Cybersecurity Glossary
Clear, concise definitions of cybersecurity terms. No jargon, no fluff, just practical explanations to help you understand security concepts and communicate with your team.
Access Control
The set of policies and mechanisms that restrict who can access specific systems, data, or resources. A foundational security principle underpinning Zero Trust, IAM, and compliance frameworks such as NIS2 and ISO 27001.
Adversarial AI
The use of artificial intelligence by attackers to enhance or automate cyberattacks. Includes AI-generated phishing, adaptive malware, and automated reconnaissance at scale.
Agentic AI
AI systems capable of autonomously planning and executing multi-step tasks without continuous human oversight. Attackers are deploying agentic AI to automate full attack chains, introducing new prompt injection and privilege escalation risks.
AI Red Teaming
A structured assessment of AI systems to identify vulnerabilities such as prompt injection, model manipulation, and data leakage. Required for high-risk AI systems under the EU AI Act.
Air Gap
A physical isolation strategy where a critical system has no network connection to untrusted environments. Used in industrial and high-security contexts to prevent remote attacks, though physical social engineering remains a real threat.
API Security
The practice of protecting application programming interfaces from attacks and misuse. Includes authentication, authorization, rate limiting, and input validation to prevent data breaches and service disruption.
APT (Advanced Persistent Threat)
A long-term cyberattack campaign, typically by nation-state actors, designed to maintain covert access to a target. APTs prioritize stealth and intelligence gathering over immediate disruption.
Attack Surface
The total set of entry points through which an unauthorized user could access a system or network. Includes hardware, software, APIs, employees, and partner connections.
Backdoor
A hidden access mechanism deliberately or covertly introduced into software or hardware, allowing unauthorized entry without normal authentication. Often installed by malware after initial compromise or hidden by malicious insiders.
Baiting
A social engineering attack that lures victims with something enticing, such as a USB drive left in a parking lot. When the bait is taken, malware is installed or credentials are harvested.
Black Box Testing
A penetration testing approach where the tester has no prior knowledge of the target, simulating a real external attacker. Reveals how much damage an outsider could cause without inside information.
Blue Team
The internal or external team responsible for defending systems against simulated and real attacks. Blue Teams monitor, detect, and respond to threats, working alongside Red Teams in Purple Team exercises.
Brute Force
An attack that systematically tries all possible password or key combinations until the correct one is found. Mitigated by strong password policies, lockout mechanisms, and multi-factor authentication.
Bug Bounty
A program that rewards external researchers for responsibly discovering and reporting vulnerabilities. An alternative or complement to traditional penetration testing for continuous vulnerability discovery.
Business Email Compromise (BEC)
A scam where attackers impersonate a trusted executive or partner via email to trick employees into transferring funds or sharing sensitive data. Responsible for billions in corporate losses annually.
BYOD (Bring Your Own Device)
A policy allowing employees to use personal devices for work. BYOD expands the attack surface and complicates security enforcement, making it a significant factor in data breaches and social engineering incidents.
C2 (Command and Control)
The infrastructure attackers use to remotely communicate with and control compromised systems. C2 channels issue commands, enable data exfiltration, and deploy additional payloads. Detecting C2 traffic is a primary goal of threat hunting.
CISO
Chief Information Security Officer. The executive accountable for an organization's information security strategy, risk management, and compliance. The primary audience for security assessments and pentest reporting.
Clickjacking
A web attack where an invisible malicious layer is placed over a legitimate page, tricking users into clicking hidden elements. Can be used to perform unauthorized actions, trigger downloads, or steal credentials.
Cloud Security
The set of controls, policies, and technologies protecting cloud-based infrastructure, applications, and data. Misconfigurations and insecure APIs are the leading cause of cloud breaches, making continuous assessment essential.
Credential Stuffing
An automated attack that tests stolen username and password combinations from one breach against other services, exploiting widespread password reuse across accounts.
Cross-Site Scripting (XSS)
A web vulnerability where attackers inject malicious scripts into pages viewed by other users, enabling session hijacking, redirects, or unauthorized actions on the victim's behalf.
Cryptography
The science of securing information through mathematical techniques including encryption, hashing, and digital signatures. The foundation of data confidentiality, integrity, and authentication across all digital systems.
CVE
Common Vulnerabilities and Exposures. A public registry of known security flaws, each assigned a unique identifier and severity score. Over 305,000 CVEs are on record.
Cyber Kill Chain
A framework describing the seven phases of a cyberattack: reconnaissance, weaponization, delivery, exploitation, installation, command and control, and actions on objectives. Used to detect and disrupt attacks at each stage.
Dark Web
The part of the internet not indexed by standard search engines, accessible only via tools such as Tor. Used by cybercriminals to trade stolen credentials, malware, and ransomware services.
Data Breach
An incident where sensitive or confidential data is accessed or stolen without authorization. The global average cost reached 4.45 million dollars in 2025, with phishing as the leading cause.
Data Exfiltration
The unauthorized transfer of data from an organization's environment to an attacker-controlled destination. Often the final objective of ransomware groups and APT campaigns, and a primary trigger for regulatory breach notifications.
DDoS (Distributed Denial of Service)
An attack that overwhelms a system with traffic from multiple sources, making it unavailable to legitimate users. Often used to mask other malicious activity or disrupt critical infrastructure.
Deepfake
AI-generated synthetic audio, video, or images that convincingly impersonate real people. Used to clone executives' voices in vishing attacks or fabricate video evidence.
Defense in Depth
A layered security strategy combining multiple independent controls so that if one fails, others continue to protect the organization. No single security measure is sufficient on its own.
Digital Forensics
The discipline of collecting, preserving, and analyzing digital evidence after a security incident. Used to reconstruct attack timelines, identify threat actors, and support legal proceedings.
DMARC
An email authentication protocol that blocks domain spoofing used in phishing and BEC attacks. Organizations without DMARC are far more vulnerable to email-based social engineering and brand impersonation.
DORA
The Digital Operational Resilience Act requires EU financial organizations to withstand and recover from ICT disruptions. It mandates regular penetration testing including threat-led assessments.
EDR (Endpoint Detection and Response)
Security software deployed on endpoints that monitors for suspicious behavior, detects threats in real time, and supports investigation. Baseline hygiene against modern ransomware.
Encryption
The process of converting readable data into an unreadable format using a cryptographic algorithm and key. Protects data at rest and in transit and is mandated by GDPR, PCI DSS, and NIS2.
Ethical Hacker
A security professional who uses the same techniques as malicious hackers but with authorization and for defensive purposes. Also known as a white-hat hacker.
EU AI Act
EU legislation regulating AI systems by risk level. High-risk systems require security testing and adversarial assessments before deployment. Key compliance deadline: 2 August 2026.
Exploit
A piece of code or technique that takes advantage of a specific vulnerability to cause unintended behavior in a system. The primary mechanism through which vulnerabilities become actual breaches.
Firewall
A security control that monitors and filters network traffic based on predefined rules, blocking unauthorized connections. A foundational perimeter defense that works alongside EDR, SIEM, and network segmentation.
GDPR
The General Data Protection Regulation is EU legislation protecting personal data and privacy. It requires organizations to implement appropriate security measures.
Generative AI Misuse
The weaponization of generative AI to create convincing phishing emails, deepfakes, or malicious code at scale. Has lowered the skill threshold for launching sophisticated attacks.
Gray Box Testing
A penetration testing approach where the tester has partial knowledge of the target, such as user credentials or architecture documentation. Balances realism with efficiency and is commonly used for application and internal network assessments.
Hardening
The process of reducing a system's attack surface by disabling unnecessary services, applying secure configurations, and patching vulnerabilities. A fundamental hygiene practice required under NIS2, ISO 27001, and most compliance frameworks.
Honeypot
A decoy system or resource designed to attract and detect attackers. When accessed, it alerts defenders to unauthorized activity and reveals attacker techniques without exposing real assets.
Human Factor
The role of human behavior, decisions, and errors in cybersecurity. Most breaches involve some element of human manipulation or mistake.
Identity and Access Management (IAM)
The framework of policies and technologies ensuring the right people have the right access to the right systems at the right time. A cornerstone of Zero Trust architectures and a core NIS2 security control.
Incident Response
The structured process for detecting, containing, eradicating, and recovering from a security incident. A tested plan significantly reduces breach costs and recovery time.
Insider Threat
A security risk originating from within the organization, whether a malicious employee, contractor, or user who falls for social engineering. Difficult to detect because it involves authorized access.
IoT Security
The practice of protecting internet-connected devices such as cameras, industrial sensors, and smart building systems. IoT devices often lack standard security controls, making them frequent entry points for attackers.
ISO 27001
The international standard for information security management systems. Certification demonstrates structured, auditable security controls and typically requires penetration testing.
Keylogger
Malware that records every keystroke on an infected device, capturing passwords, credit card numbers, and sensitive communications. Often deployed as part of a broader credential theft or espionage campaign.
Lateral Movement
The technique attackers use to progressively move through a network after initial access, seeking higher-value targets. Often stays undetected for weeks and is a key red team objective.
Malware
Software intentionally designed to disrupt, damage, or gain unauthorized access to a system. Includes ransomware, spyware, trojans, and worms. The payload behind most successful cyberattacks.
Man-in-the-Middle (MitM)
An attack where an adversary intercepts communications between two parties who believe they are talking directly. Common on unsecured Wi-Fi and in compromised network infrastructure.
MITRE ATT&CK
A globally recognized knowledge base of attacker tactics, techniques, and procedures based on real-world observations. Used by penetration testers and defenders to structure assessments, threat intelligence, and detection rules.
Multi-Factor Authentication (MFA)
A mechanism requiring two or more verification factors to access an account. Increasingly bypassed via SIM swapping or session hijacking, making phishing-resistant options like passkeys critical.
Mystery Guest
A physical security assessment where testers attempt to gain unauthorized access to facilities through social engineering and pretexting.
NDR (Network Detection and Response)
A security solution that monitors network traffic to detect anomalies, lateral movement, and C2 communication. Complements EDR by providing visibility into traffic that endpoint tools cannot see.
Network Segmentation
The practice of dividing a network into isolated zones to limit how far an attack can spread. Prevents ransomware and lateral movement from reaching critical systems, and is a required control under NIS2.
NIS2
The Network and Information Security Directive 2 is EU legislation establishing cybersecurity requirements for essential and important entities across member states.
OSINT
Open Source Intelligence, information collected from publicly available sources to support security assessments, threat intelligence, or reconnaissance.
Password Spraying
An attack that tries a small number of common passwords across many accounts to avoid triggering lockout policies. More patient and harder to detect than brute force attacks.
Patch Management
The systematic process of applying software updates to fix known vulnerabilities across systems and applications. One of the most impactful controls against exploitation of CVEs and zero-day vulnerabilities.
PCI DSS
Payment Card Industry Data Security Standard, requirements for organizations that handle credit card data. Compliance requires regular security assessments.
Pen Test Report
The formal deliverable of a penetration test, documenting discovered vulnerabilities, proof of exploitation, business impact, and prioritized remediation steps. The quality of the report determines the practical value of the engagement.
Penetration Testing
A controlled security assessment where ethical hackers simulate real attacks to identify vulnerabilities in systems, networks, or applications before malicious actors can exploit them.
Phishing
A type of social engineering attack using fraudulent emails or messages to trick recipients into revealing sensitive information or clicking malicious links.
Phishing Simulation
A controlled exercise where an organization sends realistic fake phishing emails to employees to measure susceptibility and reinforce training. A core component of effective security awareness programs.
Post-Quantum Cryptography
Cryptographic algorithms designed to resist attacks from quantum computers, which could break current encryption standards. NIS2 and DORA require organizations to assess cryptographic resilience as quantum threats mature.
Pretexting
A social engineering technique where an attacker fabricates a believable scenario to manipulate a target into revealing information or granting access. Common examples include posing as IT support or auditors.
Privilege Escalation
The process by which an attacker gains permissions beyond those initially obtained, moving from a low-privilege account toward administrator or root access.
Privileged Access Management (PAM)
Tools and practices for controlling and auditing access by privileged accounts such as system administrators. A core Zero Trust control and a NIS2 requirement for essential entities.
Prompt Injection
An attack where malicious instructions are hidden in user input or external data to manipulate an AI system into ignoring its guidelines or leaking sensitive information.
PTaaS (Penetration Testing as a Service)
A subscription model for continuous or on-demand penetration testing. Sectricity's RedSOC PTaaS offers 35 service types via a credit-based model where 1 credit equals 1 euro.
Purple Team
A collaborative security exercise where Red Team attackers and Blue Team defenders work together in real time to improve detection and response. Accelerates knowledge transfer faster than separate exercises.
Quishing
QR code phishing. Attackers embed malicious URLs in QR codes to bypass email link scanners. Common in fake parking fines, invoices, or posters in public spaces.
Ransomware
Malware that encrypts a victim's files or systems and demands payment for the decryption key. Often spreads through phishing or exploiting vulnerabilities.
Reconnaissance
The first phase of a cyberattack or penetration test, involving systematic information gathering about a target. Includes passive OSINT and active scanning to map the attack surface before exploitation begins.
Red Team
A group that simulates real-world attacks against an organization to test its defenses. Red team exercises are more comprehensive than standard penetration tests.
Responsible Disclosure
A process where researchers report vulnerabilities to the affected organization before going public, giving the vendor time to develop a fix. Also known as coordinated vulnerability disclosure.
Risk Assessment
A systematic process of identifying, analyzing, and evaluating cybersecurity risks to determine their potential impact and likelihood. Required under NIS2, ISO 27001, and DORA as the basis for security investment decisions.
Rootkit
Malware designed to hide its own presence and that of other malicious tools on a compromised system, often at kernel level. Among the most difficult threats to detect and remove, making it a forensics priority.
Sandbox
An isolated environment used to safely execute and analyze suspicious files or code without risk to the broader system. A standard tool in malware analysis and incident response workflows.
Security Awareness
Training and education programs designed to help employees recognize and respond appropriately to security threats, particularly social engineering attacks.
Session Hijacking
An attack where an adversary steals or forges a valid session token to impersonate a legitimate user without their credentials. Commonly exploited via Cross-Site Scripting or network interception.
Shadow AI
Unauthorized use of AI tools by employees outside approved company channels. Creates compliance risks, can expose sensitive data to third-party models, and is a growing breach cost factor.
SIEM
Security Information and Event Management. A platform that aggregates log data from across an organization's infrastructure to detect anomalies, correlate events, and trigger alerts.
Smishing
SMS-based phishing. Attackers send text messages impersonating banks, couriers, or government agencies to trick recipients into clicking malicious links or calling fraudulent numbers.
SOAR
Security Orchestration, Automation and Response. A platform that automates repetitive security tasks and coordinates responses across SIEM, EDR, and other tools, reducing response times and analyst workload.
SOC (Security Operations Center)
A team or facility responsible for continuously monitoring and responding to security incidents. Sectricity's RedSOC PTaaS delivers pentest-as-a-service with SOC-level visibility.
SOC 2
A compliance framework for service organizations, especially SaaS providers. Type II audits verify controls operate effectively over time, often requiring penetration test evidence.
Social Engineering
The psychological manipulation of people to perform actions or reveal confidential information. Attackers exploit human trust rather than technical vulnerabilities.
Social Engineering Assessment
A structured security test evaluating how susceptible an organization's employees are to manipulation via phishing, vishing, smishing, pretexting, and physical intrusion techniques.
Spear Phishing
A targeted phishing attack aimed at a specific individual or organization. Uses personal details gathered through OSINT to make messages appear credible and bypass skepticism.
SQL Injection
An attack where malicious SQL code is inserted into input fields to read, modify, or delete database contents. Consistently one of the most common and damaging web application vulnerabilities.
Supply Chain Attack
An attack on a vendor or service provider to compromise the customers who depend on their software. Allows adversaries to reach hundreds of targets through a single compromise.
Tailgating
A physical social engineering technique where an attacker follows an authorized person through a secured entrance without using their own credentials. Exploits politeness or distraction rather than any technical flaw.
Third-Party Risk
The cybersecurity exposure arising from relying on external vendors or suppliers. Supply chain attacks were the second most costly breach factor in 2025 and are regulated under NIS2 and DORA.
Threat Hunting
A proactive practice where analysts manually search systems for signs of compromise that automated tools may have missed. Particularly effective where EDR and SIEM blind spots exist.
Threat Intelligence
Actionable information about current and emerging threats, including attacker tactics and indicators of compromise. Used to prioritize security investments and define pentest scope.
Threat Modeling
A proactive process of identifying potential threats, attack vectors, and security weaknesses in a system before it is deployed or changed. Helps teams prioritize controls based on realistic risk scenarios.
Typosquatting
A technique where attackers register domain names mimicking legitimate ones through common typing errors. Used to host phishing pages or impersonate brands in BEC and social engineering attacks.
Vishing
Voice phishing, social engineering attacks conducted over phone calls. Attackers impersonate trusted entities to extract information or convince targets to take harmful actions.
Voice Cloning
A deepfake technique that replicates a person's voice from a short audio sample. Used by attackers in phone-based social engineering to impersonate CEOs or trusted contacts.
VPN
Virtual Private Network. Creates an encrypted tunnel between a device and a network to protect data in transit. Widely used for remote work, though VPN vulnerabilities have been a frequent attacker entry point in recent years.
Vulnerability Assessment
A systematic process of identifying and prioritizing security weaknesses in systems or applications. Unlike penetration testing, it does not exploit findings but delivers a remediation roadmap.
Watering Hole Attack
An attack where adversaries compromise a website frequently visited by a target group and inject malware that infects visitors. Harder to detect than phishing because it exploits trusted content sources.
Whaling
A spear phishing attack targeting senior executives or board members. Also called CEO fraud. The goal is typically to authorize fraudulent wire transfers or extract sensitive business data.
White Box Testing
A penetration testing approach where the tester has full knowledge of the target environment, including architecture and source code. Maximizes depth and efficiency for assessing complex internal systems.
Worm
Self-replicating malware that spreads automatically across networks without requiring user interaction. Worms can cause massive disruption at scale and are frequently used as delivery mechanisms for ransomware payloads.
XDR (Extended Detection and Response)
A unified security platform combining telemetry from endpoints, networks, cloud, and email into a single detection and response engine. Extends EDR and NDR capabilities with cross-domain threat correlation.
Zero-Day Exploit
An attack targeting a software vulnerability unknown to the vendor or without an available patch. In 2025, exploitation began occurring on average before a fix was released.
Zero Trust
A security model built on never trust, always verify. No user, device, or segment is trusted by default. Access is continuously validated based on identity, context, and behavior.
Missing a Term?
If there's a cybersecurity concept you'd like us to explain, let us know. We're always expanding this glossary.
Suggest a TermReady to Improve Your Security?
Our ethical hackers can help you understand and address your risks.