Cyber Security Glossary
Penetration testing & cyber security terms explained
A
Active Directory
Microsoft's directory service for managing identities, authentication, computers, groups, and permissions across a Windows domain. It is usually the core access control system for an enterprise network.
Read moreAPI (Application Programming Interface)
A set of protocols and tools for building software applications, often a target for attackers and penetration testing.
Read moreAssumed Breach
A security testing approach that starts from the position that an attacker already has an initial foothold inside the environment, and focuses on what they could do next.
Read moreAttack Surface
The complete set of points across an organisation's systems, networks, and applications through which an attacker could attempt to gain unauthorised access or cause harm.
Read moreB
Black Box Testing
Testing conducted with no prior knowledge of the target system, simulating an external attacker's perspective.
Read moreBlue Team
The defensive security team responsible for detecting and responding to attacks (often tested by the Red Team).
Read moreBroken Authentication
A class of security flaws that allow attackers to bypass, weaken, or abuse the processes used to verify a user's identity.
Read moreBrute Force
An attack method that tries many possible passwords, keys, or input combinations until the correct one is found. In authentication attacks, it usually means repeated guessing against a single account or login surface.
Read moreBusiness Logic Vulnerability
A flaw in how an application implements a business process, allowing actions that technically follow the workflow but violate the intended rules or controls of the system.
Read moreC
CORS (Cross-Origin Resource Sharing)
A mechanism that defines whether access to resources on a web page can be requested from another domain.
Read moreCredential Stuffing
An authentication attack that uses username and password pairs stolen from other breaches to try to gain access to user accounts on a different service.
Read moreCSRF (Cross-Site Request Forgery)
A web attack that tricks a user's browser into sending a request they did not intend, causing actions to be performed using that user's existing session.
Read moreCVE (Common Vulnerabilities and Exposures)
A standardised catalogue of publicly disclosed security vulnerabilities, each assigned a unique identifier so that organisations, vendors, and researchers can refer to the same issue without ambiguity.
Read moreCVSS (Common Vulnerability Scoring System)
A standardised method for rating the severity of security vulnerabilities on a scale of 0.0-10.0.
Read moreI
IDOR (Insecure Direct Object Reference)
An access control flaw where an application uses a user-supplied identifier to reference an internal object, but fails to verify that the user is authorised to access it.
Read moreInformation Disclosure
A vulnerability that exposes sensitive information to someone who should not be able to access it, whether through an application, API, server response, or supporting infrastructure.
Read moreISO 27001
An international standard for establishing, maintaining, and continually improving an information security management system, or ISMS.
Read moreL
Lateral Movement
The techniques an attacker uses to progressively move through a network after gaining initial access, reaching additional systems and accumulating access to higher-value targets.
Read moreLLMNR - Link Local Multicast Name Resolution
LLMNR (Link-Local Multicast Name Resolution) is a network protocol that provides name resolution if DNS is unable to provide an authoritative response.
Read moreM
Mass Assignment
An application security flaw where a framework automatically binds user-supplied input to internal object properties, allowing attackers to set fields they were never meant to control.
Read moreMITRE ATT&CK
A publicly available knowledge base of real-world adversary tactics, techniques, and procedures used to describe how attacks happen across enterprise, cloud, and other environments.
Read moreO
OSCE / OSCE3 (OffSec Certified Expert)
An advanced offensive security certification from OffSec. The current version, OSCE3, requires candidates to pass three separate advanced-level practical examinations covering exploit development, advanced evasion and post-exploitation, and advanced web application attacks.
Read moreOSCP (OffSec Certified Professional)
A hands-on penetration testing certification from OffSec, widely regarded as the industry-standard baseline qualification for offensive security practitioners.
Read moreOSINT (Open Source Intelligence)
The collection and analysis of information from publicly available sources to build intelligence about a target. Used by both attackers to plan intrusions and defenders to understand their own exposure.
Read moreOWASP (Open Worldwide Application Security Project)
A nonprofit foundation that produces freely-available articles, methodologies, and tools for web and application security.
Read moreP
Pass-the-Hash
An attack technique that allows an attacker to authenticate using an NTLM password hash instead of the plaintext password, enabling movement across Windows systems without cracking the credential first.
Read morePassword Spraying
A login attack that tries a small number of common passwords against many accounts, reducing the chance of account lockout while still identifying weak credentials at scale.
Read morePath Traversal
A vulnerability that allows an attacker to access files or directories outside the intended location by manipulating filesystem paths used by an application.
Read morePCI DSS
The Payment Card Industry Data Security Standard. A security standard that applies to organisations that store, process, or transmit payment card data, and to systems that can affect the security of that environment.
Read morePenetration Testing (Pentest)
A simulated cyber attack against your systems to identify exploitable vulnerabilities. Unlike vulnerability assessments, penetration testing involves active exploitation to demonstrate real-world impact.
Read morePrivilege Escalation
The process by which an attacker gains a higher level of system access than they were originally granted, typically moving from a standard user account to administrator or SYSTEM-level privileges.
Read morePTaaS (Penetration Testing as a Service)
Continuous penetration testing that is delivered through a subscription model to provide ongoing security assessments rather than point-in-time tests.
Read morePTES (Penetration Testing Execution Standard)
The Penetration Testing Execution Standard (PTES) defines seven phases for conducting penetration tests. Here's what each phase involves in practice.
Read morePurple Team
A collaborative approach where the Red Team and Blue Team work together to improve both offensive and defensive capabilities.
Read moreR
Reconnaissance
The initial phase of an attack in which an attacker gathers information about a target organisation, its systems, and personnel in order to identify potential entry points before attempting any exploitation.
Read moreRed Team
An authorised group of security professionals that simulate real-world attacks against an organisation to assess detection and response capabilities. More realistic than standard penetration testing.
Read moreRules of Engagement (RoE)
The approved guidelines for conducting a penetration test, including techniques that are authorised during testing, testing windows and timeframes, and and escalation contacts and procedures.
Read moreS
Scope
The defined boundaries of a penetration test, including which systems, networks, or applications will be tested and what methods are authorised.
Read moreSession Hijacking
An attack in which an attacker takes over a valid user session by obtaining or abusing the session token that identifies the user to the application.
Read moreSubdomain Takeover / Dangling DNS Records
A vulnerability where a subdomain points to an external service that is no longer claimed or configured, allowing someone else to take control of the destination and serve content under the organisation's domain.
Read moreGet a fixed-price quote for your penetration test
Our team will help you scope the right assessment for your environment and provide a fixed-price quote within one business day.