Understanding the vocabulary and terminology specific to Cybersecurity is absolutely pivotal in helping you protect yourself against cyber attacks and adopting cyber hygiene best practices.
This is why the experts at Menaya have made up a list of the vocabulary that we come across most in Cybersecurity with simple definitions of sometimes difficult terms :
Authentication is a process that ensures and confirms a user’s identity (systems, networks, application).
The process of determining which resources or functions a user, server or application is allowed to access
Advanced Persistent Threat (APT) :
A sophisticated and systematic program of cyberattack deployed to exploit vulnerabilities in a system. Used by experienced hackers, MPAs are designed to bypass all security measures in place and are unique in that they are sustained over long periods of time. The objective is essentially to hijack sensitive and/or confidential data belonging to large corporations or governments.
Application Server :
Device hosting applications for use in a distributed network. This server can contain web servers.
Big Data :
Very large data sets that are characterized by their volume, variety and velocity - also known as the 3Vs. These complex digital data sets are larger, more complex and come from new data sources. They are so large in size and complexity that none of traditional data management tools can efficiently store or process them.
Technology for storing and transmitting information in the form of encrypted and secure data blocks. Blockchain is unique in that it’s totally decentralized.
A set of devices connected to the Internet on which certain tasks are performed. This term usually has a negative connotation because these devices are used by cyber attackers to carry out malicious activities (sending spam, launching DDoS attacks, spreading ransomware, etc.).
Buffer Overflow :
An anomaly in which data is injected that exceeds the size of the buffer, overwriting the code of other applications or processes. This is a common technique used by hackers to compromise the security policy of a system.
Brute Force Attack :
A computer attack that consists of testing, one after the other, all possible combinations of a password or a key to access a service or sensitive data.
A set of computer servers accessible remotely via an Internet network, allowing access to applications and stored data.
A file generated by the server of a website or application visited by the user. It allows a website to store behavioral data for statistical or advertising purposes.
Crime-as-a-Service (CaaS) :
Crime-as-a-service is the practice of experienced cybercriminals selling access to the tools and technical knowledge needed to enable other criminals to carry out malicious attacks.
Cross-Site Scripting (XSS) :
A type of vulnerability in a website that cybercriminals exploit to introduce a malicious script into its content in order to attack users' systems. Hackers can retrieve sensitive information or access users' computers.
Cookie Poisoning ou Cookie Manipulation :
Alteration or modification of cookies by a hacker before sending them back to the server to steal the user's personal information (identity, bank details, etc.).
Common Gateway Interface :
Automated security program that scans for well-known vulnerabilities in web servers and web application software.
Content Spoofing :
A hacking technique used to lure a user to a website that looks legitimate but is actually a copy made by a hacker to get their personal information.
Distributed denial-of-service (DDoS) attack :
A malicious attempt to disrupt normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.
Directory Traversal Attack :
A technique that allows an attacker to access restricted content or files on a Web server.
Internet network using specific protocols to anonymize data and users.
DNS cache poisoning :
A technique that exploits vulnerabilities in a DNS server to transmit fraudulent requests to its users.
Data Leakage :
Inappropriate disclosure of sensitive data. It can be incidental or provoked by a cybercriminal to steal information.
Encoding attack :
A technique that facilitates an attack by altering the format of user-supplied data to bypass verification filters.
Endpoint Detection and Response :
Software based on an emerging technology that detects computer security threats at "EndPoints" (computers, servers, tablets, etc.).
Format String Attack :
A technique that alters the flow of an application by using string formatting library features to access other memory space.
Form Field Manipulation :
Alteration or modification of HTML form field input values or HTTP post data to exploit security flaws within a web application.
Cybersecurity Advisory Committee.
HTTP Request Smuggling :
A security vulnerability that can interfere with the way a website processes sequences of HTTP requests received from one or more users. It allows hackers to bypass security controls or access sensitive data.
A user of a computer or network who seeks ways to bypass its software and hardware protections. He acts to play, to solve a computer security problem (white hat) or to harm, obtain information or money (black hat).
Set of physical components that make up the computer (screen, keyboard, processor, hard disk, etc.).
HTTP (Hypertext Transfer Protocol) :
Transmission protocol allowing user access to web pages through a browser.
HTTP Response Splitting :
Technique that allows an attacker to modify the response received by a web browser. It is usually used to perform a Cross-Site Scripting attack.
IaaS (Infrastructure as a Service) :
A form of Cloud Computing that provides computing resources in a virtualized environment that can be accessed via the Internet. It is one of the 4 Cloud-based categories along with SaaS, PaaS and DaaS.
Programming language and computer platform.
Java Applets :
A program designed using the Java programming language and executed by a Java-enabled web browser.
Script programming language mainly used in interactive web pages.
Lightweight Directory Access Protocol :
Code injection technique that exploits security vulnerabilities in a Web site or application and can reveal sensitive user data or modify the contents of the LDAP directory tree.
Malicious software or programs developed in order to penetrate an Information System without the knowledge of the computer user in order to inflict harm. There are several types of malware: ransomware, spyware, adware, etc.
OS Command Injection :
An attack technique used to exploit websites by executing operating system commands via manipulation of application inputs.
A malicious practice that consists of recovering personal information from an Internet user for fraudulent use. It is a contraction of the words "fishing" and "phreaking" which means hacking into telecommunications systems.
Computer device acting as an intermediary between a private network and an Internet network.
Password Recovery Tool :
An automated process that allows a user to recover or reset his or her password if it is lost or forgotten.
Ransomware malware that holds personal data hostage and demands payment in exchange for restoring access.
Information Systems Security Manager. He/she develops and ensures the implementation of the company's information security policy.
SQL injection :
A cyberattack technique that leverages the features and functionality of a website to consume, commit fraud, or circumvent the site's access controls.
Session Hijacking :
The technique of an attacker taking control of a user's valid session and gaining unauthorized access to data or resources.
Session Authentication :
Data strings provided by a Web server used to identify and authorize a user to carry out a variety of tasks.
Structured Query Language :
Technique consisting of injecting unfiltered code into SQL queries to bypass security controls and access a database.
Server Side Includes :
A technique that allows an attacker to send code into a Web application, which will be executed by the Web server.
Session Replay Attacks :
The technique of exploiting security flaws in a website to reuse old session credentials or session credentials as authorization.
Software as a Service :
A software distribution model that allows users to access applications via the Internet without having to install them on their computer.
Secure Sockets Layer (SSL) :
Old protocol for securing Internet exchanges based on encryption.
Security by design :
Security system integrated directly into the source code of an application or a website.
Spam e-mail sent for advertising purposes to a large number of Internet users without their knowledge or consent.
Transport Layer Security (TLS) :
Replacing the Secure Sockets Layer (SSL) protocol. It is a protocol that ensures the security and confidentiality of communications on the Internet. It is based around three components: authentication, integrity and encryption.
URL Manipulation Attack :
A technique used by hackers that consists of manipulating certain parts of a URL to access web pages that are off limits.
Address of a website or an internet page.
Vulnerability Scanner :
Program designed to detect security flaws in a web application, a system or a network.
Virtual Private Network :
Virtual private network allowing to secure and preserve the confidentiality of the user's internet connection. It protects the user's data and identity by concealing his IP address and allowing him to access secure Wifi access points.
Web Application :
Application interface hosted on a server and that can be accessed through a web browser.
Web Application Security Assessment :
A process for reviewing the security of a web application that looks for design flaws, vulnerabilities and inherent weaknesses.
Web Browser :
Program allowing the user to consult HTLM web pages.
Web Application Firewall (WAF) :
Security device protecting the web application server against attacks.
Web Application Security :
Processes, methods and technologies put in place to protect web applications and services against cyber attacks.
Web Server :
Term designating both the software used to distribute web resources and the computer server (computer) on which the web content is hosted.
Web Service :
Program allowing communication and exchange between web applications and heterogeneous systems.
Zero Trust :
A computer security model that relies on strict control and verification of the identity of each person and device that attempts to access network resources.
Cyber Security Rating
Become a partner