Security Glossary
Essential security terms and definitions — from CVE and CVSS to OWASP, CIS benchmarks, and zero-day vulnerabilities.
A
API Security
The practice of protecting application programming interfaces from attacks, unauthorized access, and data exposure.
Asset Discovery
The process of identifying all internet-facing assets — domains, subdomains, IPs, and services — belonging to an organization.
Attack Surface
The total set of points where an unauthorized user can try to enter or extract data from an environment.
Attack Surface Management (ASM)
The continuous process of discovering, analyzing, and reducing an organization's external attack surface.
C
CAA Record
A DNS record that specifies which certificate authorities are authorized to issue SSL/TLS certificates for a domain.
Certificate Transparency
A public logging system that records all SSL/TLS certificates issued by certificate authorities.
CIS Benchmarks
Community-developed security configuration guidelines for hardening operating systems, software, and cloud infrastructure.
Cloud Exposure
Misconfigured or publicly accessible cloud resources such as storage buckets, databases, or APIs.
Credential Stuffing
An automated attack that uses stolen username/password pairs from data breaches to gain unauthorized access to other accounts.
CVE (Common Vulnerabilities and Exposures)
A standardized identifier for publicly known cybersecurity vulnerabilities, such as CVE-2024-12345.
CVSS (Common Vulnerability Scoring System)
A standardized framework for rating the severity of security vulnerabilities on a 0–10 scale.
D
Data Breach
An incident where sensitive, protected, or confidential data is accessed or disclosed without authorization.
DKIM (DomainKeys Identified Mail)
An email authentication method that uses cryptographic signatures to verify that an email was sent by an authorized server.
DMARC (Domain-based Message Authentication)
An email authentication protocol that tells receiving mail servers how to handle messages that fail SPF or DKIM checks.
DNS Security
Measures to protect the Domain Name System from attacks such as spoofing, cache poisoning, and zone transfer leaks.
DNSSEC
A set of extensions to DNS that provide cryptographic authentication of DNS data, preventing spoofing and cache poisoning.
E
Encryption
The process of converting data into a coded format that can only be read by someone with the correct decryption key.
EPSS (Exploit Prediction Scoring System)
A model that estimates the probability that a vulnerability will be exploited in the wild within the next 30 days.
Exposed Service
A network service (web server, database, SSH) that is accessible from the internet, whether intentionally or not.
F
False Positive
A security alert or finding that incorrectly identifies a non-existent vulnerability or threat.
Finding
A raw detection result from a security scanner, representing a potential vulnerability, misconfiguration, or exposure.
Firewall
A network security device or software that monitors and controls incoming and outgoing network traffic based on defined rules.
I
Incident Response
The organized approach to addressing and managing the aftermath of a security breach or cyberattack.
Information Disclosure
A vulnerability where a system inadvertently reveals sensitive information such as internal paths, version numbers, or stack traces.
Issue
A tracked, actionable security problem created from one or more scanner findings that requires investigation or remediation.
M
Malware
Malicious software designed to damage, disrupt, or gain unauthorized access to computer systems.
MFA (Multi-Factor Authentication)
A security method requiring two or more forms of verification before granting access to an account.
Misconfiguration
A security weakness caused by incorrect or suboptimal configuration of systems, services, or cloud infrastructure.
P
Penetration Testing
An authorized simulated attack on a system to evaluate its security by attempting to exploit vulnerabilities.
Phishing
A social engineering attack that uses deceptive emails, messages, or websites to trick users into revealing sensitive information.
Port Scanning
The process of sending network packets to a range of ports on a host to discover which services are running and accessible.
S
Security Headers
HTTP response headers that enable browser-side security features to protect against common web attacks.
Severity
A classification of how dangerous a vulnerability is, typically rated as critical, high, medium, or low.
Shadow IT
Technology systems, software, or cloud services used within an organization without the knowledge or approval of the IT department.
SLA (Service Level Agreement)
A commitment defining the maximum time allowed to remediate vulnerabilities based on their severity level.
SPF (Sender Policy Framework)
An email authentication protocol that specifies which mail servers are authorized to send email on behalf of a domain.
SSL/TLS
Cryptographic protocols that provide secure, encrypted communication between web browsers and servers.
Subdomain Takeover
A vulnerability where an attacker gains control of a subdomain by claiming an unconfigured or abandoned external service it points to.
T
Threat Intelligence
Evidence-based knowledge about existing or emerging cyber threats, used to make informed security decisions.
Threat Level
An overall assessment of an organization's security risk posture based on the severity and quantity of detected vulnerabilities.
TLS Certificate
A digital certificate that authenticates a website's identity and enables encrypted HTTPS connections.
Secure your entire stack today
Start scanning in under 5 minutes. No credit card required. 14-day free trial included.