Cyber Security Glossary

AJAX progress indicator
  • Term
  • The Advanced Encryption Standard (AES) is a symmetric encryption algorithm established by the U.S. National Institute of Standards and Technology (NIST) in 2001. It was designed to replace the aging Data Encryption Standard (DES) and provide a more secure method for encrypting sensitive data. Today, AES is used worldwide by governments, cybersecurity professionals, and organizations to protect digital information.
  • Authentication is a crucial aspect of cybersecurity and digital identity management. It refers to the process of verifying the identity of a person, system, or device before granting access to a particular resource, such as a network, system, or application. Authentication essentially answers the question: "Are you who you claim to be?"
  • Authorization is a critical aspect of information security and access control that determines the permissions or activities that a user, system, or device is allowed to perform. It essentially answers the question, "What are you allowed to do?" Authorization comes into play after successful authentication, which confirms a user's identity.
  • Broken Access Control is a security vulnerability that can occur in an application when its controls for authorizing users and verifying what they are allowed to do are not correctly implemented. This flaw can allow malicious actors to bypass authorization and perform tasks as if they were legitimate users, even administrators.
  • Command Injection is a type of security vulnerability that allows an attacker to execute arbitrary commands on a system's host operating system. This vulnerability typically arises when an application passes unsafe user-supplied data (forms, cookies, HTTP headers, etc.) to a system shell.
  • Cross-Site Scripting, commonly known as XSS, is a type of security vulnerability typically found in web applications. It allows attackers to inject malicious scripts into web pages viewed by other users. Unlike many other types of cyber attacks, XSS targets the users of a web application rather than the application itself.
  • Encryption is a critical component of modern digital communication and data storage. It's a process that transforms readable data, known as plaintext, into an unreadable format, referred to as ciphertext. The purpose of encryption is to protect the confidentiality of digital data either stored on computing systems or transmitted through the internet or other networks.
  • A firewall is a critical piece of security infrastructure designed to monitor and control incoming and outgoing network traffic based on predetermined security rules. Serving as a barrier between a trusted internal network and untrusted external networks, such as the Internet, a firewall acts as a filter that can block or allow traffic based on its security settings.
  • Malware, short for malicious software, is a term used to describe any software designed with the intent to cause damage to a computer system, server, client, or computer network. This broad category of cyber threats includes viruses, worms, Trojans, ransomware, spyware, adware, and other harmful programs.
  • The Principle of Least Privilege (PoLP) is a crucial computer security concept that recommends limiting user access rights and privileges to only what is necessary for their job functions. This principle is applied across different areas of IT including system administration, software development, and database management, among others.
  • SQL Injection is a common and dangerous cybersecurity vulnerability that targets the database layer of an application. It occurs when an attacker can insert malicious SQL (Structured Query Language) statements into an input field for execution, which can lead to unauthorized access, data theft, data manipulation, or even denial of service.
  • A vulnerability, in the context of cybersecurity, is a weakness or flaw in a system's design, implementation, operation, or internal control that could be exploited to violate the system's security policy. Vulnerabilities can exist in various forms, including software bugs, hardware defects, unencrypted data, weak passwords, or even human error.
  • A Web Application Firewall (WAF) is a specific kind of firewall designed to protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet. It provides a shield between the internet and web applications, analyzing HTTP/HTTPS requests before they reach the application server for processing.
× Whatsapp Us!