The Cybersecurity Glossary
Clear, accurate definitions for every cybersecurity term — from APT to Zero-Day.
501 terms
Browse by category
Featured terms
Phishing
A social-engineering attack in which an attacker impersonates a trusted party to trick a victim into revealing credentials, transferring money, or running malware.
Spear Phishing
A targeted phishing attack tailored to a specific individual or organization using personal or professional details collected in advance.
Whaling
A spear-phishing attack aimed at senior executives or other high-value targets, typically seeking large fraudulent payments or access to strategic information.
Smishing
Phishing delivered via SMS or other mobile-messaging channels to trick victims into clicking malicious links, calling fraudulent numbers, or revealing data.
Vishing
Phishing conducted over voice channels — phone calls or VoIP — to manipulate victims into revealing credentials, payments, or remote access.
Pharming
An attack that silently redirects users from a legitimate site to a malicious one by tampering with DNS, hosts files, or local routing — without requiring the victim to click a link.
Man-in-the-Middle Attack
An attack in which an adversary secretly relays or alters communications between two parties who believe they are talking directly to each other.
Distributed Denial-of-Service (DDoS) Attack
A denial-of-service attack carried out from many distributed sources simultaneously — typically a botnet — to overwhelm a target's bandwidth, infrastructure, or application.
Browse by letter
A
- AAA Framework
- Abuse Case
- Accounting (AAA)
- Active Directory
- Advanced Persistent Threat (APT)
- Adware
- AES (Advanced Encryption Standard)
- Anomaly-Based Detection
- Anti-Forensics
- API Security
- Application Security (AppSec)
- Argon2
- ARP Spoofing
- Artifact Analysis
- Asset Management
- Asymmetric Encryption
- Attack Surface Management (ASM)
- Attribute-Based Access Control (ABAC)
- Authentication
- Authorization
B
- Backdoor
- Baiting
- Banking Trojan
- bcrypt
- Behavioral Biometrics
- Biometric Authentication
- BIOS Rootkit
- BLAKE2
- Block Cipher
- Blowfish
- Blue Team
- Bluebugging
- Bluejacking
- Bluesnarfing
- Boot Sector Virus
- Bootkit
- Botnet
- Bring Your Own Key (BYOK)
- Broken Access Control
- Broken Authentication
- Browser Hijacker
- Brute Force Attack
- Buffer Overflow
- Business Email Compromise
- Business Impact Analysis (BIA)
C
- Cache Poisoning
- Canary Token
- CASB (Cloud Access Security Broker)
- CCPA
- CEO Fraud
- Certificate Authority (CA)
- Certificate Pinning
- Certificate Revocation List (CRL)
- ChaCha20
- Chain of Custody
- Change Management
- CIEM (Cloud Infrastructure Entitlement Management)
- Cipher Suite
- CIS Controls
- Clickjacking
- Cloud Encryption
- Cloud Forensics
- Cloud Misconfiguration
- Cloud Security
- CMMC
- CNAPP (Cloud-Native Application Protection)
- COBIT
- Cold Boot Attack
- Command and Control (C2)
- Command Injection
- Compensating Controls
- Compliance
- Computer Virus
- Computer Worm
- Confidential Computing
- Configuration Management
- Container Security
- Content Security Policy (CSP)
- Cookie Hijacking
- Cookie Poisoning
- Corrective Controls
- CORS (Cross-Origin Resource Sharing)
- Coverage-Guided Fuzzing
- Credential Stealer
- Credential Stuffing
- Credential Vault
- Cross-Site Request Forgery (CSRF)
- Cross-Site Scripting (XSS)
- Cryptographic Hash Function
- Cryptographic Key
- Cryptography
- Cryptojacking
- Cryptominer
- CSPM (Cloud Security Posture Management)
- CSV Injection
- CVE (Common Vulnerabilities and Exposures)
- CVE Numbering Authority (CNA)
- CVSS (Common Vulnerability Scoring System)
- CWE (Common Weakness Enumeration)
- CWPP (Cloud Workload Protection Platform)
- Cyber Threat Intelligence (CTI)
- Cybersquatting
D
- DAST (Dynamic Application Security Testing)
- Data Protection Impact Assessment
- DDoS Amplification
- Decryption
- Deep Packet Inspection (DPI)
- Demilitarized Zone (DMZ)
- Denial-of-Service (DoS) Attack
- DES (Data Encryption Standard)
- Detective Controls
- DevSecOps
- DFIR (Digital Forensics and Incident Response)
- Dictionary Attack
- Diffie–Hellman Key Exchange
- Digital Forensics
- Digital Signature
- Directory Traversal
- Dirty COW
- Discretionary Access Control (DAC)
- Disk Forensics
- Distributed Denial-of-Service (DDoS) Attack
- DNS Amplification Attack
- DNS Cache Poisoning
- DNS Hijacking
- DNS over HTTPS (DoH)
- DNS over TLS (DoT)
- DNS Spoofing
- DNSSEC
- Domain Hijacking
- Double Free
- Downloader
- Doxware
- DREAD Model
- Drive-by Download
- Dropper
- DROWN Attack
- Dumpster Diving
E
- ECDH
- ECDSA
- EDR (Endpoint Detection and Response)
- Elliptic Curve Cryptography (ECC)
- Email Spoofing
- Encryption
- EPP (Endpoint Protection Platform)
- EPSS (Exploit Prediction Scoring System)
- EternalBlue (CVE-2017-0144)
- Evidence Acquisition
- Evil Twin Attack
- Exploit
- Extended Validation Certificate
- External Attack Surface Management (EASM)
F
G
H
- Hardware Trojan
- Heap Overflow
- Heartbleed (CVE-2014-0160)
- HIPAA
- HMAC
- HMAC-Based One-Time Password (HOTP)
- Hold Your Own Key (HYOK)
- Homomorphic Encryption
- Honeynet
- Honeypot
- Honeytoken
- Horizontal Privilege Escalation
- Host Header Injection
- Host-Based IDS (HIDS)
- HTTP Desync Attack
- HTTP Request Smuggling
- HTTP Response Splitting
- HTTP Security Headers
- HTTP Strict Transport Security (HSTS)
- HttpOnly Cookie Flag
- HTTPS
I
- IAM Misconfiguration
- IAST (Interactive Application Security Testing)
- Identity and Access Management (IAM)
- IEEE 802.1X
- Incident Response
- Incident Response Plan
- Indicator of Attack (IoA)
- Indicator of Compromise (IoC)
- Info Stealer
- Infrastructure as a Service (IaaS)
- Initialization Vector (IV)
- Input Validation
- Insecure Deserialization
- Insecure Direct Object Reference (IDOR)
- Insecure File Upload
- Integer Overflow
- Intrusion Detection System (IDS)
- Intrusion Prevention System (IPS)
- Invoice Fraud
- IP Spoofing
- IPsec
- ISO/IEC 27001
- ISO/IEC 27002
- ITIL
J
K
L
M
- MAC Spoofing
- Machine Identity
- Macro Virus
- Malvertising
- Malware
- Malware Analysis
- Man-in-the-Middle Attack
- Mandatory Access Control (MAC)
- Mass Assignment
- Master Key
- MD5
- MDR (Managed Detection and Response)
- Mean Time to Contain (MTTC)
- Mean Time to Detect (MTTD)
- Mean Time to Recover (MTTR)
- Mean Time to Respond (MTTR)
- Meltdown
- Memory Corruption
- Memory Forensics
- Memory Leak
- Message Authentication Code (MAC)
- Metamorphic Malware
- Microsegmentation
- Misuse Case
- MITRE ATT&CK
- MITRE D3FEND
- Mobile Forensics
- Mobile Malware
- Multi-Factor Authentication (MFA)
- Mutation Fuzzing
- Mutual TLS (mTLS)
N
- N-Day Vulnerability
- NDR (Network Detection and Response)
- Network Access Control (NAC)
- Network Address Translation (NAT)
- Network Forensics
- Network Segmentation
- Network-Based IDS (NIDS)
- Next-Generation Firewall (NGFW)
- NIST Cybersecurity Framework
- NIST Risk Management Framework
- NIST SP 800-171
- NIST SP 800-53
- Non-Resident Virus
- Nonce
- NoSQL Injection
- NTLM Authentication
- NTP Amplification Attack
- Null Pointer Dereference
O
P
- Packet Filtering
- Parameter Tampering
- Parameterized Query
- Passkey
- Passphrase
- Password
- Password Manager
- Password Spraying
- Patch Management
- Payload
- PBKDF2
- PCI DSS
- Penetration Testing
- Pepper
- Perfect Forward Secrecy
- Pharming
- Phishing
- Piggybacking
- Ping of Death
- Platform as a Service (PaaS)
- Polymorphic Malware
- POODLE Attack
- Port Forwarding
- Port Knocking
- Post-Quantum Cryptography
- Potentially Unwanted Program (PUP)
- Preservation of Evidence
- Pretexting
- Preventive Controls
- Principle of Least Privilege
- PrintNightmare (CVE-2021-34527)
- Private Key
- Privilege Escalation
- Privileged Access Management (PAM)
- Proof-of-Concept Exploit
- Prototype Pollution
- Proxy Server
- ProxyLogon
- ProxyShell
- Public Key
- Public Key Infrastructure (PKI)
- Public-Key Cryptography
- Purple Team
- Push Authentication
Q
R
- Race Condition
- RADIUS
- Rainbow Table Attack
- Ransomware
- Ransomware-as-a-Service (RaaS)
- RASP (Runtime Application Self-Protection)
- Recovery Point Objective (RPO)
- Recovery Time Objective (RTO)
- Red Team
- Relay Attack
- Remote Access Trojan (RAT)
- Remote Access VPN
- Remote File Inclusion
- Replay Attack
- Resident Virus
- Reverse Engineering
- Reverse Proxy
- Rogue Access Point
- Rogue Security Software
- Role-Based Access Control (RBAC)
- Romance Scam
- Rootkit
- Rowhammer
- RSA Algorithm
S
- S3 Bucket Misconfiguration
- Salsa20
- Salt
- SameSite Cookie
- SAML
- SANS Top 25
- Sarbanes-Oxley Act (SOX)
- SAST (Static Application Security Testing)
- SCA (Software Composition Analysis)
- Scareware
- Screen Scraper
- scrypt
- Secure Coding
- Secure Cookie Flag
- Secure Enclave
- Secure Software Development Lifecycle (SSDLC)
- Security Baseline
- Security Controls
- Security Operations Center (SOC)
- Security Posture
- Security Requirements
- Self-Signed Certificate
- Server-Side Request Forgery (SSRF)
- Server-Side Template Injection
- Serverless Security
- Service Account
- Service Level Agreement (SLA)
- Session Fixation
- Session Hijacking
- Session Key
- Session Management
- SHA-1
- SHA-256
- SHA-3
- Shared Responsibility Model
- Shellshock (CVE-2014-6271)
- Shift-Left Security
- Shoulder Surfing
- Side-Channel Attack
- SIEM
- Signature-Based Detection
- Single Sign-On (SSO)
- Site-to-Site VPN
- Smishing
- Smurf Attack
- SOAR
- SOC 2
- Social Engineering
- Software as a Service (SaaS)
- Spear Phishing
- Spectre
- Spring4Shell
- Spyware
- SQL Injection
- SSL (Secure Sockets Layer)
- SSL Stripping
- SSL VPN
- SSPM (SaaS Security Posture Management)
- Stack Overflow Vulnerability
- Stateful Firewall
- Stateless Firewall
- Stealth Malware
- Steganalysis
- Strategic Threat Intelligence
- Stream Cipher
- STRIDE Model
- Subresource Integrity (SRI)
- Supply Chain Attack
- Symbolic Execution
- Symmetric Encryption
- SYN Flood
- System Hardening
T
- Tabletop Exercise
- Tabnabbing
- TACACS+
- Tactical Threat Intelligence
- Tactics, Techniques and Procedures (TTPs)
- Tailgating
- Teardrop Attack
- Tech Support Scam
- Tenant Isolation
- Threat Hunting
- Threat Intelligence
- Threat Modeling
- Time Bomb
- Time-Based One-Time Password (TOTP)
- Timeline Analysis
- Timing Attack
- TLS (Transport Layer Security)
- TOCTOU Vulnerability
- Trackware
- Transparent Proxy
- Trike
- Triple DES (3DES)
- Trojan Horse
- Trusted Execution Environment (TEE)
- Two-Factor Authentication (2FA)
- Twofish
- Typosquatting