Security and IT Testing Glossary
This glossary contains definitions of the most important technical terms in the course. It is organized alphabetically for easy reference.
A
AES
Advanced Encryption Standard. Symmetric block cipher algorithm with 128-bit blocks, supporting 128, 192, or 256-bit keys. The modern standard that replaced DES.
ARP
Address Resolution Protocol. Protocol that resolves IP addresses to MAC addresses on local networks. Vulnerable to ARP spoofing attacks.
ASLR
Address Space Layout Randomization. Operating system protection that randomizes the location of memory regions to make buffer overflow exploitation more difficult.
Autopsy
Graphical forensic analysis tool based on Sleuth Kit for examining disk images and recovering digital evidence.
B
Bandit
Static security analysis tool for Python code. Detects insecure practices such as use of dangerous functions, injections, and improper credential handling.
Buffer overflow
Vulnerability that occurs when a program writes more data than a memory buffer can hold, overwriting adjacent areas. Allows manipulation of the execution flow.
Burp Suite
HTTP proxy and interceptor tool used for web application security testing. Allows modifying requests, automating attacks, and mapping applications.
C
Chain of custody
Documented record of every action performed on digital forensic evidence, ensuring it was not altered from collection to presentation.
Asymmetric encryption
Cryptographic system that employs a key pair: one public for encryption and one private for decryption. Example: RSA.
Symmetric encryption
Cryptographic system that uses the same secret key for both encryption and decryption. Example: AES.
Confidentiality
Security principle that guarantees information is only accessible to authorized entities.
CSRF
Cross-Site Request Forgery. Attack that exploits the user’s browser to send malicious requests to an application where they are authenticated.
CVE
Common Vulnerabilities and Exposures. Standardized identification system for known security vulnerabilities.
D
DAC
Discretionary Access Control. Access control model where the resource owner decides who can access it.
DEP
Data Execution Prevention. Protection that marks memory regions as non-executable to prevent execution of injected code.
DevSecOps
Methodology that integrates security into all phases of the software development lifecycle, from design through deployment.
DFD
Data Flow Diagram. Graphical representation of how data flows through a system, useful for identifying attack surfaces in threat modeling.
Availability
Security principle that guarantees systems and data are accessible when authorized users need them.
DMZ
Demilitarized Zone. Intermediate network segment between the internal network and the outside, hosting public services isolated from the corporate network.
DNS
Domain Name System. Protocol that translates human-readable domain names into IP addresses.
DREAD
Threat prioritization model based on five criteria: Damage, Reproducibility, Exploitability, Affected users, Discoverability.
Dynamic analysis
Analysis technique that examines a program’s behavior during execution in a controlled environment. Applied to malware, binaries, and web applications.
E
EIP/RIP
Processor registers (32/64-bit respectively) that store the address of the next instruction to execute. Their overwrite is the target of buffer overflow attacks.
ELF
Executable and Linkable Format. Standard executable file format on Linux/Unix systems.
Exploit
Code or technique that leverages a specific vulnerability to compromise a system.
Ethical hacking
Authorized practice of assessing system security by simulating real attacks to identify vulnerabilities before malicious actors can exploit them.
F
Firewall
Security system that monitors and controls incoming and outgoing network traffic based on predefined rules.
Flawfinder
Static analysis tool for C/C++ code that detects insecure functions and vulnerability patterns.
Forensic image
Bit-for-bit copy of a storage device, made for forensic analysis without altering the original evidence.
Digital forensics
Cybersecurity discipline that identifies, preserves, analyzes, and presents digital evidence with legal validity.
G
GDB
GNU Debugger. Command-line debugger for programs in C, C++, and other compiled languages. Fundamental for binary analysis and buffer overflow exploitation.
Google Dorks
Advanced search techniques using special operators in Google to find publicly exposed sensitive information.
GPG
GNU Privacy Guard. Free implementation of the OpenPGP standard for asymmetric encryption, digital signing, and key management.
H
Hash
Mathematical function that converts data of any size into a fixed-length string. Used for verifying integrity and storing passwords.
Heap
Memory region used for dynamic allocation at runtime. Also vulnerable to overflow attacks.
I
ICMP
Internet Control Message Protocol. Network diagnostic protocol used by tools like ping and traceroute.
IDS/IPS
Intrusion Detection/Prevention System. Systems that detect (IDS) or detect and block (IPS) malicious network activity.
Indicator of compromise (IoC)
Observable evidence indicating a system has been compromised. Includes malicious file hashes, IP addresses, domains, and behavior patterns.
Integrity
Security principle that guarantees information has not been altered in an unauthorized manner.
iptables
Linux utility for configuring firewall rules in the kernel via the netfilter framework.
K
Kill Chain
Model describing the phases of a cyberattack: reconnaissance, weaponization, delivery, exploitation, installation, command and control, and actions on objectives.
L
LFI
Local File Inclusion. Web vulnerability that allows including server files through manipulable parameters, potentially exposing sensitive files.
M
MAC
Mandatory Access Control. Access control model where the system enforces rules based on security classification levels.
Malware
Malicious software designed to damage, disrupt, or gain unauthorized access to systems. Includes trojans, worms, ransomware, spyware, and rootkits.
Metasploit
Penetration testing framework that provides exploits, payloads, and auxiliary tools for security assessments.
N
Nmap
Network Mapper. Network scanning tool for host discovery, open ports, services, and version detection.
NOP sled
Sequence of NOP (No Operation) instructions used in buffer overflow exploits to increase the likelihood of reaching injected shellcode.
NX
No-eXecute bit. Hardware protection that marks memory pages as non-executable, preventing shellcode execution on the stack.
O
OSINT
Open Source Intelligence. Process of collecting and analyzing publicly available information to obtain useful intelligence in security assessments.
OWASP Top 10
List of the ten most critical web application vulnerabilities, maintained by the Open Web Application Security Project.
P
PASTA
Process for Attack Simulation and Threat Analysis. Threat modeling methodology oriented toward enterprise risk management in seven stages.
PE
Portable Executable. Executable file format on Windows systems (.exe, .dll).
Pentesting
Penetration testing. Authorized security assessment where experts simulate real attacks to identify vulnerabilities.
PTES
Penetration Testing Execution Standard. Framework defining the phases and procedures for conducting professional penetration tests.
R
Ransomware
Type of malware that encrypts the victim’s files and demands payment to provide the decryption key.
RBAC
Role-Based Access Control. Access control model where permissions are assigned to roles and users receive permissions according to their role.
Reverse shell
Technique where the compromised system initiates a connection back to the attacker, bypassing firewall restrictions on incoming connections.
ROP
Return Oriented Programming. Advanced exploitation technique that chains existing code fragments (gadgets) to execute arbitrary actions without injecting shellcode.
RSA
Asymmetric cryptography algorithm based on the difficulty of factoring large prime numbers. Enables encryption, decryption, and digital signing.
S
SAST
Static Application Security Testing. Source code analysis to identify vulnerabilities without executing the application.
Semgrep
Lightweight, customizable multi-language static analysis tool for detecting security patterns in code.
SHA-256
Cryptographic hash function that produces a 256-bit digest. Part of the SHA-2 family, currently secure and widely used.
Shellcode
Machine code injected into memory during vulnerability exploitation, typically designed to open a system shell.
Shift Left
Practice of moving security activities to earlier stages of the development cycle, detecting vulnerabilities before production.
Sniffing
Capture of network traffic passing through an interface. Can be passive (observation) or active (traffic manipulation).
SQLi
SQL Injection. Attack technique that inserts malicious SQL code into input fields to manipulate the underlying database.
Stack
LIFO memory structure where local variables and function return addresses are stored. Primary target of buffer overflow attacks.
Stack canary
Random value inserted before the return address on the stack that, if modified, indicates a possible buffer overflow.
Static analysis
Analysis technique that examines source code or binaries without executing them. Includes code review, disassembly, and use of SAST tools.
STRIDE
Microsoft’s threat categorization model: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege.
T
theHarvester
OSINT tool that collects email addresses, subdomains, hosts, and employee names from public sources.
Trivy
Vulnerability analysis tool for Docker images, code repositories, and dependencies.
Trojan
Type of malware that disguises itself as legitimate software to trick the user into executing malicious actions.
V
Volatility
RAM forensic analysis framework that allows identifying hidden processes, network connections, keys, and volatile artifacts.
Vulnerability
Weakness in a system, application, or process that can be exploited by an attacker to compromise security.
W
WAF
Web Application Firewall. Specialized firewall that protects web applications by filtering HTTP traffic and detecting attacks like SQLi and XSS.
Wireshark
Network traffic analysis tool with a graphical interface that allows capturing, filtering, and inspecting packets in detail.
X
XSS
Cross-Site Scripting. Vulnerability that allows injecting malicious scripts into web pages viewed by other users. Types: Reflected, Stored, DOM-based.