Encryption |
The process of converting information or data into a code, especially to prevent unauthorized access. For example, SSL/TLS uses encryption algorithms to protect data in transit. |
Authentication |
The process of verifying the identity of a user or system. Authentication methods can include passwords, biometric data, SMS verification, and more. |
Authorization |
The process of determining what level of access or privileges a user or system should have. For example, a system administrator may have more authorization than a regular user. |
Firewall |
A security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. |
Malware |
Software that is intended to harm or damage computer systems, devices, and networks. Malware can include viruses, trojans, spyware, ransomware, and more. |
Vulnerability |
A weakness or flaw in a software system, device or network that could be exploited by an attacker to gain unauthorized access or cause damage. |
Exploit |
A technique or mechanism that takes advantage of a software vulnerability to carry out an attack. |
Penetration Testing |
The process of testing a system or network for vulnerabilities to identify weaknesses and potential security flaws. Penetration testing can include simulating attacks to determine the effectiveness of security measures. |
Access Control |
The process of regulating who or what is allowed access to specific resources or assets. Access control can be physical or digital and can include biometric data, passwords, tokens, and more. |
Patch |
An update or fix to a software system that addresses a vulnerability or bug. Patches are often released on a regular basis to help keep software secure and up-to-date. |
Threat Model |
A process for identifying potential threats to a system, network, or application. Threat modeling can help to identify potential vulnerabilities and help design security solutions that mitigate those risks. |
Cryptography |
The science of writing or solving codes. Cryptography is used extensively in software security to provide privacy, confidentiality, and authentication through the use of encryption algorithms. |
Denial of Service (DoS) |
An attack that is intended to deny legitimate users access to a system or network. DoS attacks can include overwhelming a network with traffic or exploiting vulnerabilities in the system to cause a disruption. |
Encryption Key |
A unique series of characters or code that is used to encrypt or decrypt data. Encryption keys can be symmetric (using the same key for encryption and decryption) or asymmetric (using separate keys for encryption and decryption). |
Input Validation |
The process of checking and validating user input to ensure that it meets expectations and doesn't contain unexpected, malicious, or malformed inputs. Input validation can help prevent potential security vulnerabilities by ensuring data is safe and formatted correctly. |
Security Audit |
A process of assessing and reviewing a system, network or application to identify potential vulnerabilities and areas of risk. A security audit can help to identify potential issues before they develop into larger problems, and ensure that all security measures are functioning effectively. |
Two-Factor Authentication (2FA) |
A security process that requires two forms of authentication in order to gain access. 2FA can include a password plus a biometric verification or SMS confirmation, helping to strengthen security by requiring multiple methods of authentication to access a system or network. |
Brute Force Attack |
An attack that involves trying all possible combinations of usernames and passwords until the correct combination is found. Brute force attacks can be mitigated by using strong passwords and implementing other authentication measures like 2FA. |
Secure Sockets Layer (SSL) |
A security protocol that is used to encrypt data in transit. SSL is commonly used to secure web traffic and prevent man-in-the-middle attacks. SSL has been replaced by the newer Transport Layer Security (TLS), though the terms SSL and TLS are often used interchangeably. |
Cross-Site Scripting (XSS) |
A type of attack that involves the injection of malicious scripts into a web page or application. Cross-site scripting attacks can be used to steal user data or hijack user sessions. |