Cybersecurity is a complex and rapidly evolving field that requires a deep understanding of technical terms and jargon. To help you navigate this landscape, we have compiled a comprehensive cybersecurity glossary.
A
Adware: Software that displays unwanted advertisements on a computer.
Antivirus: Software designed to detect and remove viruses from a computer or network.
Authentication: The process of verifying the identity of a user, device, or system.
Authorization: The process of granting or denying access to resources or services based on the identity of the user or device.
B
Backdoor: A hidden access point in a computer system that allows unauthorized access.
Botnet: A network of compromised computers or devices controlled by a hacker or cybercriminal.
Brute force attack: An attack that attempts to guess a password by trying every possible combination until the correct one is found.
C
Cloud security: The practice of protecting data, applications, and infrastructure hosted in the cloud.
Cybersecurity: The practice of protecting computer systems, networks, and data from unauthorized access, theft, or damage.
Cryptography: The practice of securing data by encoding it so that it can only be read by authorized parties.
Cybercrime: Criminal activity carried out using computers, networks, or the internet.
D
Data breach: A security incident in which sensitive or confidential data is accessed, stolen, or disclosed without authorization.
Denial of Service (DoS): An attack that floods a network or website with traffic to make it unavailable to users.
Ammmdm
E
Adware: Software that displays unwanted advertisements on a computer.
Antivirus: Software designed to detect and remove viruses from a computer or network.
Ammmdm
F
Firewall: A network security system that monitors and controls incoming and outgoing network traffic.
Firmware: Software that is permanently stored in a hardware device such as a router or printer.
Fraud: Deception or misrepresentation carried out for personal gain.
G
Gray Hat Hacker: A Gray Hat Hacker is a hacker who operates between ethical and unethical hacking practices, often using their skills to expose vulnerabilities or perform security research, but may also engage in malicious activities.
Google Dorking: Google Dorking is a technique used by hackers and security researchers to find sensitive or confidential information by using advanced search queries or operators on the Google search engine.
H
Hacker: A person who uses their technical skills to gain unauthorized access to computer systems or networks.
Hacking: The act of gaining unauthorized access to computer systems or networks.
I
Identity theft: The act of stealing someone's personal information, such as their name and social security number, to commit fraud or other crimes.
Intrusion detection system (IDS): A security system that monitors network traffic for signs of unauthorized access or malicious activity.
J
JSON Web Token (JWT): JSON Web Token (JWT) is a type of token used for authentication and authorization purposes in web applications, often used as a secure means of transmitting data between parties.
Jailbreaking: Jailbreaking refers to the process of removing software restrictions on mobile devices to allow for customization or the installation of unauthorized apps.
K
Keylogger: A Keylogger is a type of software or hardware device that records every keystroke made on a computer or mobile device, often used by attackers to steal sensitive information such as passwords or credit card numbers.
Kali Linux: Kali Linux is a Linux-based operating system designed for penetration testing and ethical hacking, featuring a suite of security tools for testing, auditing, and evaluating the security of computer systems and networks.
L
Lateral Movement: Lateral Movement is the process of spreading or expanding an attack across a network or system by exploiting vulnerabilities or gaining access to new systems or devices, often used by attackers to escalate privileges and access sensitive data.
Local Area Network (LAN): A Local Area Network (LAN) is a network of interconnected devices within a limited geographic area, often used in homes, schools, or businesses to facilitate communication, file sharing, and resource sharing.
M
Malware: Software designed to harm or damage computer systems, networks, or devices.
Man-in-the-middle (MitM) attack: An attack where an attacker intercepts and alters communication between two parties.
Mobile device management (MDM): The practice of securing and managing mobile devices such as smartphones and tablets.
Multi-factor authentication (MFA): A security process that requires users to provide two or more forms of identification to access a system or network.
N
Network: A group of devices connected to each other to share data and resources.
Network security: The practice of securing computer networks from unauthorized access or damage.
Non-repudiation: The assurance that a sender cannot deny sending a message or that a receiver cannot deny receiving a message.
O
OAuth: OAuth is an open-standard authorization protocol that allows third-party applications to access user data from online services without having to store the user’s credentials.
OSI Model (Open Systems Interconnection Model): The OSI Model is a conceptual framework used to describe the communication functions of a networking system, consisting of seven layers that define how data is transmitted and received.
P
Patch: A software update that fixes a vulnerability or bug in a computer system or application.
Penetration testing: A security assessment that simulates an attack on a computer system or network to identify vulnerabilities.
Phishing: A social engineering attack that attempts to trick users into revealing sensitive information or installing malware.
Public key infrastructure (PKI): A system that uses digital certificates
Q
Quantum cryptography: A technique for securing data using the principles of quantum mechanics.
R
Ransomware: A type of malware that encrypts a user's data and demands payment in exchange for the decryption key.
Risk assessment: The process of evaluating the potential threats and vulnerabilities to a computer system or network.
Rootkit: Malware that hides its presence on a computer system and gives a hacker access to the system.
S
Social engineering: The use of psychological manipulation to trick users into revealing sensitive information or performing actions that may harm a computer system or network.
Spam: Unsolicited and unwanted email messages that are sent in bulk.
Spoofing: The act of disguising the source of an email, phone call, or network traffic to trick the recipient or system into taking a certain action.
Spyware: Software that monitors a user's computer activity and sends the data to a third party without the user's consent.
SQL injection: An attack that exploits a vulnerability in a website or application's database by injecting malicious code into a SQL query.
T
Trojan horse: Malware that disguises itself as legitimate software and gains access to a computer system or network.
Two-factor authentication (2FA): A security process that requires users to provide two forms of identification to access a system or network.
U
UDP (User Datagram Protocol): User Datagram Protocol (UDP) is a transport protocol that operates at the Transport Layer of the OSI Model. UDP is used to send datagrams, which are self-contained units of data, over a network.
User-Agent: User-Agent is a string of text that identifies the browser, operating system, and other relevant information about the user’s device when accessing a website or service on the Internet.
V
Vulnerability: A weakness or flaw in a computer system or network that can be exploited by an attacker.
W
Worm: A self-replicating malware that spreads through a computer system or network.
X
XSS (Cross-Site Scripting): XSS (Cross-Site Scripting) is a type of cyber attack in which an attacker injects malicious code into a web page viewed by other users.The code is then executed by the user’s web browser, allowing the attacker to steal sensitive information, perform unauthorized actions, or spread malware.
XOR Encryption: XOR Encryption is a simple encryption technique that uses the XOR (exclusive OR) operation to encrypt and decrypt data.It is commonly used in computer security as a basic encryption method.
Y
Yara: Yara is an open-source tool used to create custom malware signatures and detect patterns in files and processes.
YAML: YAML (Yet Another Markup Language) is a human-readable data serialization format used for configuration files.
Z
Zero-day vulnerability: A vulnerability that is unknown to the software vendor or the public and can be exploited by attackers before a patch is released.
