Glossary

Hacker is a person who uses computer, networking, programming or related skills to hack into a cyber system, ethically or unethically.

Read more: What Is a Hacker? – Cisco 

In this type of scanning, vulnerabilities are detected by analyzing the behavior and patterns of files or targets and not by relying on pre-defined signatures. Read more: How scanners find vulnerabilities | Acunetix 

Interactive Application Security Testing (IAST) is a testing solution developed by combining features of Dynamic application security testing (DAST) and Static application security testing (SAST). Here the code is analyzed while carrying out dynamic testing methods on the application.

Read more: What Is IAST and How Does It Work? | Synopsys 

Integrity means that data can be trusted. It should be maintained in a correct state, kept so that it may not be tampered with, and should be correct, authentic, and reliable.

Read more: What is the CIA Triad? Definition, Importance, & Examples 

IPSec, short for Internet Protocol Security, is a framework comprising of a number of protocols used to ensure secure data transfer over public networks.

Read more: What is IPsec? | How IPsec VPNs work | Cloudflare 

Malware, short for malicious software, is a computer program created to harm computer systems of legitimate users.

Read more: What is Malware? Detection & Removal Methods | CrowdStrike 

Man-in-the-middle (MITM) attack is a common cyberattack where a hacker eavesdrops on the communication between two legitimate users. In this attack the hacker is able to listen to or even modify the communication of two victims.

Read more: All about Man-in-the-Middle Attacks | Acunetix 

A managed security service provider (MSSP) provides third party services to monitor and maintain the network security of an organization. This can include services like managed firewall, intrusion detection, virtual private network, vulnerability scanning, antiviral services etc.

Read more: Definition of Managed Security Service Provider (MSSP) – IT Glossary | Gartner 

Penetration testing (or pen testing) is a simulated attack executed by a trusted professional on a computer system, with the intention of finding vulnerabilities and exploiting them, avoiding any impact on information security, so that the vulnerabilities can be patched up before been discovered by a hacker.

Read more: Penetration testing vs vulnerability scanning | Acunetix 

Pharming is the malicious act of redirecting an internet user to a spoofed website instead of the intended website with the intention of engaging in cyber crimes using the user’s credentials and information.

Read more: What Is Pharming and How To Protect Against Attacks | Fortinet 

Phishing is a cybercrime where attackers try to trick you to gain access to your sensitive and personal information, by disguising themselves as a trustworthy source.

Read more: What is phishing? How to recognize and avoid phishing scams | NortonLifeLock 

Ransomware is a type of malware where an attacker locks up the data of a victim and demands a ransom in order to restore access to the data.

Read more: What is Ransomware? | IBM 

A team of external security professionals who perform an activity where Tactics, Techniques, and Procedures (TTPs) are used to carry out a mock attack with the intention of measuring the effectiveness of processes, systems, and people in place as defense mechanisms.

Read more: Red Team vs. Blue Team Exercises for Web Security | Acunetix 

Static Application Security Testing (SAST) is a testing method used to detect vulnerabilities in web applications by analyzing the source code.

Read more: Definition of SAST – IT Glossary | Gartner 

Software composition analyzers (SCA) are tools that are used to mitigate the risks associated with the use of open-source software. These help promote security, code quality, and license compliance.

Read more: What is Software Composition Analysis and How Does it Work? | Synopsys 

A script kiddie is a novice and immature hacker who is believed to have no regard for ethics held by professional hackers. They lack skills to write malicious codes on their own and therefore use existing codes to attack a system. 

Security-as-a-Service (SECaaS) can be defined as a cloud-based model for outsourcing security services provided on a subscription basis. This can be seen rising in popularity due its advantages like avoiding costs on internal security teams and expertise, capacity to scale security up or down quickly, etc.

Read more: What is Security-as-a-Service? (SECaaS) | Fortinet 

Hardware, software, and firmware of a system that controls access to system resources by implementing basic security procedures.

Read more: Security kernel – Wikipedia 

A type of scanning where vulnerabilities are detected using a database of signatures of vulnerabilities. 

Social engineering, also known as ‘human hacking’, is the act of manipulating a victim so that he discloses sensitive or confidential information that can be used for fraudulent purposes.

Read more: What is social engineering? A definition + techniques to watch for (norton.com)