Insider Risk: Threats posed by employees or contractors, intentional or accidental.

327. Interactive Application Security Testing (IAST): Real-time vulnerability detection

during application testing.

328. Intrusion Tolerance: Designing systems to operate despite being compromised.

329. IP Reputation: Assessing the trustworthiness of an IP address based on past

behavior.

330. Just-in-Time Access (JIT): Granting temporary access to resources when needed.
331. Key Escrow: Storing cryptographic keys with a third party for recovery purposes.

332. Key Management Service (KMS): A system for generating, storing, and managing
cryptographic keys.

333. Keystroke Dynamics: Authenticating users based on their typing patterns.

334. Living Off the Land (LotL): Using legitimate system tools for malicious purposes.

335. Load Balancer Security: Protecting devices that distribute network traffic.

336. Log Tampering: Altering logs to hide malicious activity.

337. Low and Slow Attack: A stealthy attack spread over time to avoid detection.

338. Machine Identity: Credentials used by devices or applications for authentication.

339. Malvertising: Using online ads to distribute malware.

340. Managed Detection and Response (MDR): Outsourced services for threat detection
and response.

341. Memory Scraping: Extracting sensitive data from a system’s RAM.

342. Message Authentication Code (MAC): A cryptographic checksum ensuring data

integrity.

343. Microservices Security: Protecting distributed application components.

344. Misconfiguration: Incorrectly setting up systems, leading to vulnerabilities.

345. Mobile Device Management (MDM): Tools for securing and managing mobile
devices.

346. Multi-Cloud Security: Protecting environments using multiple cloud providers.

347. Mutual Authentication: Both parties in a communication verifying each other’s

identity.

348. Network Address Translation (NAT): Mapping private IP addresses to public ones,
with security implications.

349. Network Behavior Analysis (NBA): Monitoring network traffic for anomalies.

350. Network Mapper (Nmap): A tool for network discovery and security auditing.
351. Network Time Protocol (NTP) Attack: Exploiting NTP servers for amplification
attacks.

352. Non-Fungible Token (NFT) Security: Protecting digital assets on blockchain

platforms.

353. OAuth: An authorization framework for granting access to resources without sharing
credentials.

354. Object Security: Protecting individual data objects, like files or database records.
355. One-Time Pad (OTP): A theoretically unbreakable encryption method using a unique
key.

356. Open Redirect: Exploiting a website to redirect users to malicious sites.

357. Operational Technology (OT) Security: Protecting industrial control systems.

358. Orchestration: Automating security processes across multiple tools.

359. Out-of-Band Authentication: Using a separate channel for authentication.

360. Packet Injection: Inserting forged packets into a network to disrupt or manipulate
communication.

361. Password Manager: A tool for securely storing and generating passwords.

362. Password Spraying: Trying a single password across many accounts to avoid lockouts.

363. Patch Tuesday: Microsoft’s monthly release of security updates.

364. Payment Card Industry Data Security Standard (PCI DSS): Standards for securing
cardholder data.

365. Penetration Testing Framework: Guidelines for conducting controlled cyberattacks.

366. Perfect Forward Secrecy (PFS): Ensuring past sessions remain secure if a key is
compromised.

367. Perimeter Security: Protecting the boundary between internal and external
networks.

368. Persistent Threat: A continuous, stealthy attack aimed at long-term access.

369. Phreaking: Exploiting telecommunication systems for unauthorized access.

370. Physical Layer Attack: Targeting the physical infrastructure of a network.

371. Pivoting Attack: Using a compromised system to attack others in a network.

372. Platform as a Service (PaaS) Security: Protecting cloud-based development

platforms.

373. Policy-Based Access Control (PBAC): Access control based on organizational policies.

374. Pretexting: Creating a fabricated scenario to trick victims into revealing information.
375. Private Cloud Security: Securing cloud environments dedicated to a single
organization.

376. Privilege Creep: Accumulating unnecessary access rights over time.

377. Process Injection: Inserting malicious code into a legitimate process.

378. Protocol Analysis: Examining network protocols for vulnerabilities or misuse.

379. Proxy Chaining: Using multiple proxies to hide an attacker’s identity.

380. Public Cloud Security: Protecting shared cloud environments.

381. Quantum Key Distribution (QKD): Using quantum mechanics to securely share
encryption keys.

382. RADIUS (Remote Authentication Dial-In User Service): A protocol for centralized
authentication.

383. Ransomware as a Service (RaaS): A business model where ransomware is leased to

attackers.

384. Redirection Attack: Forcing users to unintended destinations, often malicious sites.

385. Reflected XSS: A type of XSS where malicious scripts are reflected off a web server.

386. Remote Code Execution (RCE): Running arbitrary code on a target system remotely.

387. Reputation Score: A metric assessing the trustworthiness of a domain, IP, or file.

388. Residual Risk: The risk remaining after security controls are applied.

389. Resource Exhaustion: Overloading a system’s resources to cause failure.

390. Reverse Proxy: A server that forwards client requests to backend servers, often with
security features.

391. Risk-Based Authentication (RBA): Adjusting authentication requirements based on

risk levels.

392. Robotic Process Automation (RPA) Security: Securing automated business

processes.

393. Role-Based Access Control (RBAC): Assigning permissions based on user roles.

394. Root Cause Analysis: Identifying the underlying reason for a security incident.

395. Rogue Access Point: An unauthorized Wi-Fi access point used to intercept data.

396. Runtime Encryption: Encrypting data during program execution.

397. SaaS Security: Protecting software delivered as a service.

398. Salt: Random data added to passwords before hashing to enhance security.

399. Sandbox Evasion: Techniques malware uses to avoid detection in sandboxes.

400. SCADA Security: Protecting supervisory control and data acquisition systems.

401. Secure Coding: Writing software with practices to minimize vulnerabilities.

402. Secure Enclave: A hardware-based secure area for processing sensitive data.

403. Security Assertion Markup Language (SAML): A standard for exchanging

authentication data.

404. Security Automation: Using tools to perform repetitive security tasks.

405. Security by Design: Incorporating security into the development process from the
start.

406. Security Fabric: An integrated architecture of security tools for unified protection.
407. Security Token: A physical or digital device used for authentication.

408. Self-Sovereign Identity (SSI): A user-controlled digital identity model.

409. Serverless Security: Protecting serverless computing environments.

410. Session Fixation: Forcing a user to use a predetermined session ID to hijack their
session.

411. Shadow Data: Untracked or unmanaged data posing security risks.

412. Shared Responsibility Model: Dividing security responsibilities between cloud

providers and customers.

413. Side-Loading: Installing apps from unofficial sources, often introducing risks.

414. Signal Jamming: Disrupting wireless communications to cause denial of service.

415. Signed Binary: Software with a digital signature to verify its integrity.

416. Sinkholing: Redirecting malicious traffic to a controlled server for analysis.

417. Smart Contract Security: Protecting automated blockchain agreements.

418. Sniffing Attack: Capturing network traffic to steal data.

419. Social Media Intelligence (SOCMINT): Gathering security insights from social media.

420. Software Composition Analysis (SCA): Identifying vulnerabilities in third-party

software components.

421. Software-Defined Networking (SDN) Security: Protecting virtualized network

environments.

422. Source Code Review: Analyzing code to find security flaws.

423. Spear Tip Phishing: Highly targeted phishing using detailed reconnaissance.

424. Stack Overflow: Exploiting a program’s stack memory to execute malicious code.

425. Stateful Inspection: Monitoring the state of network connections for security.

426. Static Application Security Testing (SAST): Analyzing source code for vulnerabilities.

427. Stealth Malware: Malware designed to evade detection.

428. Stored XSS: A type of XSS where malicious scripts are stored on a server.

429. Stream Cipher: A cryptographic algorithm encrypting data as a continuous stream.

430. Structured Threat Information Expression (STIX): A standard for sharing threat
intelligence.

431. Supply Chain Risk Management (SCRM): Mitigating risks in third-party vendors.

432. Surface Web: The publicly accessible part of the internet.

433. Synthetic Identity Fraud: Creating fake identities for fraudulent purposes.
434. System Integrity: Ensuring a system operates as intended without unauthorized
changes.

435. Taint Analysis: Tracking data flow to detect potential security issues.

436. Tamper Evidence: Mechanisms showing if a system has been altered.

437. Taxonomy of Threats: A classification system for organizing cyber threats.

438. Threat Emulation: Simulating specific attacker techniques to test defenses.

439. Threat Intelligence Platform (TIP): A system for aggregating and analyzing threat
data.

440. Threat Vector: The path or method used to deliver a cyberattack.

441. Time-to-Live (TTL): A value limiting the lifespan of data in a network, used to prevent
loops.

442. Token Binding: Linking security tokens to specific clients to prevent misuse.

443. Traffic Shaping: Controlling network traffic to optimize performance or security.

444. Trusted Platform Module (TPM): A hardware chip for secure cryptographic
operations.

445. Trusted Third Party (TTP): An entity facilitating secure interactions between parties.

446. Tunneling: Encapsulating one protocol within another, sometimes for malicious
purposes.

447. Unconstrained Delegation: A Windows feature allowing unrestricted privilege

escalation.

448. Unified Endpoint Management (UEM): Managing all endpoints from a single
platform.
449. Universal 2nd Factor (U2F): A standard for hardware-based two-factor
authentication.

450. Unstructured Data Security: Protecting data without a predefined format, like
emails.

451. User Provisioning: Managing user accounts and access throughout their lifecycle.

452. Virtual Patching: Applying temporary security measures without modifying code.

453. Virtualization Security: Protecting virtual machines and their infrastructure.

454. Voice Biometrics: Authenticating users based on voice patterns.

455. Vulnerability Disclosure: The process of reporting vulnerabilities to vendors or the

public.

456. Vulnerability Exploitation: Actively using a known weakness to compromise a

system.

457. Vulnerability Scanning: Automated tools to identify system weaknesses.

458. War Dialing: Scanning phone numbers to find modems or fax machines for
exploitation.

459. Web Shell: A malicious script uploaded to a web server for remote control.

460. White Box Testing: Testing with full knowledge of a system’s internal structure.

461. Wi-Fi Deauthentication: Disconnecting devices from Wi-Fi to capture handshake

data.

462. Wildcard Certificate: A digital certificate securing multiple subdomains.

463. Wireless Intrusion Detection System (WIDS): Monitoring wireless networks for
threats.

464. Workflow Automation: Streamlining security processes through automated tasks.

465. X.509 Proxy Certificate: A short-lived certificate for delegated authentication.

466. XML External Entity (XXE): An attack exploiting XML parsers to access restricted
data.

467. Zero-Knowledge Proof: A cryptographic method proving knowledge without

revealing it.

468. Zone Transfer: Copying DNS records, sometimes exploited for reconnaissance.

469. Advanced Threat Protection (ATP): Solutions for detecting and mitigating
sophisticated attacks.

470. Application Layer Attack: Targeting the application layer (e.g., HTTP, FTP) to disrupt
services.

471. Asset Inventory: Cataloging hardware, software, and data for security management.

472. Authenticated Scan: Vulnerability scanning with credentials to access systems.

473. Automatic Exploit Generation (AEG): Tools creating exploits for identified
vulnerabilities.

474. Backchannel Attack: Exploiting secondary communication channels for unauthorized

access.

475. Baseline Security: Minimum security requirements for a system or network.

476. Bot Herder: An individual controlling a botnet.

477. Browser Isolation: Running browsers in isolated environments to prevent malware.

478. Business Logic Flaw: A vulnerability in an application’s workflow exploitable by

attackers.

479. Certificate Revocation List (CRL): A list of revoked digital certificates.

480. Click Fraud: Artificially inflating ad clicks to generate revenue.

481. Cloud Workload Protection Platform (CWPP): Security for cloud-based workloads.
482. Code Injection: Inserting malicious code into a program’s execution path.

483. Collaborative Defense: Sharing threat intelligence among organizations.

484. Configuration Drift: Unintended changes to system configurations, creating

vulnerabilities.

485. Content Security Policy (CSP): A standard to prevent XSS and other attacks.

486. Continuous Integration/Continuous Deployment (CI/CD) Security: Securing

automated software pipelines.

487. Cryptographic Agility: The ability to quickly update cryptographic algorithms.

488. Data Classification: Categorizing data based on sensitivity for protection.

489. Data Sovereignty: Ensuring data complies with local laws and regulations.

490. Dead Code: Unused code in software that may introduce vulnerabilities.

491. Deceptive Technology: Tools like honeypots to mislead attackers.

492. Device Fingerprinting: Identifying devices based on unique characteristics.

493. Digital Evidence: Data used in legal proceedings for cybercrime investigations.

494. Distributed Trust: Decentralized systems for verifying authenticity without a central
authority.

495. DNS Amplification: Exploiting DNS servers to amplify DDoS attacks.

496. Domain Generation Algorithm (DGA): Creating random domains for malware
communication.

497. Dynamic Malware Analysis: Observing malware behavior in a controlled

environment.

498. Edge Security: Protecting devices and services at the network’s edge.

499. Encrypted Key Exchange (EKE): A protocol for secure key sharing.

500. Exploit Mitigation: Techniques to reduce the impact of successful exploits.

501. File Reputation: Assessing the trustworthiness of a file based on its history.

502. Forward Proxy: A proxy handling outbound traffic for clients.

503. Geo-Blocking: Restricting access based on geographic location.

504. Hard-Coded Credentials: Embedding credentials in software, creating vulnerabilities.

505. Identity Federation: Linking user identities across different systems.

506. Immutable Audit Log: A tamper-proof record of system activities.

507. In-Memory Attack: Exploiting data in RAM to bypass disk-based defenses.

508. Information Leakage: Unintended disclosure of sensitive data.

509. Injection Flaw: A vulnerability allowing unauthorized data insertion.

510. Integrity Monitoring: Detecting unauthorized changes to systems or files.

511. Interactive Shell: A command-line interface used by attackers for system control.

512. IP Blacklist: A list of IP addresses blocked due to malicious activity.

513. Key Rotation: Periodically changing cryptographic keys to limit exposure.

514. Layered Security: Using multiple defenses to protect against threats.

515. Lightweight Cryptography: Efficient encryption for resource-constrained devices.

516. Link-Local Attack: Exploiting devices on the same network segment.

517. Log Aggregation: Centralizing logs for analysis and monitoring.

518. Macro Virus: Malware embedded in document macros, like those in Microsoft
Office.

519. Memory Safety: Preventing errors in memory usage that lead to vulnerabilities.

520. Metadata Scrubbing: Removing sensitive metadata from files before sharing.

521. Mobile Application Security: Protecting apps on smartphones and tablets.

522. Network Flow Analysis: Examining network traffic patterns for security insights.

523. Non-Delivery Scam: Fake notifications prompting users to reveal information.

524. Obfuscated Code: Code intentionally made difficult to understand, often for
malicious purposes.

525. Open-Source Security: Securing software with publicly available code.

526. Packet Crafting: Creating custom network packets for testing or attacks.

527. Parameter Tampering: Modifying application parameters to gain unauthorized

access.

528. Path Traversal: Accessing restricted directories by manipulating file paths.

529. Peer-to-Peer (P2P) Security: Protecting decentralized network communications.

530. Perimeterless Security: Security models for distributed, cloud-based environments.

531. Persistent XSS: A type of XSS where malicious scripts remain on a server.

532. Policy Violation: Actions that breach security policies, intentional or accidental.

533. Predictive Analytics: Using data to forecast potential security threats.

534. Privilege Separation: Dividing system functions to limit access rights.

535. Protocol Downgrade Attack: Forcing a system to use a less secure protocol.

536. Proxy Re-Encryption: Allowing encrypted data to be re-encrypted for another user.

537. Public Key Pinning: Associating a public key with a host to prevent fraud.

538. Quantum-Safe Cryptography: Algorithms resistant to quantum computing attacks.

539. Random Number Generator (RNG) Attack: Exploiting weak random number
generation.

540. Rate Limiting: Restricting the number of requests to prevent abuse.

541. Red Forest: A Microsoft Active Directory security model to protect privileged
accounts.

542. Remote Desktop Protocol (RDP) Attack: Exploiting RDP for unauthorized access.

543. Replay Protection: Preventing reuse of captured data in attacks.

544. Resource Isolation: Separating system resources to limit attack impact.

545. Return-Oriented Programming (ROP): Exploiting code fragments to execute

malicious actions.

546. Reverse Shell: A connection allowing an attacker to control a system remotely.

547. Risk Scoring: Assigning numerical values to threats based on severity.

548. Robocall Scam: Automated calls used for phishing or fraud.

549. Root of Trust: A secure foundation for verifying system integrity.

550. Runtime Integrity: Ensuring software operates correctly during execution.

551. Secure Multi-Party Computation (SMPC): Collaborative data processing without

revealing inputs.

552. Security Baseline: A standard configuration for secure system setup.

553. Session Replay: Capturing user interactions for analysis, with privacy risks.

554. Shadow Password: Storing password hashes in a restricted file for security.

555. Sideband Attack: Exploiting secondary channels, like timing or power usage.

556. Signed Firmware: Firmware with a digital signature to ensure authenticity.

557. Sinkhole Server: A server capturing malicious traffic for analysis.

558. Social Proof Attack: Exploiting trust in social cues to deceive victims.

559. Software Bill of Materials (SBOM): A list of components in a software product.

560. Spoofer: A tool or technique for forging network packets or identities.

561. Stack Smashing: Overwriting a program’s stack to execute malicious code.

562. State Machine Attack: Exploiting flaws in a system’s state transitions.

563. Supply Chain Integrity: Ensuring third-party components are secure.

564. Synthetic Monitoring: Simulating user interactions to detect security issues.

565. System Call Monitoring: Tracking low-level system interactions for anomalies.

566. Tarpit: A system slowing down malicious connections to deter attacks.

 567. Threat Landscape: The current state of cyber threats affecting an organization.

568. Time Bomb: Malicious code that activates at a specific time.

569. Token Impersonation: Using stolen tokens to masquerade as a legitimate user.

570. Traffic Correlation: Linking anonymized data to identify users.

571. Trusted Path: A secure channel for user-system interactions.

572. Turing Test Attack: Exploiting CAPTCHAs or other human-verification systems.

573. Typo-Squatting Attack: Registering domains with common misspellings to deceive

users.

574. Unattended Installation: Automated software installation, vulnerable to tampering.

575. User Agent Spoofing: Faking a browser’s user agent to bypass restrictions.

576. Virtual Machine Escape: Breaking out of a virtual machine to access the host.

577. VLAN Hopping: Exploiting VLAN configurations to access restricted networks.

578. Voice Spoofing: Using AI to mimic someone’s voice for fraud.

579. Web Cache Poisoning: Corrupting a web cache to serve malicious content.

580. Web Proxy Auto-Discovery (WPAD): Exploiting WPAD to redirect traffic.

581. Whistleblower Protection: Safeguarding individuals reporting security issues.

582. Zero-Hour Threat: A new threat with no known defenses.

583. Zone-Based Firewall: A firewall controlling traffic between network zones.

This glossary provides a comprehensive overview of cybersecurity terminology, covering

foundational concepts, advanced techniques, and emerging trends. It serves as a valuable resource
for professionals, students, and enthusiasts in the field.