Packet
A Packet is the unit of data that is routed between an origin and a destination on the Internet or any other packet-switched network. TCP packets, passed over TCP/IP networks …
A Ping of Death (PoD) is a type of Denial of Service (DoS) attack that deliberately sends IP packets larger than the 65,536 bytes allowed by the IP protocol. One of …
Common Vulnerabilities and Exposures (CVE) is a list of computer security flaws ranked on critical measures to aid individuals and companies with assessing the risk posed by the vulnerability or exposure …
Real User Monitoring (RUM) is a form of performance monitoring that captures and analyzes user activity and transacations on a website or application. It’s also known as real user measurement, …
Cross-Site Scripting (XSS) is an attack vector where hackers inject malicious code into a vulnerable web application. XSS differs from other web attack vectors in that it does not directly …
A Hypervisor, also known as a Virtual Machine Monitor or VMM, is software that creates and manages virtual machines (VMs). A hypervisor allows a computer to maintain many guest VMs …
Cross-Site Request Forgery (CSRF), also known as XSRF, is an attack method that fools a web browser into performing unwanted actions in a user application. Similar to Phishing Attacks, CSRFs …
The IETF (Internet Engineering Task Force) is the organization that defines standard Internet operating protocols such as TCP/IP. The IETF is a community of network designers, operators, vendors, and researchers concerned with …
A Domain Name System (DNS) is essentially the ‘phonebook’ of the Internet. DNS is an elaborate, fault-tolerant way of connecting people to resources online. While it is quite complex, this …
Sender Policy Framework (SPF) is an anti-spam tool where email domains of the senders can be authenticated. SPF works hand-in-hand with DKIM and DMARC to help authenticate email messages to …
Non-Public Personal Information (NPPI) is personal and private information that’s provided by a consumer to some entity for their use. This information includes the following examples: Name, address, income, social …
Anti-Censorship are methods to combat censorship – for example, preventing search results from being blocked or interfered with. The growth of online platforms (Facebook, Instagram, Twitter, etc.) raises important questions …
A Graphical User Interface (GUI), often pronounced ‘gooey’, is a user interface that includes graphical elements, such as windows, icons, and buttons. The term was created in the 1970s to distinguish graphical interfaces from text-based …
A Solid State Drive (SSD) is a type of storage device that supports reading and writing data and stores the data in a permanent state even without a power source …
The Internet of Things (IoT) is any device or machine that has the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction. IoT is essentially any …
Zoom Bombing is where an unauthorized person enters your Zoom video conference to cause disruptions or to gain sensitive information. Many companies and schools have begun using video conferencing extensively …
Elliptic Curve Cryptography (ECC) is a public key encryption method that is based on elliptic curve theory that is used to create faster, smaller, and more efficient cryptographic keys. Historically, …
White Box Testing is a form of penetration testing which tests internal structures of an application, as opposed to the applications functionality (also known as Black Box Testing). Programming skills …
A Fragment Overlap Attack, also known as an IP Fragmentation Attack, is an attack that is based on how the Internet Protocol (IP) requires data to be transmitted and processed. …
An Infrastructure as a Service (IaaS) is a cloud based service that helps companies build and manage their data as they grow, paying for the storage and server space that …
Steganography (pronounced: steh·guh·naa·gruh·fee) is the technique of hiding data secretly within an ordinary, non-secret, file or message in order to avoid detection. The use of steganography can be combined with …
Software as a Service (SaaS) is a cloud-based service where instead of downloading software to your desktop PC or business network to run and update, you instead access an application …
Human-Machine Interface (HMI) is the hardware or software through which an operator interacts with a controller. An HMI can range from a physical control panel with buttons and indicator lights …
A Test Oracle is a mechanism for determining whether the program has passed or failed a test. The use of test oracles involves comparing the output of the system under …
Black Box Testing is a method of software testing that examines the functionality of an application without peering into its internal software structures (which is known as White Box Testing). …
Near Field Communications (NFC) is a short-range wireless technology that enables simple and secure communication between electronic devices. It may be used on its own or in combination with other …
Radio Frequency IDentification (RFID) is a system used to track objects, people, or animals using tags that respond to radio waves. RFID tags are integrated circuits that include a small …
Dynamic Code Analysis is a method used to analyze an application during its execution. This Dynamic Code Analysis process is often broken up into these steps: Preparing input data; Running …
Voice over Internet Protocol (VoIP) is essentially a telephone connection over the Internet. The data is sent digitally, using the Internet Protocol (IP) instead of analog telephone lines. This allows people …
A Content Delivery Network (CDN) is a geographically distributed group of servers that work together to provide fast delivery of Internet content. A CDN allows for the fast transfer of …
Application Fuzzing, originally developed by Barton Miller at the University of Wisconsin in 1989, is a testing method used to discover coding errors and security loopholes in software, operating systems …
An Application Proxy is one of the most secure firewall types that can be deployed. The application proxy sits between the protected network and the rest of the world. Every packet …
An Application Security Assessment is performed either manually or automatically, generally continuing throughout the software development life cycle. It will typically include focusing on using secure protocols, performing defined security …
Dwell Time is the amount of time threat actors go undetected in an environment. In other words, when a hacker intrudes into your network or systems, the dwell time is …
Internet Protocol Security (IPSec) is a set of protocols that provides security for Internet Protocol using advanced cryptography. IPSec is similar to a Secure Socket Layer (SSL), except that SSLs …
A Secure Socket Layer (SSL) is a security protocol developed by Netscape in the 1990’s for sending information securely (encrypted) over the Internet. Once upon a time, websites could only …
A Reverse Proxy is a server that sits in front of one or more web servers, intercepting requests from clients. This is different from a forward proxy, where the proxy …
A Web Application Firewall (WAF) is used to protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web applications from attacks …
Static Code Analysis is the analysis of software code when the program is not running. The analysis of the running or compiled, executing code is called Dynamic Code Analysis. The …
A Google Dork query, sometimes just referred to as a dork, is a search string that uses advanced search operators to find information that is not readily available on a website. Google dorking, …
A Point-to-Point Tunneling Protocol (PTTP) is a networking standard that is used when connecting to a Virtual Private Network (VPN). VPNs are a way to create online privacy and anonymity …
A Drive-By Download is the unintentional download of malicious code to your computer or mobile device that may compromise your computer leaving you open to further attack by hackers. Many …
Sandboxing is a cybersecurity term relating to various techniques used to protect your network and computing infrastructure from compromise by malicious software (aka: Malware). In one method, sandboxing provides a …
A Wireless Application Protocol (WAP) is an old standard that allowed early mobile phones to access the Internet through something called a WAP Gateway. The WAP Gateway identified the device …
A Wired Equivalent Privacy (WEP) is a deprecated wireless security protocol that was designed to provide a wireless local area network (WLAN) with a high level of security and privacy …