
Glossary
Definitions for every security term that matters: SIEM, EDR, zero trust, and the rest.
373 entries
What is Endpoint Detection and Response? A Practitioner's Definition
Endpoint Detection and Response is a security capability that detects, investigates, and helps contain threats on laptops, servers, and other endpoints.
What is Identity and Access Management? A Practitioner's Definition
Identity and Access Management controls who can access systems, what they can do, and how organizations enforce secure authentication.
What is Network Detection and Response? A Practitioner's Definition
Network Detection and Response is a security capability that analyzes network activity to find threats, investigate incidents, and guide response.
What is Extended Detection and Response? A Practitioner's Definition
Extended Detection and Response, or XDR, unifies telemetry, detection, and response across security tools to improve visibility and speed up triage.
What is Security Information and Event Management? A Practitioner's Definition
Security Information and Event Management centralizes logs, correlates alerts, and helps teams detect, investigate, and respond faster.
Attack Surface Management: Definition, How It Works, and When You’ll Use It
Attack surface management helps organizations find, monitor, and reduce exposed internet-facing assets before attackers can exploit them.
Cyber Threat Intelligence (CTI): Definition, Uses, and Why It Matters
Cyber Threat Intelligence (CTI) is evidence-based information about threats that helps teams prioritize risk, detect attacks, and respond faster.
Security Orchestration (SOAR): Definition, How It Works, and When You Will Encounter It
SOAR helps security teams automate workflows, connect tools, and respond faster to alerts. Learn what it is, how it works, and where it fits.
Threat Intelligence Platform: Definition and How It Works
A threat intelligence platform collects, enriches, and operationalizes threat data so security teams can prioritize risks and act faster.
Zero Trust Network Access (ZTNA): Definition, How It Works, and When You’ll Use It
Zero Trust Network Access is a secure access model that verifies users and devices before granting least-privilege access to apps.
Access Control: Definition, How It Works, and Where You’ll See It
Access control defines who can access what. Learn authentication vs authorization, RBAC/ABAC, policy enforcement, and real-world examples.
Account Takeover (ATO): Definition, How It Works, and How to Respond
Account takeover (ATO) is when attackers gain control of a real account. Learn common ATO methods, detection signals, and response steps.
Active Directory (AD): Definition, How It Works, and Where You’ll Encounter It
Active Directory (AD) centralizes identities, authentication, and Group Policy in Windows domains. Learn how it works and where you’ll encounter it.
Application Security (AppSec): Definition, How It Works, and Where You’ll Encounter It
Application security (AppSec) protects apps and APIs from vulnerabilities across the SDLC with secure design, testing, and runtime controls.
ARP Spoofing: Definition, How It Works, Detection, and Mitigation
ARP spoofing (ARP poisoning) forges IP→MAC mappings to intercept LAN traffic. Learn how it works, how to detect it, and how to stop it.
Attack Surface Management (ASM): Definition, How It Works, and When You’ll Encounter It
Attack Surface Management (ASM) continuously discovers and prioritizes internet-exposed assets so teams can reduce real-world security exposure.
Audit Log: Definition, How It Works, and Why It Matters
An audit log records security-relevant actions (who/what/when/where). Learn how it works, how to protect integrity, and why it matters.
Authentication vs Authorization: What’s the Difference?
Authentication confirms who you are; authorization determines what you can do. Definitions, workflows, examples, and key IAM terms.
The Difference Between Authentication and Authorization
Authentication proves who you are; authorization controls what you can access. Learn flows, examples, IAM terms, and common failures.
Authority To Operate (ATO): Definition, Process, and When You’ll Encounter It
Authority to Operate (ATO) explained: definition, steps, evidence, and when you’ll need one—plus SSP, POA&M, RMF, and monitoring.
Bearer Token: Definition, How It Works, and Where You’ll See It
Bearer tokens are possession-based credentials used in Authorization: Bearer headers. Learn how they work, where they appear, and how to secure them.
Blue Teaming: Definition, How It Works, and When You’ll Encounter It
Blue teaming is defensive security: monitoring, detection, incident response, and hardening. Learn how blue teams work and when you’ll meet them.
Broken Object Level Authorization (BOLA): Definition, Examples, and How to Fix It
Broken Object Level Authorization (BOLA) enables IDOR-style access to others’ data via object IDs. Learn examples, detection, and fixes.
Brute Force Attack: Definition, How It Works, and What to Do About It
A brute force attack repeatedly guesses passwords or keys. Learn the patterns, where it shows up (SSH/RDP/web), and how to stop it.
Business Email Compromise (BEC): Definition, How It Works, and What to Do
Business email compromise (BEC) is targeted email fraud that steals money or data. Learn common scenarios, indicators, and what to do first.
CI/CD Security Hardening Checklist (2026)
CI/CD security hardening checklist to protect runners, secrets, dependencies, artifacts, and deployments with enforceable, auditable controls.
Cisco Vulnerability Management Basics
Cisco vulnerability management basics: track PSIRT advisories, map to inventory, prioritize by exposure, remediate, and verify closure.
Cloud Security Basics: Shared Responsibility & Controls
Cloud security basics: shared responsibility, IAM, logging, encryption, CSPM, and practical steps to secure AWS/Azure/GCP and SaaS.
Cloud Security: Definition, How It Works, When You’ll Encounter It, and Related Terms
Cloud security protects cloud apps, data, and infrastructure using IAM, encryption, posture management, and logging under shared responsibility.
Code Signing: Definition, How It Works, and Where You’ll See It
Code signing uses digital signatures and certificates to prove software integrity and publisher identity. Learn how validation, timestamping, and failures work.
Command and Control (C2): Definition, How It Works, and Why It Matters
Command and Control (C2) is how attackers manage compromised systems. Learn C2 stages, common protocols, and practical detection signals.
Compensating Control in Compliance: Definition, Examples, and When to Use One
Learn what a compensating control is, when auditors accept it, and how to document it for PCI DSS, SOC 2, HIPAA, and ISO 27001.
Compensating Control in Compliance: Definition & Examples
What a compensating control is, when it’s allowed, and how to document equivalency and evidence for PCI, HIPAA, ISO 27001, and audits.
Conditional Access in Microsoft 365: Definition, How It Works, and When You’ll See It
Microsoft 365 Conditional Access evaluates sign-ins and enforces controls like MFA, compliant devices, or blocks based on risk and context.
Confidential Computing: Definition, How It Works, and Where You’ll See It
Confidential computing protects data in use with hardware TEEs, memory encryption, and attestation—reducing host-level cloud risk.
Consent Phishing: Definition, How It Works, and How to Spot It
Consent phishing tricks users into approving malicious OAuth app permissions, enabling mailbox/file access via tokens. Learn signs, impact, and defenses.
Container Image Security Checklist (CI/CD to Kubernetes)
Container image security checklist: harden builds, scan + gate, generate SBOMs, sign images, lock registries, and enforce K8s admission policies.
Container Security Hardening Checklist
Container security hardening checklist for Docker/Kubernetes: secure builds, scan/sign images, enforce least privilege, and monitor runtime threats.
CSPM (Cloud Security Posture Management): Definition, How It Works, and When You’ll Encounter It
CSPM (Cloud Security Posture Management) finds cloud misconfigurations and compliance drift across AWS/Azure/GCP and helps you remediate them.
CSRF (Cross-Site Request Forgery): Definition & Prevention
CSRF tricks a logged-in browser into unwanted actions. Learn how CSRF works and prevent it with tokens, SameSite cookies, and origin checks.
A CVE: Definition, How It Works, and When You’ll Encounter It
A CVE is a public ID for a known vulnerability. Learn how CVE IDs are assigned, where you’ll see them, and how to use them in patching.
Cybersecurity Framework: Definition, How It Is Used, and Examples
A cybersecurity framework organizes security controls and outcomes to manage risk. Learn how it works, where you’ll see it, and key related terms.
DAST: Dynamic Application Security Testing Explained
DAST tests running web apps and APIs for real-world flaws by probing them like an attacker. Learn how it works, where it fits, and limits.
Database Audit Logging Checklist (Security Ready)
Database audit logging checklist: what to log, how to protect logs, retention, SIEM alerts, and pitfalls so investigations don’t stall.
Detection Engineering: Definition, How It Works, and Where You’ll Encounter It
Detection engineering builds, tests, and maintains security detections across SIEM/EDR/cloud to catch threats with low noise and clear response steps.
DevSecOps: Definition, How It Works, When You’ll Encounter It, and Related Terms
DevSecOps embeds security into DevOps using automated CI/CD checks, policy-as-code, and supply-chain controls so teams ship faster and safer.
Digital Forensics: Definition, How It Works, and When You’ll Encounter It
Digital forensics preserves and analyzes digital evidence for incidents, fraud, and legal matters. Learn the process, tools, and key use cases.
DNS (Domain Name System): Definition, How It Works, and Where You’ll See It
DNS translates domain names into IPs and service records. Learn how resolution works, common record types, caching/TTL, and security basics.
DNSSEC: Definition, How It Works, and When You’ll Encounter It
DNSSEC adds cryptographic signatures to DNS to stop spoofed answers. Learn how validation works, common records, and real-world pitfalls.
Dual Stack Networking: Definition, How It Works, and Security Risks
Dual stack networking runs IPv4 and IPv6 together. Learn how it works, where you’ll see it, and the key security risks to mitigate.
Dual Stack Networking: What It Is and What Are the Risks
Dual stack networking runs IPv4 and IPv6 in parallel. Learn how it works, where you’ll see it, and key security risks and mitigations.
Edge Security Hardening Checklist
Edge security hardening checklist for firewalls, VPNs, routers & WAFs—lock down admin access, reduce exposure, log to SIEM, verify configs.
Encryption: Definition, How It Works, and Where You’ll Encounter It
Encryption turns plaintext into ciphertext using keys. Learn how it works (TLS, AES), where you’ll see it, and what to verify in configs.
Endpoint Detection and Response (EDR) Basics
EDR basics: what Endpoint Detection and Response is, how it works, and how teams investigate and respond to endpoint threats.
Evil Twin Attack: Definition, How It Works, and How to Spot It
An evil twin attack is a rogue Wi‑Fi hotspot that mimics a trusted SSID to steal credentials or intercept traffic. Learn the signs and defenses.
FIDO2: What It Is and Why It Matters
FIDO2 enables phishing-resistant login with passkeys or security keys using WebAuthn + CTAP2. Learn how it works, where it’s used, and why it matters.
Forensic Imaging: Definition, Workflow, and When You’ll Need It
Forensic imaging creates a bit-for-bit copy with hashing and chain of custody so investigations analyze evidence without altering originals.
GitOps Security Checklist (Practitioner Guide)
GitOps security checklist for Kubernetes: protect Git, harden CI, sign artifacts, manage secrets, least-privilege controllers, policy-as-code, logging.
Hashing: Definition, How It Works, and Where You’ll See It in Security
Hashing creates a fixed-length fingerprint for integrity checks, password storage, and investigations. Learn how it works and common pitfalls.
Home Network Segmentation Best Practices (Practical Guide)
Home network segmentation best practices: split Trusted/IoT/Guest with VLANs or SSIDs and firewall rules to reduce breach blast radius.
How Role-Based Access Control (RBAC) Works
Learn how RBAC works—users get roles, roles grant permissions—to enforce least privilege across IAM, cloud, SaaS, and Kubernetes.
HTTPS (Hypertext Transfer Protocol Secure)
HTTPS is HTTP over TLS—encrypting web traffic, ensuring integrity, and authenticating sites with certificates. Learn setup, HSTS, and checks.
HTTPS: Definition, How It Works, and Where You’ll See It
HTTPS (HTTP over TLS) encrypts web traffic, authenticates sites with certificates, and prevents tampering. Learn where it appears and how to troubleshoot.
Hypervisor: Definition, How It Does Virtualization & Why It Matters
A hypervisor runs and isolates virtual machines on a host. Learn Type 1 vs Type 2, how virtualization works, and key security practices.
IAM (Identity and Access Management): Definition, How It Works, and Where You’ll Encounter It
IAM (Identity and Access Management) controls who can access what. Learn how IAM works, where it appears, and key related terms.
Identity Attacks Explained
Identity attacks steal or abuse credentials, MFA, and sessions to take over accounts. Learn how they work, where they appear, and key terms.
IDOR (Insecure Direct Object Reference): Definition, How It Works, and Where You’ll See It
IDOR is a broken access control flaw where changing an ID in a URL or API exposes other users’ data. Learn how it works and how to spot it.
Incident Response Checklist for Small IT Teams
Step-by-step incident response checklist for small IT teams: triage, containment, evidence, eradication, recovery, and post-incident actions.
Incident Response for Network Appliances: Definition, Workflow, and Field Guide
Incident response for firewalls, VPNs, routers & NAS: contain safely, preserve configs/logs, verify firmware, hunt persistence, recover clean.
Incident Response for Network Appliances: Definition, Workflow, and Practical Playbooks
Incident response for network appliances: fast scoping, evidence capture, containment, credential rotation, config integrity checks, and recovery playbooks.
Incident Response Fundamentals: Definition, Process, and What to Do First
Incident response fundamentals: define incidents fast, contain impact,preserve evidence, eradicate root cause, recover safely.
Incident Response (IR): Definition, Process, and When You Need It
Incident response is a repeatable process to detect, contain, eradicate,and recover from security incidents—plus lessons learned to prevent repeats.
Incident Response Plan (IRP): Definition, Workflow, and Practical Use
An incident response plan (IRP) is a repeatable playbook to detect, contain, eradicate, and recover from security incidents with clear roles and comms.
Incident Response Planning Checklist (IRP) — Definition, Steps, and Quick Audit List
Incident response plan checklist with roles, runbooks, logging, comms, legal, evidence handling, tabletop tests, and backup readiness.
Insider Threat: Definition, How It Works, and What to Do About It
Insider threat: risk from trusted access. Learn common patterns and practical controls like least privilege, logging, DLP, and offboarding.
What Does an Intrusion Detection System (IDS) Do?
An intrusion detection system (IDS) monitors network/host activity for attacks, generates alerts for investigation, and supports SIEM/SOC workflows.
IOC (Indicator of Compromise): Definition, How It Works, and How to Use It
An IOC is observable evidence of compromise. Learn IOC types, how to use them in SIEM/EDR, and best practices to reduce false positives.
IoT Security Checklist for Small Business
IoT security checklist for small business: inventory, segmentation, hardening, firmware patching, monitoring, vendor risk, and incident response.
IoT Security Hardening Checklist (Practical Guide for 2026)
IoT security hardening checklist for cameras, sensors, gateways: inventory, identity, segmentation, patching, logging, and incident response.
Jump Server (Bastion Host): Definition, How It Works, and Where You’ll See It
A jump server is a hardened gateway for admin access to private systems. Learn how it works, key use cases, and hardening basics.
Jump Server (Bastion Host): Definition, How It Works
A jump server (bastion host) is a hardened gateway for privileged access to private systems. Learn how it works, patterns, and best practices.
KMS (Key Management Service): Definition, How It Works, and Where You’ll See It
KMS centralizes encryption key creation, storage, access control, rotation, and audit logs. Learn how it works and where you’ll see it.
Kubernetes Secrets Management Best Practices
Kubernetes secrets best practices: etcd encryption, least-privilege RBAC, safer mounting, external secret managers, rotation, and auditing.
Lateral Movement: Definition, How It Works, and How to Detect It
Lateral movement is how attackers pivot after initial access. Learn common paths (RDP/SMB/WinRM), what to monitor, and how to stop spread.
Least Privilege IAM Review Checklist (Quick, Practical Guide)
Run a least privilege IAM review: check users, roles, policies, service accounts, and admin paths. Includes verification, evidence, and fixes.
Least Privilege in Cloud Security: Definition, How It Works, and Where You’ll See It
Least privilege in cloud security means granting only the minimum access needed. See how it works in IAM roles, policies, CI/CD, and Kubernetes.
Least Privilege: Definition, How It Works, and Where You’ll See It
Least privilege grants only the access needed—no more. Learn how it works, where it’s used, and practical steps to implement it.
Linux Log Analysis for Security Teams (2026 Guide)
Linux log analysis for security teams: key log sources, fast CLI workflows, detection patterns, and SIEM tips to speed incident response.
Linux Patch Management Best Practices
Linux patch management best practices: risk-based SLAs, staging rings, automation with apt/dnf/yum, verification, and reboot/kernel drift control.
Live Response in Incident Handling: Definition, Workflow, and When to Use It
Live response captures volatile evidence from running systems. Learn the workflow, what to collect first, and when to use it in incidents.
Log Management: Definition, How It Works, and When You’ll Encounter It
Log management centralizes, normalizes, stores, and analyzes logs for troubleshooting, security monitoring, and compliance.
macOS Security Basics for IT Teams
macOS security basics for IT teams: what to enforce with MDM, FileVault, Gatekeeper, SIP/TCC, firewall, and logging—plus practical checks.
Malware: Definition, How It Works, When You’ll Encounter It, and Related Terms
Malware is malicious software that disrupts, spies, or extorts. Learn its lifecycle, common entry points, warning signs, and key related terms.
Malware vs Virus: What’s the Difference?
Malware is any malicious software; a virus is a type that infects files and replicates when they run. Learn how each works and what to do next.
Malware: Definition, How It Works, Where You’ll Encounter It, and Related Terms
Malware is malicious software that steals data, disrupts systems, or enables access. Learn how infections happen, where it appears, and key terms.
Man-in-the-Middle (MITM) Attack: Definition, How It Works, and Where You’ll See It
Man-in-the-middle (MITM) attacks intercept or alter traffic between parties. Learn how they work, where they happen, and how to stop them.
Microsegmentation: Definition, How It Works, and When You’ll Encounter It
Microsegmentation enforces workload-level policies to block lateral movement and control east-west traffic in data centers and cloud.
MITRE ATT&CK and How Teams Use It
Learn what MITRE ATT&CK is, how tactics and techniques work, and how SOC teams use it for detections, hunting, testing, and reporting.
MITRE ATT&CK: Definition, How It Works, and When You'll Encounter It
Learn what MITRE ATT&CK is, how tactics and techniques work, and how SOC, IR, and threat intel teams use it to measure detection coverage.
MITRE ATT&CK and How Teams Use It
MITRE ATT&CK explains attacker behaviors. Learn how SOCs use it for detection mapping, hunting, purple teaming, and IR reporting.
Mobile Incident Response Checklist (IR) — Step-by-Step Guide for Security Teams
Mobile incident response checklist for iOS/Android: contain fast, preserve device+cloud evidence, triage, eradicate, recover, and harden.
Mobile Incident Response Playbook (MIRP): Definition, Steps, and When to Use It
Mobile incident response (MIRP) is a repeatable process to detect, contain, investigate, and recover from iOS/Android incidents.
Multi Factor Authentication (MFA): Definition, How It Works, and Where You’ll See It
Multi factor authentication (MFA) adds 2+ verification factors to prevent account takeovers. Learn methods, best practices, and where MFA is used.
Network Segmentation: What It Is and Why It Matters
Network segmentation isolates zones and limits lateral movement. Learn how it works, where you’ll see it, and practical rule patterns.
The NIST Cybersecurity Framework (CSF): Definition, How It Works, and When You’ll Encounter It
NIST CSF 2.0 explains cyber risk using Govern, Identify, Protect, Detect, Respond, Recover. Learn how it works and when you’ll use it.
NIST SP 800-53 Explained: Controls, Baselines, RMF
Learn what NIST SP 800-53 is, how controls and baselines work, and when you’ll face it in RMF, FISMA, and FedRAMP audits.
OpenID Connect (OIDC): Definition, Flow, and Where You’ll See It
OpenID Connect (OIDC) is an identity layer on OAuth 2.0. Learn the OIDC flow, tokens, endpoints, and where you’ll encounter it in SSO.
OT Incident Response Planning: Process & Practical Steps
OT incident response planning: roles, runbooks, safe containment, and validated recovery for ICS/SCADA incidents without compromising safety.
OT Network Segmentation Basics (Operational Technology)
OT network segmentation basics: define zones and conduits, use an OT DMZ, and reduce lateral movement risk in industrial environments.
Pass-the-Ticket (PtT) Attack: How It Works & Detection
Pass-the-Ticket (PtT) replays stolen Kerberos TGT/TGS tickets to access AD resources without a password. Learn mechanics, logs, and detection.
Passkeys: Definition, How They Work, and Where You’ll See Them
Passkeys replace passwords with phishing-resistant FIDO2/WebAuthn sign-ins using device-bound cryptographic keys. Learn how they work and where used.
Passkeys: Definition, How They Work, and Where You’ll See Them
Passkeys replace passwords with phishing-resistant WebAuthn/FIDO2 sign-ins. Learn how passkeys work, where you’ll see them, and rollout tips.
Password Hashing: Definition, How It Works, and Where You’ll See It
Password hashing stores one-way password verifiers using salts and slow KDFs like Argon2id or bcrypt to resist offline cracking.
Password Manager Security Best Practices (2026 Guide)
Password manager security best practices for 2026: master passphrase, phishing-resistant MFA, vault hardening, monitoring, sharing controls, recovery.
Password Manager: Definition, How It Works, and When You’ll Encounter It
A password manager stores and generates passwords in an encrypted vault. Learn how it works, where you’ll see it, and how to deploy it safely.
Patch Management Best Practices: A Practitioner’s Guide
Patch management best practices: inventory, prioritize, stage rings, automate deployment, verify fixes, and report risk with practical workflows.
Patch Management Best Practices
Patch management best practices: inventory assets, prioritize by exploitability, stage and test releases, deploy safely, and verify with logs.
Penetration Testing: Definition, How It Works, and When You’ll Encounter It
Penetration testing (pen test) explained: definition, steps, deliverables, and when to schedule one to validate real-world security risk.
Phishing: Definition, How It Works, When You’ll Encounter It, and Related Terms
Phishing is a social engineering attack that tricks users into revealing credentials or installing malware. Learn how it works and how to spot it.
Pimcore Security Hardening (Checklist for 2026)
Pimcore security hardening checklist: lock down /admin, enforce MFA/SSO, patch Symfony/PHP deps, secure secrets, add WAF, logging, backups.
Pimcore Security Hardening: Definition, How It Works, When You’ll Encounter It, Related Terms
Pimcore security hardening checklist: lock down /admin, rotate secrets, harden PHP/Symfony, add headers, scan uploads, and monitor logs.
PKI (Public Key Infrastructure): Definition, How It Works, and Where You’ll See It
PKI explained: how digital certificates and CAs work, where PKI is used (TLS, mTLS, VPN, Wi‑Fi), plus lifecycle tips.
Ransomware Response Checklist (IR Quick Guide)
Ransomware response checklist to contain fast, preserve evidence, eradicate, recover safely, and handle comms/notifications.
Red Teaming: Definition, How It Works, When You’ll Encounter It, Related Terms
Red teaming emulates real attackers to test detection and response end-to-end. Learn phases, ROE, reporting, and when it’s worth it.
Remote Code Execution (RCE): Definition, How It Works, and Where You’ll See It
Remote code execution (RCE) lets attackers run commands on a system over a network. Learn common paths, where it appears, and how to respond.
Cybersecurity Risk Management: Definition & How It Works
Cybersecurity risk management identifies, prioritizes, and treats risk using a risk register, scoring, and continuous review.
Risk Management: Definition, How It Works, When You’ll Encounter It
Learn cybersecurity risk management: definition, workflow, risk register basics, and when you’ll use it for audits, vendors, cloud, and incidents.
Rootkit: Definition, How It Works, Where You’ll Encounter It
Rootkit malware hides attacker access by tampering with OS, boot, or firmware. Learn layers, signs, and practical response steps.
Runner Hardening Best Practices
Runner hardening best practices for CI/CD: isolate builds, enforce least privilege, protect secrets, patch, log, and monitor runners.
SAML Definition: SSO Flow, IdP/SP, and Troubleshooting
Learn what SAML is, how IdP↔SP SSO works, what to validate in assertions, and where SAML appears in enterprise identity.
Sandboxing: Definition, How It Works, and Where You’ll Encounter It
Sandboxing isolates untrusted code to reduce malware impact. Learn how it works in browsers, email detonation, EDR, VMs, and containers.
SAST (Static Application Security Testing): Definition, How It Works, and When You’ll Encounter It
SAST (static application security testing) scans code without running it to find flaws early. Learn how it works, CI/CD use, and tips.
SBOM Practical Guide: Definition, How It Works, and When You’ll Encounter It
Learn what an SBOM is, how SPDX and CycloneDX work, and when SBOMs show up in CI/CD, procurement, and vulnerability response.
Secure by Design: Definition, How It Means, and Where You’ll See It
Secure by Design builds security into architecture, code, and defaults from day one. Learn how it works, where you’ll encounter it, and key terms.
Securing Active Directory Environments
Secure Active Directory with practical hardening steps: Tier 0 controls, Kerberos/NTLM monitoring, GPO/ACL auditing, and recovery readiness.
SIEM Hardening Best Practices (2026 Guide)
SIEM hardening best practices to secure ingestion, access, storage, integrations, and audit trails—so attackers can’t blind detection.
SIEM Hardening Best Practices
SIEM hardening best practices: MFA/RBAC, secure log ingestion, tamper-resistant retention, change control, and monitoring to stop SIEM abuse.
SIEM Explained: Definition, How It Works, and Use Cases
Learn what SIEM is, how it ingests and correlates logs, and when you’ll use it for detection, investigations, and compliance.
Single Sign-On (SSO): Definition, How It Works, and Where You’ll See It
Single sign-on (SSO) lets you access many apps with one login. Learn how SAML/OIDC works, where SSO appears, and how to secure it.
Small Business Backup Strategy: Resilience & Recovery
Build a small business backup strategy with clear RPO/RTO, 3-2-1 plus immutable/offsite copies, MFA-protected access, and routine restore tests.
Smishing Defense Best Practices
Smishing defense: how SMS phishing works and how to stop it with MFA hardening, reporting, mobile controls, and incident response steps.
SOC 2 Report Explained: Definition, Types, and How to Read It
SOC 2 is an independent assurance report on a vendor’s controls. Learn Trust Services Criteria, Type I vs Type II, scope, exceptions, and CUECs.
Social Engineering in Cybersecurity: Definition, How It Works, and Where You’ll See It
Learn what social engineering is, how attackers manipulate people, common scenarios, and practical defenses for teams and SMBs.
Software Supply Chain Attack: Definition, How It Works, and What to Do
Learn what a software supply chain attack is, how attackers compromise dependencies and CI/CD, and practical steps to prevent and detect it.
Software Supply Chain Risk Management: Definition & Next Steps
Software supply chain risk management (SSCRM) cuts risk from dependencies and CI/CD with SBOMs, signing, provenance, and pipeline hardening.
Spear Phishing: Definition, How It Works, and How to Spot It
Spear phishing is targeted phishing aimed at a person or team. Learn how it works, common signs, and what to do if you receive one.
SQL Injection Prevention Best Practices
SQL injection prevention best practices: parameterized queries, allowlists, least privilege, safe errors, logging, WAF/RASP, and testing.
SQL Injection (SQLi): Definition, How It Works, and Prevention
SQL injection (SQLi) occurs when untrusted input becomes SQL. Learn how SQLi works, where it appears, and how to prevent and detect it.
Supply Chain Security Basics
Supply chain security basics: how software supply chain attacks happen and the practical controls—SBOMs, signing, CI/CD hardening—to reduce risk.
Third Party Risk Management Basics
Third party risk management basics: tier vendors, assess controls (SOC 2), contract requirements, monitor continuously, and offboard safely.
Third Party Risk Management Best Practices
Practical TPRM best practices: inventory vendors, tier risk, verify controls with evidence, add contract clauses, monitor continuously, and offboard safely.
Third Party Risk
Third party risk is exposure inherited from vendors. Learn how it works, where it shows up, and practical steps to assess and reduce vendor risk.
TLS (Transport Layer Security): Definition, How It Works, and Where You’ll See It
TLS encrypts data in transit for HTTPS, APIs, email, and VPNs. Learn TLS handshakes, TLS 1.3 vs 1.2, certs, mTLS, and hardening tips.
Tokenization: Definition, How It Works, and Where You’ll See It
Tokenization replaces sensitive data with tokens to reduce breach impact and compliance scope. Learn how it works and when to use it.
VPN Definition: How It Works and When You’ll Use It
What a VPN is, how VPN tunneling works, common use cases, and key terms like IPsec, WireGuard, and split tunneling.
VPN Definition: How It Works and When You’ll Use One
A VPN encrypts traffic between your device and a VPN endpoint. Learn how tunnels, routing, DNS, and logs work in real deployments.
Vulnerability Management Best Practices (2026): A Practical Guide
Vulnerability management best practices for 2026: asset coverage, continuous scanning, risk-based prioritization, SLAs, verification, and metrics.
Vulnerability Management Triage Workflow
Practitioner triage workflow to validate vulnerability findings, prioritize risk, assign owners/SLAs, and verify remediation with evidence.
Vulnerability Management: Definition, Process, and Practical Use
Vulnerability management is a continuous loop to find, prioritize, fix, and verify security weaknesses across systems before attackers exploit them.
Vulnerability Scanning: Definition, How It Works, When You’ll Encounter It, and Related Terms
Vulnerability scanning finds known weaknesses in systems and apps. Learn how it works, when to use it, and key related terms.
WAF (Web Application Firewall): Definition, How It Does Works & When You'll See One
A WAF (Web Application Firewall) inspects HTTP/S traffic to block threats like SQLi and XSS. Learn how it works, where it sits, and when you need it.
Web Application Hardening Checklist (Practical Guide)
Web application hardening checklist to secure auth, sessions, headers, TLS, input handling, logging, and deployment with actionable steps.
Web Server Hardening Checklist (2026)
Web server hardening checklist for Nginx, Apache & IIS: cut attack surface, lock TLS/headers, tighten access, monitor logs, and verify.
What a SOC Analyst Does Day to Day: Duties, Workflow, Tools
SOC analyst day-to-day work: SIEM/EDR monitoring, triage, investigation, containment, reporting, and improving detections—plus when you’ll engage a SOC.
What a SOC Analyst Does Day to Day (Security Operations Center)
See what a SOC analyst does daily: monitor alerts, triage, investigate in SIEM/EDR, coordinate containment, and improve detections.
What an Intrusion Prevention System (IPS) Does
An intrusion prevention system (IPS) inspects traffic inline and blocks attacks in real time using signatures, behavior, and policy controls.
What Does a SOC Do? Definition, Workflow, and When You’ll Encounter One
Learn what a SOC does: definition, daily workflow, alerts and escalation, and when you’ll interact with a Security Operations Center.
What Is a SOC? Definition, How It Works, When You’ll Encounter It
A SOC (Security Operations Center) monitors, detects, and responds to threats. Learn how it works, when you need one, and key related terms.
When Does a Security Incident Become a Reportable Data Breach?
Learn when a security incident becomes a reportable data breach, what triggers breach notification, and the first steps to take.
Wiper Malware: Definition, How It Works, and When You’ll Encounter It
Wiper malware destroys data to disrupt operations. Learn how it works, warning signs, where it appears, and what to do first in IR.
WordPress Plugin Security Best Practices (Practical Checklist for Admins)
WordPress plugin security best practices to cut risk: vet plugins, patch fast, enforce least privilege, add WAF, monitoring, and backups.
WPA2: Definition, How It Works, and Where You’ll Encounter It
WPA2 is the Wi‑Fi security standard (802.11i) using AES‑CCMP. Learn WPA2 modes, the 4‑way handshake, and where you’ll see it.
What Is a Bastion Host?
A bastion host is a hardened system used as a controlled entry point for administrative access to private networks or servers.
What Is a Bootkit?
A bootkit is malware that infects the boot process so it runs before the operating system and can evade normal defenses.
What Is a Botnet?
A botnet is a network of compromised devices controlled by an attacker to launch DDoS attacks, send spam, steal data, or spread malware.
What Is a Buffer Overflow?
A buffer overflow happens when a program writes past a buffer’s limit, causing crashes, memory corruption, or possible code execution.
What Is a Business Continuity Plan?
A business continuity plan documents how an organization keeps critical operations running during and after disruptions.
What Is a CAA Record?
Learn what a CAA record is, how it controls TLS certificate issuance, and why it matters for DNS and domain security.
What Is a Captive Portal?
A captive portal is a network access page that requires login, acceptance, or payment before granting internet access.
What Is a Cloud Workload Protection Platform?
A CWPP secures cloud workloads like VMs, containers, and servers with visibility, policy enforcement, and threat detection.
What Is a Digital Signature?
A digital signature verifies who signed data and whether it was altered, using public-key cryptography and certificate trust.
What Is a Drive-By Download?
A drive-by download is malware delivered when a user visits a compromised or malicious site, often without clear consent.
What Is a Golden Ticket?
A Golden Ticket is a forged Kerberos ticket that can give attackers persistent, high-privilege access in Active Directory.
What Is a Jump Server?
A jump server is a hardened intermediary system used to control and monitor administrative access to sensitive internal systems.
What Is a Logic Bomb?
A logic bomb is malicious code that stays dormant until a condition is met, then triggers harmful actions like deletion or disruption.
What Is a Penetration Test?
A penetration test is an authorized security assessment that simulates real-world attacks to find and validate exploitable weaknesses.
What Is a Race Condition?
A race condition is a flaw where system behavior depends on timing, allowing unintended actions when operations occur out of order.
What Is a Reproducible Build?
A reproducible build produces the same output from the same source and build environment, helping verify software integrity.
What Is a Rogue Access Point?
A rogue access point is an unauthorized Wi-Fi device that can expose a network to interception, abuse, or unauthorized access.
What Is a Route Leak?
A route leak is the improper advertisement of internet routes, causing traffic to take unintended paths and creating outages or instability.
What Is a Service Mesh?
A service mesh manages, secures, and observes service-to-service communication in distributed applications.
What Is a Sidecar Proxy?
A sidecar proxy is a helper proxy that runs alongside an app instance to handle network traffic, security, and observability.
What Is a Supply Chain Attack?
Learn what a supply chain attack is, how vendor and software trust is abused, and why third-party risk matters to defenders.
What Is a Tabletop Exercise?
A tabletop exercise is a discussion-based simulation used to test how teams would respond to a cyber incident or business disruption.
What Is a Trojan?
A Trojan is malware disguised as legitimate software to trick users into running it and giving attackers access or control.
What Is a Trusted Execution Environment?
A Trusted Execution Environment is a hardware-isolated area that protects sensitive code and data from the rest of the system.
What Is a Watering Hole Attack?
A watering hole attack compromises a trusted website to infect, exploit, or steal credentials from a specific target group.
What Is a Web Application Firewall?
A web application firewall filters and monitors HTTP traffic to help block attacks against websites, web apps, and APIs.
What Is a Zero Day?
A zero day is a software vulnerability unknown to the vendor or unpatched when attackers begin exploiting it.
What Is ABAC?
ABAC is an access control model that grants or denies access based on attributes like user, device, data, and context.
What Is Adware?
Learn what adware is, how it works, when you'll encounter it, and the related security terms IT teams should know.
What Is Air Gapped Backup?
An air gapped backup is isolated from production systems so attackers cannot easily encrypt, delete, or tamper with recovery data.
What Is an Amplification Attack?
An amplification attack is a DDoS technique that uses third-party servers to multiply traffic and overwhelm a target.
What Is an Audit Log?
An audit log records user and system activity to support investigations, detection, accountability, and compliance.
What Is an HSM?
An HSM is a hardware security module: a dedicated device that generates, stores, and uses cryptographic keys with strong protection.
What Is an Immutable Log?
An immutable log is a tamper-resistant record that cannot be altered or deleted, helping preserve evidence and audit integrity.
What Is an Indicator of Compromise?
Learn what an indicator of compromise is, common IOC examples, how teams use IOCs for detection and incident response, and where IOC limits matter.
What Is an IOC?
An IOC, or indicator of compromise, is evidence that suggests a system, account, or network may have been breached or abused.
What Is an Out-of-Band Patch?
An out-of-band patch is an urgent update released outside the normal patch cycle to fix critical security or stability issues.
What Is Anonymization?
Learn what anonymization is, how data anonymization works, where re-identification risk remains, and how it differs from pseudonymization.
What Is ARM TrustZone?
Learn what ARM TrustZone is, how it creates a secure world on ARM devices, and where it is used for keys, boot, biometrics, and device security.
What Is Asymmetric Encryption?
Asymmetric encryption uses a public and private key pair to encrypt data, verify identity, and secure communications.
What Is Backup?
A backup is a separate copy of data kept so files and systems can be restored after deletion, corruption, hardware failure, or attack.
What Is BGP Hijacking?
BGP hijacking is the unauthorized announcement of IP routes that diverts, intercepts, or blackholes internet traffic.
What Is Blue Team?
Blue Team is the defensive side of cybersecurity, responsible for detection, prevention, response, and resilience across an organization.
What Is Bot Management?
Bot management identifies and controls automated traffic so websites and APIs can block abusive bots without disrupting legitimate use.
What Is Broken Access Control?
Learn what broken access control is, how authorization flaws work, and why they can expose data, admin functions, and other users' records.
What Is CASB?
CASB stands for Cloud Access Security Broker, a control point that enforces security policies across cloud apps and SaaS usage.
What Is CCPA?
CCPA is a California privacy law that gives residents rights over personal information and requires covered businesses to provide disclosures and response processes.
What Is Certificate Pinning?
Certificate pinning is a technique that restricts which certificates or keys an app will trust for a specific service or domain.
What Is Chain of Custody?
Chain of custody is the documented record of how evidence is collected, handled, transferred, and protected to preserve integrity.
What Is Clickjacking?
Learn what clickjacking is, how it tricks users into unintended clicks, common risks, and the browser defenses that help stop it.
What Is Cloud Infrastructure Entitlement Management?
CIEM helps organizations discover, analyze, and reduce excessive cloud permissions across identities, roles, and workloads.
What Is Cloud Security Posture Management?
Cloud Security Posture Management helps teams find and fix cloud misconfigurations, policy drift, and compliance gaps.
What Is Command Injection?
Command injection is a vulnerability that lets attacker input execute system commands on a server or application host.
What Is Containerization?
Containerization packages applications with dependencies so they run consistently across environments using OS-level isolation.
What Is Credential Stuffing?
Credential stuffing is an automated attack that uses stolen username-password pairs to log into other accounts.
What Is Cross-Site Scripting?
Cross-site scripting, or XSS, is a web vulnerability that lets attackers run malicious scripts in a user's browser.
What Is Cryptojacking?
Learn what cryptojacking is, how it works, where it appears, and the key security terms related to unauthorized crypto mining.
What Is CSRF?
CSRF is an attack that tricks a logged-in user's browser into sending unauthorized requests to a trusted web application.
What Is CVSS?
CVSS is a standard scoring system used to rate the severity of software vulnerabilities based on exploitability and impact.
What Is CWE?
CWE is a catalog of software and hardware weakness types used to classify common security flaws and improve remediation.
What Is Data Classification?
Learn what data classification is, how labels work, and why organizations use them to protect sensitive data and enforce access controls.
What Is Data Residency?
Data residency is the requirement or practice of storing and processing data in a specific geographic jurisdiction.
What Is Data Sovereignty?
Data sovereignty means data is subject to the laws of the country where it is stored, processed, or controlled.
What Is DDoS?
Learn what DDoS is, how it works, common attack types, and how security teams reduce denial-of-service risk.
What Is Defense in Depth?
Learn what defense in depth is, how layered security works, when teams use it, and the related terms every security program should know.
What Is Dependency Confusion?
Dependency confusion is a supply chain attack where public packages are mistaken for internal ones and installed by build systems.
What Is Differential Privacy?
Differential privacy is a method for analyzing data while limiting what can be learned about any one individual.
What Is Disaster Recovery?
Disaster recovery is the process of restoring systems, data, and operations after an outage, attack, or other disruptive event.
What Is Disk Forensics?
Disk forensics is the analysis of storage media to recover, preserve, and investigate digital evidence from files and system artifacts.
What Is DLP?
Learn what DLP is, how Data Loss Prevention works, and how teams protect sensitive data from leaks, misuse, and exfiltration.
What Is DNS over HTTPS?
DNS over HTTPS encrypts DNS lookups inside HTTPS traffic to improve privacy and reduce visibility into queried domains.
What Is DNS over TLS?
DNS over TLS encrypts DNS queries between a device and resolver to improve privacy and reduce network interception.
What Is DNS Spoofing?
DNS spoofing tricks systems into resolving a domain to the wrong IP address, often redirecting users to malicious sites.
What Is DNS Tunneling?
DNS tunneling abuses DNS queries and responses to move data or command traffic through networks that would otherwise block it.
What Is DoS?
Learn what DoS is, how it works, when teams encounter it, and the key terms related to denial-of-service attacks.
What Is Dynamic Application Security Testing?
DAST tests a running application from the outside to find exploitable web security flaws such as injection and auth issues.
What Is eBPF?
Learn what eBPF is, how it works in Linux, and why teams use it for observability, runtime security, and Kubernetes visibility.
What Is EDR? A Practitioner's Definition
EDR monitors endpoints for threats, records activity, and enables rapid response. Learn how it works and when you'll encounter it.
What Is EDR?
Learn what EDR is, how it works, when teams use it, and the key security terms related to endpoint detection and response.
What Is Envelope Encryption?
Envelope encryption protects data with a data key that is itself encrypted by a master key, improving scale and key management.
What Is Evil Twin?
Learn what an evil twin attack is, how fake Wi-Fi hotspots steal data, and how to reduce risk on public and guest networks.
What Is FedRAMP?
FedRAMP is the U.S. program for standardizing security assessment and authorization of cloud services used by federal agencies.
What Is FISMA?
Learn what FISMA is, who it applies to, how it works with NIST RMF, and why it matters for federal agencies and contractors.
What Is GDPR?
GDPR is the EU privacy law that governs how organizations collect, use, secure, and manage personal data.
What Is Hashing?
Learn what hashing is, how cryptographic hashes work, and why hashing matters for integrity checks, password storage, and security workflows.
What Is Heap Spray?
Learn what heap spray is, how this memory exploitation technique works, and why it appears in browser exploits and code execution attacks.
What Is HIPAA?
Learn what HIPAA is, who it applies to, what PHI means, and how the law affects healthcare privacy, security, and breach response.
What Is HMAC?
HMAC is a cryptographic method that uses a secret key with a hash function to verify message integrity and authenticity.
What Is Homomorphic Encryption?
Homomorphic encryption lets systems compute on encrypted data without decrypting it first, reducing exposure during processing.
What Is HSTS?
HSTS is an HTTP security policy that tells browsers to use HTTPS only and reject insecure downgrade attempts.
What Is Incident Response Plan?
Learn what an incident response plan is, how it works, and why organizations use it to contain, investigate, and recover from cyber incidents.
What Is Insecure Deserialization?
Insecure deserialization is a flaw where untrusted serialized data is processed, leading to tampering, privilege abuse, or code execution.
What Is Insecure Direct Object Reference?
Insecure Direct Object Reference is an access control flaw where users can access records or actions by changing an identifier.
What Is Intel SGX?
Intel SGX is a hardware feature that creates protected memory enclaves so sensitive code and data can run in isolation.
What Is Interactive Application Security Testing?
Learn what IAST is, how interactive application security testing works, and how it compares with SAST and DAST in AppSec programs.
What Is ISO 27001?
ISO 27001 is an international standard for building, operating, and improving an information security management system.
What Is Just-in-Time Access?
Learn what just-in-time access is, how JIT access works, and why time-limited admin rights reduce standing privilege risk.
What Is JWT?
JWT is a JSON Web Token, a signed token used to carry claims for authentication, authorization, and API access.
What Is K-Anonymity?
K-anonymity is a privacy method that makes each record indistinguishable from at least k-1 others based on identifying attributes.
What Is Kerberoasting?
Kerberoasting is an Active Directory attack that extracts service tickets for offline password cracking of service accounts.
What Is Key Management Service?
Learn what a Key Management Service is, how KMS protects encryption keys, and why key rotation and access control matter.
What Is Kubernetes Security Posture Management?
Learn what Kubernetes Security Posture Management is, how KSPM works, and how it helps find misconfigurations and risky permissions.
What Is Lateral Movement?
Lateral movement is when an attacker moves from one compromised system to others to expand access, reach targets, and deepen control.
What Is Living off the Land?
Living off the land is an attacker technique that abuses legitimate system tools and built-in features to evade detection.
What Is Log Aggregation?
Log aggregation collects logs from many systems into one place for search, monitoring, troubleshooting, and security analysis.
What Is Log Retention?
Log retention is the practice of keeping security and system logs for a defined period to support investigations, compliance, and operations.
What Is Malvertising?
Malvertising is the use of online ads to deliver scams, redirects, or malware through advertising and sponsored search results.
What Is Man in the Middle?
A man-in-the-middle attack intercepts or alters communications between two parties without their knowledge.
What Is MDR? A Practitioner's Definition
MDR delivers 24/7 threat detection and response as a managed service. Learn how it works, what it includes, and when your organization needs it.
What Is MDR?
Learn what MDR is, how it works, when organizations use it, and the key security terms related to managed detection and response.
What Is Measured Boot?
Measured Boot records each startup stage so systems can detect tampering and verify boot integrity with TPM-backed evidence.
What Is Memory Forensics?
Memory forensics is the analysis of a system’s RAM to find malware, attacker activity, credentials, and other volatile evidence.
What Is MITRE ATT&CK?
MITRE ATT&CK is a knowledge base of attacker tactics and techniques used to map threats, detections, and security gaps.
What Is mTLS?
mTLS, or mutual TLS, authenticates both client and server with certificates to secure APIs and service-to-service traffic.
What Is Multi-Factor Authentication?
Learn what multi-factor authentication is, how MFA works, common methods, and why it helps reduce account takeover risk.
What Is N-day?
An N-day vulnerability is a known flaw with public disclosure or a patch available, but many systems remain unpatched and exposed.
What Is Network Forensics?
Learn what network forensics is, how investigators analyze traffic and logs, and why it matters for incident response and threat hunting.
What Is NIST CSF?
NIST CSF is a cybersecurity framework that helps organizations organize, assess, and improve security risk management.
What Is OAuth?
OAuth is an authorization framework that lets apps access specific resources without sharing your password.
What Is OIDC?
Learn what OIDC is, how OpenID Connect works with OAuth 2.0, and why it matters for SSO, identity providers, and authentication.
What Is OPA?
OPA, or Open Policy Agent, is a policy engine used to enforce rules across cloud-native apps, APIs, and infrastructure.
What Is Open Redirect?
An open redirect is a web flaw that lets attackers send users from a trusted site to a malicious destination via a manipulated URL.
What Is OTP?
OTP stands for one-time password, a code valid for one login or transaction and commonly used in multi-factor authentication.
What Is Pass the Hash?
Learn what Pass the Hash is, how attackers use stolen hashes in Windows environments, and why PtH matters for lateral movement.
What Is Pass the Ticket?
Pass the Ticket is a Kerberos attack where a stolen valid ticket is reused to access systems without knowing the user's password.
What Is Passkey?
Learn what a passkey is, how passwordless sign-in works, and why passkeys are phishing-resistant alternatives to passwords.
What Is Password Spraying?
Password spraying is an attack that tries a few common passwords across many accounts to avoid lockouts and gain access.
What Is Patch Tuesday?
Learn what Patch Tuesday is, how Microsoft’s monthly update cycle works, and why IT and security teams plan patching around it.
What Is Path Traversal?
Path traversal is a vulnerability that lets attackers access unintended files or directories by manipulating file paths.
What Is PCI DSS?
PCI DSS is a security standard for organizations that store, process, or transmit payment card data.
What Is PCI Tokenization?
PCI tokenization replaces payment card data with non-sensitive tokens to reduce exposure and simplify cardholder data protection.
What Is Pepper?
A pepper is a secret value added to password hashing to make stolen password hashes harder for attackers to crack.
What Is PKI?
PKI, or Public Key Infrastructure, is the framework used to issue, manage, and trust digital certificates and encryption keys.
What Is Privilege Escalation?
Privilege escalation is when a user, process, or attacker gains higher permissions than originally intended on a system or network.
What Is Privileged Access Management?
Privileged Access Management secures admin accounts, credentials, and elevated sessions to reduce misuse, theft, and lateral movement.
What Is Pseudonymization?
Pseudonymization replaces identifying data with tokens or aliases so records are less directly attributable to a person.
What Is Purple Team?
Purple teaming is a collaborative security exercise where offensive and defensive teams work together to improve detection and response.
What Is Ransomware?
Learn what ransomware is, how it spreads, how attacks unfold, and the security terms teams should know for prevention and response.
What Is RBAC?
RBAC, or role-based access control, assigns permissions by job role so users get the access they need and no more.
What Is Red Team?
Learn what a red team is, how red teaming works, and how it tests security defenses, detection, and incident response.
What Is Return-Oriented Programming?
Return-oriented programming is an exploit technique that chains existing code snippets to execute attacker-controlled logic without injecting new code.
What Is Right to Be Forgotten?
The right to be forgotten lets people request deletion of certain personal data when there is no valid reason to retain it.
What Is RPO?
RPO, or Recovery Point Objective, defines how much data loss an organization can tolerate after an outage or cyber incident.
What Is RTO?
Learn what RTO is, how Recovery Time Objective works, and why it matters for disaster recovery, downtime planning, and business continuity.
What Is Runtime Application Self-Protection?
RASP helps a running application detect and block attacks from inside the app using runtime context.
What Is Salting?
Salting adds unique random data to passwords before hashing so identical passwords do not produce identical stored hashes.
What Is SAML?
SAML is an identity standard that lets users sign in once and access multiple apps using trusted authentication assertions.
What Is Secrets Management?
Secrets management secures API keys, passwords, tokens, and certificates through controlled storage, access, rotation, and auditing.
What Is Secure Boot?
Secure Boot is a startup security feature that allows a device to load only trusted, signed boot software during startup.
What is SIEM? A Practitioner's Definition
SIEM collects, correlates, and alerts on security event data across your environment. Learn how it works and when you'll encounter it.
What Is SIEM?
Learn what SIEM is, how it works, when teams use it, and the related security terms you should know.
What Is Silver Ticket?
Learn what a Silver Ticket is, how forged Kerberos service tickets work, and why this Active Directory attack matters for defenders.
What Is Smishing?
Learn what smishing is, how SMS phishing works, when it appears, and the related security terms teams should know.
What Is SOAR?
Learn what SOAR is, how security orchestration, automation, and response works, and where security teams use it every day.
What Is SOC 2?
SOC 2 is an attestation framework for how organizations design and operate controls around security and related trust criteria.
What Is Software Composition Analysis?
Software Composition Analysis identifies open-source components, licenses, and known risks in application dependencies.
What Is SOX?
SOX is a U.S. law requiring public companies to maintain and test internal controls over financial reporting.
What Is Spear Phishing?
Learn what spear phishing is, how it works, when it appears, and the related security terms teams should know.
What Is Spyware?
Learn what spyware is, how it works, where it appears, and the related security terms teams should know.
What Is SQL Injection?
SQL injection is a web attack that inserts malicious SQL into an application query to read, change, or delete database data.
What Is SSO?
SSO lets users sign in once to access multiple applications, reducing password sprawl and centralizing authentication.
What Is SSRF?
Learn what SSRF is, how Server-Side Request Forgery works, why cloud metadata is at risk, and how teams reduce internal exposure.
What Is Static Application Security Testing?
SAST analyzes source code or binaries for security flaws before deployment, helping teams catch issues earlier in development.
What Is Subdomain Takeover?
Subdomain takeover is when an attacker claims an unassigned service behind a live DNS record and gains control of that subdomain.
What Is Symmetric Encryption?
Symmetric encryption uses one secret key to encrypt and decrypt data, making it fast for protecting data at rest and in transit.
What Is Threat Hunting?
Threat hunting is the proactive search for hidden attacker activity in an environment using hypotheses, telemetry, and investigation.
What Is Threat Intelligence?
Threat intelligence is evidence-based information about threats, attackers, and tactics used to improve security decisions and response.
What Is TLS?
Learn what TLS is, how it protects data in transit for HTTPS, APIs, and email, and why certificates and encryption matter.
What Is TOCTOU?
TOCTOU is a race condition where a system checks a resource, then uses it later after conditions have changed.
What Is TOTP?
TOTP is a time-based one-time password used as a second login factor, generating short-lived codes from a shared secret and time.
What Is Trojan Malware?
Learn what Trojan malware is, how it works, when teams encounter it, and the related security terms you should know.
What Is TTP?
TTP stands for tactics, techniques, and procedures: the behavioral patterns security teams use to understand how attackers operate.
What Is Typosquatting?
Typosquatting is the use of misspelled or lookalike domains to trick users into visiting malicious or deceptive websites.
What Is UEBA?
UEBA uses behavior analytics to identify unusual activity by users and devices that may indicate compromise or misuse.
What Is Virtualization?
Learn what virtualization is, how virtual machines and hypervisors work, and why virtualization matters for IT operations and security.
What Is Vishing?
Learn what vishing is, how voice phishing works, when it appears, and the related security terms IT and security teams should know.
What Is VLAN Hopping?
VLAN hopping is a network attack that lets traffic reach a different VLAN than intended by abusing switch configuration or tagging behavior.
What Is Volatile Data?
Volatile data is short-lived system data, such as RAM contents and active connections, that can disappear when a device powers off.
What Is Vulnerability Assessment?
A vulnerability assessment identifies, prioritizes, and reports security weaknesses in systems, software, and configurations.
What Is WebAuthn?
WebAuthn is a web authentication standard that enables phishing-resistant sign-in using security keys, biometrics, or device-based passkeys.
What Is Whaling?
Learn what whaling is, how executive phishing works, when it appears, and the related security terms teams should know.
What Is WORM Storage?
WORM storage is write once, read many storage that prevents data from being altered or deleted for a defined retention period.
What Is Worm?
Learn what a computer worm is, how it spreads, when teams encounter it, and the related malware terms security teams should know.
What Is WPA3?
WPA3 is a Wi-Fi security standard that improves wireless authentication and encryption over WPA2 for home, business, and public networks.
What Is XDR?
Learn what XDR is, how it works, when teams use it, and the key security terms related to extended detection and response.
What Is XXE?
XXE is an XML parsing flaw that can let attackers read files, trigger server-side requests, or disrupt applications.
What Is Zero Trust?
Learn what Zero Trust is, how it works, when organizations use it, and the key terms behind this security model.