Glossary
The field's terms, acronyms, expressions, jargon, and lore - defined, sourced, and linked to the tools that compute them.
No entries match those filters.
A
B
- bazloreThe third metasyntactic placeholder, following foo and bar.
- beaconingjargonThe regular, automated check-ins a compromised host makes to its command server.
- BGPacronymThe protocol that decides how traffic is routed between the large networks that make up the internet.
- bikesheddingloreSpending disproportionate discussion on a trivial detail while an important, complex decision passes with little scrutiny.
- blast radiusjargonHow far the damage spreads when one component fails or is compromised.
- blue teamtermThe defenders: the people and tooling that detect, respond to, and recover from attacks.
- bohrbugloreA solid, reproducible bug that behaves the same way every time you run it.
- botnettermA network of compromised machines controlled as one, often for attacks or spam.
- brute forcetermTrying every possibility until one works.
- bug (the first computer bug)loreDisputed / commonly mistoldThe 1947 logbook entry in which a moth trapped in a Harvard Mark II relay was taped down beside the note "First actual case of bug being found."
- bug bountytermA program that pays researchers for responsibly reporting security flaws.
C
- C2acronymThe infrastructure an attacker uses to control compromised machines remotely.
- cargo cult programmingloreCopying code or rituals that seem to work without understanding why, in the hope the result follows.
- chain analysistermTracing cryptocurrency flows across a public blockchain to follow the money.
- CIA triadtermThe three core goals of information security: confidentiality, integrity, and availability.
- CIDRacronymA compact way to write an IP network as an address plus a prefix length, like 10.0.0.0/8.
- cipher suitetermThe specific set of algorithms a TLS connection agrees to use for key exchange, encryption, and integrity.
- circuit breakertermA pattern that stops calling a failing dependency for a while, so one outage does not drag everything down.
- Content Security PolicyacronymA browser policy that restricts what a page may load and run, to blunt attacks like XSS.
- control planetermThe part of a system that makes decisions, as opposed to the data plane that moves the traffic.
- CORSacronymThe browser mechanism that decides whether a web page may make requests to a different origin.
- credential stuffingtermAutomated login attempts using username and password pairs stolen from other breaches.
- CSRFacronymAn attack that tricks a logged-in user's browser into making an unwanted request.
- CVEacronymA public catalogue entry that uniquely identifies one specific known vulnerability.
- CVSSacronymA standard 0 to 10 score that rates the severity of a vulnerability.
D
- data minimizationtermCollecting and keeping only the personal data you actually need, for only as long as you need it.
- DDoSacronymAn attack that overwhelms a service with traffic from many sources at once.
- dead droptermA method of passing information without the parties ever meeting.
- debuggingtermThe systematic process of finding and fixing defects in software.
- defense in depthtermLayering multiple independent controls so that if one fails, others still stand.
- DevSecOpstermA culture and practice of building security into development and operations, not bolting it on.
- digital signaturetermA cryptographic proof that a message came from a specific key holder and was not altered.
- DNSacronymThe system that translates human-readable names like example.com into IP addresses.
- DNS over HTTPSacronymSending DNS lookups inside encrypted HTTPS so they cannot be read or tampered with in transit.
- dogfoodingexpressionUsing your own product in real work before you ask anyone else to.
E
- end-to-end encryptiontermEncryption where only the communicating endpoints can read the messages, not the servers in between.
- entropytermA measure of unpredictability; in security, the randomness that makes keys and secrets hard to guess.
- ephemeral keytermA short-lived key generated for a single session and then discarded.
- exit nodetermThe final Tor relay, where traffic leaves the network toward its destination.
- exit scamtermWhen an operator suddenly shuts down and disappears with users' funds.
- exploittermCode or a technique that turns a vulnerability into actual unintended behaviour.
F
- foo / barloreThe canonical placeholder names in programming examples, used when the specific name does not matter.
- forward proxytermA server that sits in front of clients and forwards their outbound requests.
- forward secrecytermA property that keeps past sessions safe even if the server's long-term key is later stolen.
- FUBARloreSlang for something broken beyond any reasonable repair.
G
H
- hackloreOriginally, an inventive or elegant solution admired for its cleverness, not a break-in.
- hash collisiontermWhen two different inputs produce the same hash output.
- hash functiontermA one-way function that turns any input into a fixed-size fingerprint.
- Have I Been PwnedtermA free service that tells you whether your email or password has appeared in a known data breach.
- heisenbugloreA bug that changes behaviour or disappears when you try to observe it.
- HMACacronymA way to prove a message is authentic and unaltered, using a hash and a shared secret.
I
- "is it worth the time?"expressionThe question of whether automating a task actually saves more time than it costs to automate.
- idempotency keytermA unique token attached to a request so the server can safely ignore accidental duplicates.
- idempotenttermAn operation that has the same effect whether you run it once or many times.
- immutable infrastructuretermAn approach where servers are never modified in place; to change one, you replace it with a new build.
- infrastructure as codetermManaging servers and networks through version-controlled configuration files rather than manual setup.
- IVacronymA starting value that makes a cipher produce different output for identical input.
J
K
L
M
- MAC (message authentication code)acronymA short tag that proves a message came from someone holding the shared key and was not altered.
- MAC addresstermThe hardware address that identifies a network interface on a local network.
- Merkle treetermA tree of hashes that lets you verify one item belongs to a large set efficiently.
- MFAacronymRequiring two or more independent proofs of identity to log in, not just a password.
- microsegmentationtermDividing a network into small, individually controlled zones to limit lateral movement.
- mixer (tumbler)termA service that blends many parties' cryptocurrency together to obscure who paid whom.
- MSSacronymThe largest chunk of actual data a TCP segment carries, after headers.
- MTUacronymThe largest packet, in bytes, a link will carry without fragmenting.
N
- NATacronymRewriting IP addresses in transit, classically to let many private hosts share one public address.
- noisy neighborjargonA tenant whose heavy resource use degrades performance for others sharing the same infrastructure.
- noncetermA number used once, included in a protocol so the same message cannot be replayed.
O
- OAuthtermA standard that lets an app access your data on another service without handling your password.
- observabilitytermHow well you can understand what a system is doing internally from the signals it emits.
- off-by-one errorloreThe classic error of counting one too many or one too few, especially at the boundaries of a loop or range.
- onion routingtermA privacy technique that wraps traffic in layers of encryption and bounces it through several relays.
- OPSECacronymThe discipline of protecting the small pieces of information that together reveal too much.
- OWASPacronymA nonprofit community that produces free, widely used guidance on application security.
P
- Path MTU DiscoveryacronymHow a sender finds the smallest MTU along the whole route, not just the first hop.
- payloadtermThe part of an attack that carries out the intended action, once delivery succeeds.
- penetration testtermAn authorized simulated attack that finds weaknesses before a real attacker does.
- peppertermA secret value added alongside the salt when hashing passwords.
- phishingtermTricking someone into revealing credentials or running malware, usually by email.
- PIIacronymAny data that can identify a specific person, on its own or combined with other data.
- PKIacronymThe system of certificates and authorities that lets strangers trust each other's public keys.
- podtermThe smallest deployable unit in Kubernetes: one or more containers that share networking and storage.
- post-quantum cryptographytermNew algorithms designed to stay secure even against a future large-scale quantum computer.
- privilege escalationtermTurning limited access into greater access, ideally administrator or root.
- public-key cryptographytermEncryption using a pair of keys, one public and one private, so no shared secret must be exchanged first.
- purple teamtermRed and blue working together, so every offensive finding immediately improves the defence.
- pwnedloreSlang for having been thoroughly defeated or compromised.
Q
R
- rabbit holeexpressionAn investigation that keeps pulling you deeper, well past where you meant to stop.
- race conditiontermA bug where the outcome depends on the unpredictable timing of concurrent operations.
- rainbow tabletermA precomputed lookup that reverses unsalted password hashes quickly.
- red teamtermA group that plays the adversary to test an organization's defences realistically.
- ReDoSacronymA denial-of-service caused by a regular expression that takes catastrophically long on certain input.
- regextermA compact pattern language for matching and extracting text.
- replay attacktermCapturing a valid message and sending it again to produce an unauthorized effect.
- responsible disclosuretermReporting a vulnerability privately to the vendor and giving them time to fix it before going public.
- reverse proxytermA server that receives client requests and forwards them to back-end servers on their behalf.
- root causetermThe underlying reason a failure happened, beneath its visible symptoms.
- RPKIacronymA system of signed records that lets routers check whether a network is allowed to announce a given address block.
- rubber duck debuggingloreDebugging by explaining your code, line by line, to an inanimate object.
- runbooktermA documented procedure for carrying out a specific operational task or handling a known situation.
S
- salttermRandom data added to a password before hashing, unique per user.
- serverlesstermA model where you run code without managing servers, and pay only while it runs.
- service meshtermA dedicated layer that manages service-to-service communication inside a cluster.
- shellcodetermA small, self-contained piece of machine code an exploit runs, classically to open a shell.
- shift-leftexpressionMoving testing, security, and quality checks earlier in the development process.
- sidecartermA helper container that runs alongside a main application to add capabilities without changing it.
- SLOacronymA concrete target for how reliable a service should be, like 99.9% of requests succeeding.
- smishingtermPhishing carried out over SMS text messages.
- SNAFUloreWartime slang for a situation that is a mess, yet routinely so.
- SOCacronymThe team and facility responsible for continuously monitoring and defending an organization's security.
- SOC 2acronymAn auditing standard that reports on how well a service organization protects customer data.
- social engineeringtermManipulating people, rather than technology, to gain access or information.
- SQL injectiontermInjecting database commands through an input that gets concatenated into a query.
- subnettermA slice of a larger network, defined by how many address bits are fixed.
- supernettermA single route that summarizes several smaller networks.
- supply-chain attacktermCompromising software by attacking something it depends on, rather than the target directly.
- SYN floodtermA denial-of-service that opens many half-finished TCP connections to exhaust a server's resources.
T
- TCP three-way handshaketermThe three-message exchange that opens a TCP connection: SYN, SYN-ACK, ACK.
- technical debtexpressionThe future cost of choosing a quick solution now over a better one later.
- the 500-mile emailloreA classic sysadmin tale of an email system that mysteriously could not send mail farther than about 500 miles.
- the fallacies of distributed computingloreA list of false assumptions that programmers keep making about distributed systems.
- the Jargon FileloreThe long-running community dictionary of hacker slang and culture, maintained since the 1970s.
- the left-pad incidentloreThe 2016 incident in which unpublishing an eleven-line package briefly broke builds across the internet.
- the Story of MelloreA 1983 Usenet poem about Mel Kaye, a programmer who wrote code so close to the machine it defied the idea of ever rewriting it.
- the two hard thingsexpressionThe joke that there are only two hard problems in computer science: cache invalidation, naming things, and off-by-one errors.
- threat modeltermA structured look at what could go wrong, who might attack, and what is worth defending.
- TLSacronymThe protocol that encrypts and authenticates most internet traffic, the S in HTTPS.
- toiljargonRepetitive, manual operational work that scales with the service but adds no lasting value.
- Tor relaytermOne of the volunteer-run servers that forward Tor traffic.
- TTLacronymA counter that limits how long data lives or how far a packet may travel before being discarded.