Glossary

access control list (ACL)   A set of permissions associated with an object such as a file or directory.

access point (AP)   A wireless device that enables other wireless devices to connect to a wired network.

Active Directory Federation Services (ADFS)   An authentication and authorization service created by Microsoft that runs on Windows Server.

address space layout randomization (ASLR)   A security technique designed to thwart memory corruption attacks. It randomizes the address space positions for key areas of a process, such as executable space and stack and heap positions.

advanced persistent threat (APT)   Typically describes a determined human attacker in the computing realm.

Apple Push Notification Service (APNS)   A notification service created by Apple that allows third-party applications to send notification data to applications on Apple devices.

application programming interface (API)   A set of routines, tools, and protocols that explains how components of software should interact.

business partnership agreement (BPA)   A contract between two or more businesses that defines the terms of a partnership, including (for example) the nature of the business, contributions from each partner, and their responsibilities to the partnership.

Certificate Authority (CA)   Issuer of digital certificates.

certificate revocation list (CRL)   A list of certificates whose trust has been explicitly revoked by the CA.

commercial off-the-shelf (COTS)   Ready-made and available commercial products that are for sale to the general public.

Common Attack Patterns Enumeration Classification (CAPEC)   A dictionary of known patterns of computer attacks created by MITRE.

Common Gateway Interface (CGI)   A standard for web servers to handle communications with legacy information systems using a command-line-like interface.

Common Internet File System (CIFS)   A file and print service protocol commonly associated with Microsoft operating systems. It is a dialect of SMB.

Common Vulnerabilities Exposures (CVE)   A dictionary of specific, publicly disclosed computer security vulnerabilities hosted by MITRE and sponsored by the U.S. Department of Homeland Security and Cybersecurity and Infrastructure Security Agency.

Common Vulnerability Scoring System (CVSS)   A method of scoring the relative severity of vulnerabilities according to a standard scoring rubric.

Common Weakness Enumeration (CWE)   A dictionary of known software weaknesses maintained by MITRE. Weaknesses are defined as categoric flaws in software that may lead to vulnerabilities.

Computer Emergency Response Team (CERT)   An expert group tasked with improving community response capabilities by responding to and handling security incidents across a broad scope. The term CERT is trademarked, and organizations wishing to use the label must apply for permission through the CERT/CC authorities.

Computer Incident Response Team (CIRT)   A formalized or ad hoc team whose work scope is typically limited to a single organization and who are dedicated to identifying and responding to computer incidents.

cross-origin request scripting (CORS)   A method of using HTTP headers to give web applications access to selected resources even when the resource and running application share different origins.

cross-site request forgery (CSRF)   A web attack that allows an attacker to execute commands by transmitting them from a user the application trusts.

cross-site scripting (XSS)   An application attack that uses application flaws to inject code that is interpreted by the client (often a web browser).

cross-site tracing (XST)   A web application attack that abuses the HTTP TRACE method.

data flow diagram (DFD)   A graphical representation of how data travels through a program or system.

denial of service (DoS)   An attack that renders a host or service unusable.

Distributed Component Object Model (DCOM)   A Microsoft protocol that allows remote execution of COM objects.

Document Object Model (DOM)   A data representation of HTML and XML documents that functions as an API.

Domain Name Service (DNS)   Translates human-readable hostnames into computer-usable IP addresses and vice versa.

dynamic application security testing (DAST)   An outside-in black box security testing approach designed to find vulnerabilities in applications by examining how they work while they are used.

dynamic link library (DLL)   Microsoft’s implementation of shared libraries. Libraries contain code and data that can be used by multiple programs simultaneously.

Dynamic Trunking Protocol (DTP)   A Cisco-proprietary networking protocol for negotiating trunking between DTP-capable devices.

elliptic curve digital signature algorithm (ECDSA)   A digital signature algorithm based on elliptic curve cryptography.

end user license agreement (EULA)   A legal agreement between a software vendor and the user that explains rights and restrictions on use of the software.

external entity (XXE)   An externally referenced XML entity. Typically referred to as part of an XXE attack, which is an attack that attempts to abuse an application that parses XML input.

File Transfer Protocol (FTP)   A plaintext protocol for transferring files between computers.

Generic Routing Encapsulation (GRE)   A network tunneling protocol designed to encapsulate various network-layer protocols in PPTP networks, for example.

Group Policy Object (GPO)   A collection of policy settings for Microsoft systems that is virtually organized into objects.

HTTP Strict Transport Security (HSTS)   A policy enforced by web servers that requires clients to interact with the web server using HTTPS.

Hypertext Markup Language (HTML)   A standardized language for creating web pages. It leverages tags to define elements that control how the data on a web page is displayed and functions.

industrial control systems (ICS)   Systems that are used in industrial processes, often including supervisory control and data acquisition systems (SCADA), distributed control systems (DCS), data acquisition systems, and programmable logic controllers (PLCs).

initialization vector (IV)   An arbitrary value used in data encryption that is designed to prevent repetition of data in encrypted data streams.

input/output (I/O)   Input is the data or other information that is put into a program or system, and output is the data or other information that the program or system produces.

insecure direct object reference (IDOR)   When specially crafted user input allows access directly to objects referenced by applications.

Internet Control Message Protocol (ICMP)   A protocol for error reporting on network devices. This is perhaps best known as the mechanism for ping.

Internet of Things (IoT)   Interconnected devices with sensors, software, and electronics operating in a broad range of environments that are designed to communicate without requiring human-to-human interaction. This can include smart home devices, smart appliances, and even livestock.

intrusion prevention system (IPS)   A security control that operates either at the host or network layer that inspects network traffic for specified patterns of behavior (exploit attempts) and blocks them based on defined configuration.

Japan Computer Emergency Response Team (JPCERT)   Japanese CERT organization formally established in 1996.

Joint Test Action Group (JTAG)   1. A group formed to devise a common standard for manufacturing of integrated circuits (ICs). 2. An industry standard for testing interconnections on printed circuit boards and verifying their designs. 3. A common hardware interface that allows direct communication with chips on a board for testing, debugging, and programming devices such as microcontrollers, FPGAs, and CPLDs.

Link-Local Multicast Name Resolution (LLMNR)   A Microsoft protocol for connecting human-readable hostnames and computer-usable machine identification information. An alternative to DNS.

Local Administrator Password Solution (LAPS)   A Microsoft software solution for randomizing and managing local administrator passwords.

local file inclusion (LFI)   An attack that subverts how an application loads code for execution in order to access files that are locally stored on the server.

Local Security Authority Subsystem Service (LSASS)   The service that supports the Windows subsystem that provides authentication, maintains information about local security policy, and handles system logins.

man in the middle (MITM)   Man-in-the-middle attacks occur when a third party (such as a penetration tester) secretly intercepts, potentially alters, and relays messages between two or more other parties.

master service agreement (MSA)   A contract that establishes the terms of future transactions and agreements between two parties.

mobile device management (MDM)   A security solution that allows administrators to control mobile devices, including enforcing policies, implementing security settings, and controlling data.

multifactor authentication (MFA)   Authentication systems that require more than two pieces of evidence in order to perform authentication.

National Institute of Standards and Technology (NIST)   An agency within the U.S. Department of Commerce whose mission is to promote innovation and industrial competitiveness by advancing standards and technology.

near-field communication (NFC)   A set of proximity-based communication protocols that enables devices to share information when they are within close proximity. Does not require pairing between transmitting and sending devices.

NetBIOS Name Service (NBNS)   A Microsoft protocol for connecting human-readable hostnames and computer-usable machine identification information. An alternative to DNS.

Network Access Control (NAC)   A security mechanism that controls what devices are allowed to connect to a network based on the enforcement of certain criteria at the host or port level.

no operation (NOP)   An assembly-language instruction to do nothing.

nondisclosure agreement (NDA)   A contract between two parties that defines the terms of what information can be shared outside of that partnership and how it can be shared.

open-source intelligence (OSINT)   Publicly available information about a target.

Open Web Application Security Project (OWASP)   A worldwide not-for-profit organization focused on improving software security by releasing articles, producing documentation, and defining methodologies for testing.

operating system (OS)   The central software that controls a host’s basic operation, including hardware management, task management, and networking.

personally identifiable information (PII)   Data that can be used to identify a particular person. Often protected according to legal or regulatory requirements.

point of sale (POS)   The place where a customer executes payment for goods or services. Often refers to specific devices that manage payment card swiping, taps, or chip reading for payment authorization.

PowerShell (PS)   A command-line shell designed for Windows systems administration.

radio frequency ID (RFID)   A wireless communication system that electronically stores information in tags and uses readers to retrieve the information in those tags.

real-time operating system (RTOS)   A specialized operating system designed for time-limited processing.

remote code execution (RCE)   An attack that successfully runs code or commands on a target from a perspective beginning outside of the target host.

Remote Desktop Protocol (RDP)   A Microsoft protocol for GUI-based remote systems management.

remote file inclusion (RFI)   An attack that subverts how an application loads code for execution in order to access files that are stored on a remote server resource.

Remote Procedure Call (RPC)   A distributed computing protocol designed to allow a program to request a service or action from a component hosted on a different host.

Remote Shell (RSH)   A legacy remote administration tool associated with *nix systems.

request for proposal (RFP)   A document that organizations use to solicit responses based on outlined requirements for a project.

rules of engagement (ROE)   A document that outlines what testers are allowed to do in pursuit of testing goals and what they are expressly forbidden from doing during a penetration test.

Secure Copy (SCP)   An encrypted protocol for copying files from host to host.

secure identifier (SID)   A unique value used to identify a user account, group account, or logon session to which an access control entry applies in Windows.

Secure Shell (SSH)   A secure protocol for remote system administration.

Secure Sockets Layer (SSL)   A cryptographic protocol for securing information transmitted between systems on the Internet.

Security Account Manager (SAM)   A registry file containing a database of usernames and password hashes for Microsoft operating systems.

security incident event manager/security incident or security information and event management (SIEM)   A packaged set of tools designed to allow incident responders and administrators to consume, analyze, and manage event information from multiple sources and respond (often automatically) to resolve security incidents. Typically focuses on log management, correlation, alerting, compliance, retention, dashboards, and facilitating analysis.

security operation center (SOC)   Staff and tooling at a dedicated site that are tasked with handling security issues for a company, including monitoring and response coordination for incidents.

Server Message Block (SMB)   A network protocol standard for file, printer, and serial sharing between systems on a network.

service level agreement (SLA)   A documented agreement between parties that outlines terms such as expectations for timelines of delivery, deliverables, performed services, responsibilities, and recourses pertaining to service deliverables.

service principal name (SPN)   In Windows, this is a unique identifier associated with a service. These are used to associate the login account with the service instance in Kerberos.

Set Group ID (SGID)   A *nix access rights flag that permits users to run flagged executable files using the same level of access as another group.

Set User ID (SUID)   A *nix access rights flag that permits users to run flagged executable files using the same level of access as another user.

Simple Certificate Enrollment Protocol (SCEP)   A protocol for public key infrastructure (PKI) to use certificates. Has limited certificate revocation list (CRL) capabilities.

Simple Mail Transfer Protocol (SMTP)   A network protocol for clients and servers to send and receive e-mail.

Simple Network Management Protocol (SNMP)   A plaintext application-level protocol designed to facilitate monitoring and management of networked devices using a series of object identifiers for device reference.

Simple Object Access Protocol (SOAP)   An XML-based messaging protocol.

software development kit (SDK)   A set of tools designed to facilitate the creation of applications for certain software frameworks, hardware platforms, languages, host operating systems, etc.

Spanning Tree Protocol (STP)   A layer 2 networking protocol for network devices designed to build network topology that avoids network looping.

statement of work (SOW)   A project-specific document that sets expectations for the engagement with both parties, including what deliverables are expected, the time frame for the agreement, milestones for payment or delivery, and responsibilities for both parties. Used to handle scope creep.

static application security testing (SAST)   An inside-out white box security testing approach designed to find vulnerabilities in applications by examining application source code, binaries, and byte code.

Structured Query Language (SQL)   A programming language for manipulating databases.

Subject Alternative Name (SAN)   An extension of X.509 that allows multiple fully qualified domain names to be associated with a digital certificate.

supervisory control and data acquisition (SCADA)   A subset of industrial control systems (ICS) that refers to control systems spanning a significant geographical area. These systems gather data on the industrial process and send commands that control the process to other systems designed to implement them.

tactics, techniques, and procedures (TTP)   A description of attack actions in terms of why an attacker does it (tactic), what is done (technique), and how is it done (procedure).

time-based one-time password (TOTP)   A temporary passcode that is algorithmically generated and used for authentication.

Transmission Control Protocol (TCP)   A connection-oriented protocol for network communication that runs on top of the Internet Protocol.

Transport Layer Security (TLS)   A cryptographic protocol for securing information transmitted between systems on the Internet. The successor to SSL.

Trusted Platform Module (TPM)   A specialized hardware chip that stores RSA encryption keys for the device, used for hardware authentication.

User Diagram Protocol (UDP)   A connectionless protocol for network communication that runs on top of the Internet Protocol.

virtual local area network (VLAN)   A set of devices on different LAN segments that are set up to communicate as if attached to the same wire even though they are actually located on a number of different LAN segments. This allows multiple logical networks to exist on a single switch. The idea is to allow network isolation between these segments.

virtual machine (VM)   An image file that behaves like an actual computer on an emulated computer system.

virtual network connection (VNC)   A platform-independent application for GUI-based remote system administration.

virtual private network (VPN)   An encrypted network connection from a device to a network. Designed to enable secure communication from a client to a network over public wires.

Web Application Archive (WAR)   A file type used for making collections of Java files, such as JARs, JSP, servlets, classes, XML files, and others, that make up a web application.

Web Application Description Language (WADL)   A machine-readable description of HTTP-based web services expressed in XML.

web application firewall (WAF)   A security control that monitors and filters web application traffic in order to protect the applications from attacks such as cross-site scripting, injection, and cross-site request forgery, for example.

Web Proxy Auto-Discovery (WPAD)   A protocol to enable clients to automatically configure proxy settings based on using the URL of a Proxy Auto-Config (PAC) file.

Web Services Description Language (WSDL)   Often pronounced “wɪz dəl,” it’s an XML-formatted description of web service interfaces and the functionality they provide.

Wi-Fi Protected Setup (WPS)   A wireless network standard built with consumer networks in mind. Designed to provide easy setup of new devices without requiring entry of long passphrases.

Windows Management Instrumentation (WMI)   Windows-based operating system infrastructure provider for automating administrative tasks on remote computers and managing data for other parts of the operating system and products, for example, WinRM.

Windows Remote Management (WinRM)   A command-line Microsoft remote administration protocol.

Wired Equivalent Privacy (WEP)   A legacy wireless networking protocol that relies on initialization vectors for randomization of encrypted data streams.

XML schema document (XSD)   Associated with the .xsd file extension, these files describe the elements of an XML document: the rules an XML document must conform to in order to be considered valid.