Cybersecurity & Cloud Glossary

A technique to control the number of requests a user or system can make within a time window.

Design principles ensuring color usage is perceivable by people with visual impairments, including color blindness.

A web security vulnerability allowing attackers to interfere with database queries through unsanitized input.

A trial-and-error method of guessing passwords, encryption keys, or credentials by systematically trying all possibilities.

A previously unknown software vulnerability that attackers exploit before the vendor has released a patch or fix.

Continuous Integration and Continuous Deployment - automated practices for building, testing, and releasing software rapidly and reliably.

A scheduled task that runs automatically at specified times or intervals on Unix-like operating systems.

Using software to perform repetitive tasks automatically, reducing manual effort and errors.

An open-source infrastructure-as-code tool that enables teams to define, provision, and manage cloud infrastructure using declarative configuration files.

A character encoding standard using 7 bits to represent 128 characters including letters, numbers, and symbols.

Amazon's comprehensive cloud computing platform offering over 200 services for compute, storage, databases, networking, security, and application development.

Microsoft's cloud computing platform providing integrated services for compute, analytics, storage, networking, AI, and enterprise applications.

A geographically distributed network of servers that cache and deliver web content from locations closest to end users, improving performance and reliability.

An open-source container orchestration platform that automates deployment, scaling, and management of containerized applications across clusters of hosts.

Continuous monitoring and remediation of cloud misconfigurations across accounts, services, and regions.

Security tooling that safeguards cloud-native workloads—containers, serverless functions, and VMs—across build and runtime.

A framework that outlines which security tasks the cloud provider handles versus what the customer must secure.

A collection of independent computers that appear to users as a single coherent system.

A numbering system using 16 symbols (0-9, A-F) commonly used in computing for compact binary representation.

Temporary text or media used in design mockups to represent actual content before it is available.

The process of creating the visual appearance, layout, and user experience of websites and web applications.

A simple substitution cipher that shifts letters by a fixed number of positions in the alphabet.

A mathematical procedure for encrypting and decrypting data to protect confidentiality.

A one-way mathematical algorithm that converts data into a fixed-size string, used for integrity verification and password storage.

Cryptographic protocols that provide secure communication over networks by encrypting data in transit.

An encryption method using the XOR (exclusive or) operation to combine plaintext with a key.

A simple file format for tabular data where each line is a row and columns are separated by commas.

The process of converting data structures into a format that can be stored or transmitted and reconstructed later.

The process of organizing data structure, relationships, and constraints to efficiently store and retrieve information.

Controls that detect and prevent sensitive data from leaving an organization through unauthorized channels.

A vocabulary for annotating and validating JSON documents, defining structure, data types, and constraints.

Techniques to improve database query performance by reducing execution time and resource usage.

Principles and guidelines for combining colors to create visually harmonious and effective designs.

An additive color model using Red, Green, and Blue light to create a spectrum of colors for digital displays.

The art and technique of arranging type to make written language legible, readable, and visually appealing.

A set of rules and protocols that allows different software applications to communicate and exchange data.

A time-based job scheduling syntax using five or six fields to specify when tasks should run.

A computational method for comparing two sets of data and identifying differences between them.

A lightweight data interchange format using human-readable text to represent structured data.

A lightweight markup language that uses plain text formatting to create structured documents.

Pattern-matching syntax used to search, validate, and manipulate text based on rules.

A comparison showing line-by-line or character-by-character changes between two versions of text.

A 128-bit identifier guaranteed to be unique across space and time without central coordination.

The number of seconds elapsed since January 1, 1970 00:00:00 UTC (the Unix epoch).

An HTTP callback that delivers real-time data from one application to another when a specific event occurs.

Email authentication method that uses cryptographic signatures to verify that email content has not been tampered with in transit.

Email validation system that builds on SPF and DKIM to prevent email spoofing and provide reporting on email authentication failures.

Metadata attached to emails that shows routing information, authentication results, and delivery path.

Email authentication method that specifies which mail servers are authorized to send email on behalf of your domain.

A binary-to-text encoding scheme that converts binary data into ASCII characters for safe transmission over text-based protocols.

A mechanism for encoding special characters in URLs using percent signs followed by hexadecimal values.

A file format containing data in binary rather than plain text, requiring specific software to read and interpret.

Unique byte sequences at the start of files that identify the file type, regardless of extension.

Authentication verifies who you are, while authorization determines what you can do.

The policies and technologies used to verify identities, govern permissions, and log access across systems.

An authentication method that requires users to provide two or more verification factors to gain access.

An open standard for delegated access authorization that allows applications to access user resources without exposing credentials.

A framework for securing and auditing accounts with elevated permissions, such as admins, service accounts, and break-glass users.

The process of securely maintaining user state and authentication across multiple HTTP requests.

The hierarchical naming system that translates human-readable domain names into IP addresses.

The process of determining the geographic location of an internet-connected device using its IP address.

A unique hardware identifier assigned to network interfaces for local network communication.

A set of rules defining how data is transmitted and received over a network.

The first three bytes of a MAC address, assigned by IEEE to identify the manufacturer of a network device.

Numerical identifiers (0-65535) used to route network traffic to specific services on a device.

A 32-bit number that divides an IP address into network and host portions for routing.

A public directory that stores registration information for domain names and IP address blocks.

The last segment of a domain name following the final dot, such as .com, .org, or country codes like .uk.

A public logging system that records all SSL/TLS certificates, enabling detection of misissued or malicious certificates.

A framework of policies, processes, and technologies for managing digital certificates and public-key encryption.

A digital certificate standard that binds a public key to an identity, enabling encrypted connections and authentication.

A technique to identify and track users based on unique browser and device characteristics without using cookies.

Financial fines and sanctions imposed for failing to meet regulatory data protection and security requirements.

The General Data Protection Regulation is the EU's comprehensive data privacy law that governs how organizations collect, process, and protect personal data.

The Health Insurance Portability and Accountability Act establishes standards for protecting sensitive patient health information in the United States.

Service Organization Control 2 is an auditing standard for service providers that store customer data, focusing on security, availability, processing integrity, confidentiality, and privacy.

An assessment that identifies critical business processes and quantifies the impact of their disruption.

Insurance coverage that protects organizations against financial losses from cyberattacks and data breaches.

The total financial impact of a security incident, including detection, response, notification, and long-term damages.

A documented, tested approach for detecting, containing, and recovering from cybersecurity incidents.

A globally accessible knowledge base of adversary tactics, techniques, and procedures mapped to the attack lifecycle.

Malware that encrypts systems or exfiltrates data, demanding payment to restore access or prevent disclosure.

The maximum acceptable amount of data loss measured in time, defining how far back systems must be restored after an incident.

The maximum acceptable downtime for a system or service before business impact becomes unacceptable.

A metric that quantifies the financial benefit of security investments relative to their cost.

A systematic process of identifying, analyzing, and evaluating cybersecurity risks to inform treatment decisions.

Deliberately making code difficult to understand to protect intellectual property or hide malicious intent.

The total number of points where an unauthorized user could try to enter data into, or extract data from, an environment.

The practice of granting users and services the minimum access they need to perform their duties.

A security model that assumes breach, requiring continuous verification of every user, device, and workload regardless of location.

A trusted entity that issues, validates, and revokes digital certificates used for secure communications.

A security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.

An encrypted network connection that creates a secure tunnel between a device and a remote network over the internet.

Security software that monitors endpoints for malicious activity, enabling rapid detection and containment.

A security service that combines technology and human expertise to detect, investigate, and respond to threats 24/7.

A platform that ingests security telemetry, correlates events, and surfaces alerts for investigation.

A dedicated function responsible for monitoring, detecting, and responding to cybersecurity threats in real time.

An outsourced executive who provides strategic cybersecurity leadership and governance without the cost of a full-time hire.

The continuous process of identifying, prioritizing, and remediating security weaknesses in systems and applications.

Authorized simulated cyberattacks against systems to identify security vulnerabilities before malicious actors exploit them.

A trustworthiness score assigned to IP addresses based on observed behavior, used to identify malicious traffic.

Malicious software designed to damage, disrupt, or gain unauthorized access to computer systems and data.

A social engineering attack that uses fraudulent communications to trick recipients into revealing sensitive information or installing malware.

Evidence-based knowledge about existing or emerging threats used to inform security decisions and response.

A technique to render URLs and IPs non-clickable by replacing characters, preventing accidental access to malicious sites.

Placeholder text used in design and publishing to demonstrate visual form without meaningful content.

A two-dimensional barcode that stores data in a matrix pattern, readable by cameras and smartphones.

The process of translating time from one geographic timezone to another, accounting for UTC offsets and daylight saving time.

A standardized identifier for publicly disclosed security vulnerabilities in software and hardware.

An attack that tricks a victim into submitting unauthorized requests using their authenticated session.

A web security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users.

A method of representing special characters in HTML using named or numeric references to prevent interpretation as code.

Small pieces of data stored by web browsers, used for session management, personalization, and tracking.

Response headers that enable browser security protections against common web attacks.

A compact, URL-safe token format used to securely transmit claims between parties in web applications.

A security feature that allows browsers to verify that files from CDNs have not been tampered with.

Registering domain names similar to popular sites by exploiting common typing errors to deceive users.

A technique that forwards users from one URL to another, often used for site migrations or link shortening.

A specific URL where an API can be accessed, representing a function or resource in a web service.

Three-digit codes returned by web servers to indicate the result of an HTTP request.

The phenomenon where hyperlinks become permanently unavailable as web pages are moved or deleted.

A web address that specifies the location of a resource on the internet, composed of protocol, domain, path, and optional parameters.

A text string sent by web browsers to identify the browser, operating system, and device to web servers.

A service that creates short aliases for long URLs, making them easier to share and track clicks.