36 Security Terms You Need to Know
36 Security Terms You Need to Know
Looking to learn more about the cybersecurity field? We've created this list of need-to-know terms to help introduce you to this fascinating subject.
Join the DZone community and get the full member experience.Join For Free
The topic of security in software development is diverse and often carries many different meanings to different teams. To help clear up questions and confusion surrounding security, the Editorial Team here at DZone compiled a list of some of the most import security-related terms that you should know.
Anomaly detection: AI and ML's ability to detect abnormal logins, movement within the network, or the export of files.
Application security (AppSec): An IT field where specialists focus on secure application design and are familiar with programming.
Authentication: A mechanism that confirms a user’s identity when they are requesting access to a resource in a system. This is generally handled by granting users an access token when they confirm their identity through a mechanism such as a password.
Bitcoin: A digital currency (cryptocurrency) that is not ruled by any governing body.
Blockchain: A large database of transactions, also known as a transaction ledger.
Content delivery network (CDN): A hosted, geographically-distributed server network that improves website file delivery and performance. It can also include security features such as DDoS protection.
Continuous threat management: Adaptive and predictive defense based on prevention technology to be ready for timely incident response.
Cross-site request forgery (CSRF): A malicious web exploit in which an attacking program forces a user’s browser to perform an unwanted action on a site where the user is currently authenticated.
Cryptocurrency: An encrypted digital exchange whose encryption techniques are used as a method to ensure that secure transactions that are both regulated and verified take place.
Cybersecurity: A practice designed to protect computers, data, and networks from potential attacks or unauthorized access.
Data exfiltration: An unauthorized transfer of data. It can be carried out manually or through a malicious automated program.
Decentralized Autonomous Organization (DAO): An organization that serves as a form of a venture capital fund. It runs through smart contracts and its transaction records are maintained in a blockchain.
Denial of Service Attack (DDoS): A type of attack that uses multiple compromised systems that are forced to visit a website or system and overload its bandwidth in order to cause an outage.
DevSecOps: The integration of security into the DevOps methodology.
Dynamic applications security testing (DAST): An analysis of an application's security that only monitors the runtime environment and the code that is executed in it. It simulates potential attacks and analyzes the results.
Encryption: A method of encoding data so that it is unreadable to parties without a method of decryption.
Exploit: A piece of code that takes advantage of a vulnerability in computer software or hardware in order to produce undesirable behavior.
Injection attack: A scenario where attackers relay malicious code through an application to another system for malicious manipulation of the application. These attacks can target an operating system via system calls, external programs via shell commands, or databases via query language (SQL) injection.
Interactive application security testing (IAST): A combination of SAST and DAST that is usually implemented in the form of an agent that monitors attacks and identifies vulnerabilities within the test runtime environment.
Malware: A software that is meant to cause harm to computers or programs.
Obfuscation layer: Designed to provide a high level of protection on the critical parts of code.
Open web application security project (OWASP): An online community of corporations, educational organizations, and individuals focused on providing web security tools, resources, events, and more for the wider development community.
Ransomware: A type of malware that restricts or blocks access to the victim's system until a ransom is paid, typically in cryptocurrencies such as Bitcoin.
Risk management: Prioritizing what's most important to secure based on the company or industry.
Runtime application self-protection (RASP): A feature that is built into an application in order to detect and halt attacks in real-time, automatically.
Reentrancy attacks: An attack where untrusted code reenters a contract and manipulates state.
Secure sockets layer (SSL): An encrypted link that serves as a means to keep information secure that is passed between the web server and private browsers.
Security by design: Security is integrated at the beginning of the SDLC.
Single sign-on (SSO): A user or session authentication process that allows a user to enter one set of credentials in order to access multiple applications that are connected by the SSO software.
SQL injection: A code injection technique, used to attack data-driven applications, in which nefarious SQL statements are inserted into an entry field for execution.
Static application security testing (SAST): An analysis of an application's security that looks at an application's source code, bytecode, or binary code to determine if there are parts that could allow security exploits by attackers.
Threat vector: A path or means by which a hacker (or cracker) can gain access to a computer or network server in order to deliver a payload or malicious outcome.
Turing complete: A system theoretically capable of solving any computational problem if memory or runtime limitations are not taken into consideration.
Web application firewall (WAF): An appliance or application that monitors, filters, and blocks HTTP transmissions to a website based on customizable rules.
Zero day: A vulnerability that is currently unknown to the software maker or to antivirus vendors. It also refers to a piece of code that allows attackers to exploit a zero day vulnerability.
Opinions expressed by DZone contributors are their own.