Active testing is a process involving repeated interaction with a digital asset to reach success criteria defined by the test methodology. More
An attack path is one or more security gaps that attackers can exploit to gain access to an IT asset and to move from one IT asset to another. A clear understanding of possible attack paths helps security teams accurately gauge cybersecurity risk. More
An attack surface is the sum of an organization’s attacker-exposed IT assets, whether these assets are secure or vulnerable, known or unknown, in active use or not and regardless of IT/security team is aware of them. More
Attack surface discovery is an initial stage of attack surface management. It’s the process of automated searching to identify digital assets across an organization’s external IT (or Internet-exposed) ecosystem. More
Attack surface management (ASM) is the process of continuously discovering, classifying and assessing the security of your IT ecosystem. More
Attack surface protection is the process of continuously discovering, classifying and testing the security of your attacker-exposed IT ecosystem. More
An attack vector is a path that an attacker can use to gain access to an organization’s network. Attack vectors can include exposed assets or abandoned assets, but they can also include unpatched software vulnerabilities, misconfigured software, weak authentication, and domain hijacking. More
The process of tracking, identifying, and assigning assets to the party that manages them. More
Banner grabbing is a process of collecting intelligence about IT assets and the services available on those assets. More
BAS is an advanced method of testing security environments by simulating likely attack paths and techniques commonly used by attackers. This process identifies vulnerabilities, much like a penetration test, except it's continuous and automated.
More
The business context is identifying an asset or service that is associated with the organization or team that controls it. Understanding the business context provides insight into the extent of the organization’s true attack surface, locating and monitoring otherwise “hidden” assets. More
Center for Critical Security Controls gives pragmatic, actionable recommendations for cyber security. The CyCognito platform maps to 14 of the CIS controls at least partially and provides extensive coverage around inventory of assets, vulnerability and penetration testing, and security of ports and services. More
Cloud security is a broad term referring to the tools and processes organization’s use to protect assets and data stored in the cloud from cyber attacks and threats. This also includes data running in the cloud’s workloads, and anything housed in Software-as-a-Service (SaaS) applications. More
CPE is a structured naming scheme for IT systems, software, and packages. The naming scheme is based on the generic syntax of uniform resource identifiers (URI), and includes a formal name format that checks names against a system, as well as a description format for binding text to a name. More
CVE is a database of publicly disclosed security vulnerabilities and exposures occurring in publicly released software packages. More
CVSS is an open framework articulating the severity of a threat through the principal characteristics of a vulnerability. These consist of three metric groups: base, temporal, and environmental. Once a number score is produced, the score is translated into low, medium, high, or critical risk categories. More
Continuous attack surface testing is the process of monitoring an organization’s IT ecosystem to identify and provide timely visibility into cyberthreats or risks. More
Continuous Threat Exposure Management (CTEM) is a risk reduction strategy designed to unify traditional silos of visibility, risk assessment, issue prioritization, and validation. With CTEM, exposed systems are continuously identified and comprehensively tested. Threat and business impact data is communicated frequently, allowing teams to make informed decisions and take prompt action. More
A cyber kill chain is a series of 7 stages that model the primary actions conducted in a cyberattack. Lockheed Martin developed the cyber kill chain model in 2011 to help cyber defenders identify and prevent the steps of an attack. Other organizations have slightly different models and critics have noted that attackers increasingly flout the cyber kill chain model, but there is broad agreement that organizations should always strive to eliminate potential threats as early as possible in the cyber kill chain. More
Cyber reconnaissance is a cybersecurity term built from the French word “reconnaissance,” which means “surveying” and adapted from the military practice of reconnaissance, conducting an exploratory survey of enemy territory. More
Cyber risk management involves continuously identifying, assessing, and mitigating potential cyber risks as well as understanding their potential impacts. More
A data breach occurs when an unauthorized or potentially malicious party gains access to confidential, sensitive or protected data. Some data breaches contain personally identifiable information (PII), which may include national identity numbers, credit card numbers, or medical records. More
Defensive security is a proactive approach that focuses on prevention, detection, and response to attacks from the perspective of defending the organization. For example, blue teams are generally thought of as defensive security. More
A digital footprint is the trail of data created by a user on the internet. The footprint can be left actively, through websites visited, emails sent, and information submitted online. More
The traditional Domain Name System (DNS) is a real-time, distributed database system where queries to DNS servers and resolvers translate hostnames into IP addresses and vice versa. More
Ethical hacking is a form of offensive security that involves authorized attempts to break into systems and applications in order to test an organization’s security posture. One example of ethical hacking is penetration testing. More
External Attack Surface Management (EASM) is an emerging market category that Gartner created in March 2021 to describe a set of products that supports organizations in identifying risks coming from internet-facing assets and systems that they may be unaware of. More
A false negative occurs when a cyber threat or attack passes through scanning and protection software undetected. More
A false positive is an alert that a detective and protection software generates when legitimate activity is classified as an attack. More
An IPv4 address is a 32-bit number that uniquely identifies a network interface used to connect a machine to the Internet or local area network. This is the fourth version of the Internet Protocol used for internetworking. More
IPv6 is a 128-bit number developed by the Internet Engineering Task Force (IETF) to help deal with the long-anticipated problem of IPv4 address exhaustion. More
ISO 27001 is the international gold standard for information security management. ISO 27001 proves the strength of your security posture to prospects and customers in global markets. More
An IT asset is any piece of software, hardware, or application used to support a business's core operations. This includes both physical assets and digital assets. A physical asset is something like a server, while a digital asset is something like a web application. More
An organization’s IT ecosystem is the network of services, providers and other organizations connected to the organization that create and deliver information technology products and services. More
Kali Linux is an open-source, specialized Linux platform developed and supported by Offensive Security and used for security research, penetration testing and security forensics. More
Machine learning is a branch of artificial intelligence describing the study of computer programs that leverage algorithms and statistical models to improve automation without explicit programming. This is used to improve the capabilities of a machine, software, or program by allowing it to essentially program itself using data. More
Maltego is an open-source intelligence (OSINT) tool for gathering and connecting data on the internet and illustrating relationships and links between things on a node-based graph. The platform offers a graphical user interface (GUI) that allows security professionals to mine data and helps IT and security teams build a picture of threats, their complexity and severity. More
Multi-factor authentication is an authentication method requiring users to supply more than one distinct authentication factor to gain access to a resource such as an application, online account, or VPN. These factors include something you know (such as a password or PIN), something you have (such as a token or key), or something you are (such as your fingerprint). More
NLP is a branch of artificial intelligence describing the study of how computers can understand, interpret, and manipulate human language. This process is commonly used for analyzing large volumes of textual data and structuring data sources to resolve ambiguous language. More
NIST 800-171 provides recommended requirements for protecting the confidentiality of controlled unclassified information (CUI) for those working with the US government. More
NIST 800-53 is a catalog of security and privacy controls for all U.S. federal information systems except those related to national security. More
The NIST Framework for Improving Critical Infrastructure Cybersecurity (or “The Framework” for short) consists of standards, guidelines, and practices to promote the protection of critical infrastructure. More
Offensive security is a proactive approach that involves testing an organization’s security posture from the viewpoint of an adversary. More
The Open Web Application Security Project (OWASP) is an online non-profit community that aims to improve software security. More
Open-Source Intelligence (OSINT) refers to the collection and analysis of any information about an individual or organization that can be legally gathered from free, public sources. More
In cybersecurity, passive DNS is used for detecting malicious activities like domain hijacking and botnets. It stores historical DNS information and provides insights into domain names and IP addresses. Passive DNS solutions enhance security posture and protect against emerging threats. More
Passive scanning is a reconnaissance workflow that typically does not involve direct interaction with a digital asset, for example parsing open-source intelligence (OSINT) such as DNS enumeration or Google searches. More
The path of least resistance in cybersecurity is an attacker’s easiest route to reaching a target asset. More
The Payment Card Industry Data Security Standard (PCI DSS) is a global standard that applies to any business that accepts, processes, stores, transmits, or impacts the security of cardholder data. More
Automated pen testing is designed to mimic penetration testing with digital tools and software. This process is commonly used by attackers to continuously scan an organization’s entire attack surface. More
Penetration or pen testing is a security practice where a real-world attack on a subset of an organization’s IT ecosystem is simulated in order to discover the security gaps that an attacker could exploit. More
A proactive security approach is the practice of taking measures to predict and prevent a breach before it ever happens. More
Ransomware is a form of malware that leverages encryption to hold the operations of an organization hostage in exchange for a ransom payment. More
Recon-ng is a web-based open-source reconnaissance tool (OSINT) written in Python, often paired with the Kali Linux penetration distribution. The tool reduces time spent harvesting information from open resources and consists of an extensive range of modules and database interaction. More
Red, Blue, and Purple Teams consist of security professionals who are integral to maintaining and improving an organization’s security posture. Red Teams are “attackers” who deploy ethical hacking methods such as penetration testing to simulate an attack and improve defenses. More
Remediation is the removal of the vulnerability or threat that could impact an organization's business and network security, typically through modifying a configuration or patching an operating system or application. Mitigation includes reducing the impact of a threat when it cannot be eliminated. More
Risk is a multifactor calculation of the severity of a threat, likelihood of an occurrence, and the impact of that threat on organizational operations, reputation, and costs. This includes mission, functions, image, or reputation on the organization’s assets or individuals associated with the organization. More
A risk assessment is the process of identifying, analyzing, and evaluating information assets that could be affected by a cyber attack. It then identifies the risks that could affect those assets. A risk assessment helps to ensure the cybersecurity controls are appropriate to the risks facing the organization. More
Risk-Based Vulnerability Management (RBVM) is a process that emphasizes prioritizing the most severe security vulnerabilities and remediating according to the risk that they pose to the organization. This approach is being more widely adopted as organizations realize they have far more vulnerabilities than they can remediate, and they need a way to prioritize which to fix first. More
After a risk analysis has been made, there will be clusters of risks varying in levels of criticality. Risk prioritization is a rational and common sense approach to decision making and analytics, applied to rank and order identified risk events from most to least critical on an appropriate scale. More
An organization’s security posture is the collective measure of the effectiveness of its cybersecurity. Assessing security posture involves testing the security of your IT ecosystem and its susceptibility to outside threats. More
Security testing checks software to reveal vulnerabilities in security mechanisms and determine whether data and resources are protected from threat actors. It’s a type of non-functional testing focused on whether the software or application is designed and configured correctly. More
Shadow IT is the use of web apps, cloud-services, software, and other IT resources without the knowledge of an organization’s IT or security teams. More
“Shadow risk” is the risk associated with the unknown assets within an organization’s attack surface. More
In cybersecurity, the phrase “shift left” refers to the process of focusing security practices as early as possible in a given activity or process. “Left” is a reference to the idea that a timeline runs from left to right, with “earlier” to the left, so “shift left” means to start earlier. More
Supply chain risk can be thought of as a specific type of third-party risk, where the risk stems from the fact that vendors and partners in an organization’s supply chain increase its attack surface yet the organization may not have sufficient visibility or awareness of the suppliers’ security posture. More
Third-party risk refers to the potential security risks to an organization stemming from the use of third-party vendors, including those vendors in the supply chain as well as groups that may not typically perform security investigations such as law firms, building infrastructure maintenance and services, accounting firms, or even catering. Third-party risk is also posed by business partners and subsidiaries as well as the vendors that they work with. More
Also known as cyber threat intelligence (CTI), this is information an organization uses to understand the occurrence and assessment of cyber and physical threats. Threat intelligence solutions gather raw data on emerging or existing threats from a number of sources. More
A true negative occurs in cybersecurity when a negative detection occurs in a situation where there is a negative condition. In other words when an intrusion detection system (IDS) successfully ignores acceptable behaviour, or a vulnerability assessment detects no vulnerability in non-vulnerable software, or in attack surface management the platform or process ignores assets that are unrelated to an attack surface. More
A true positive occurs in cybersecurity when a positive detection occurs in a situation where there is an alert or problem condition. In other words when an intrusion detection system (IDS) successfully detects suspicious behaviour, or a vulnerability assessment detects vulnerable software, or in attack surface management when the platform or process finds assets that are related to an attack surface. More
The phrase “unknown unknowns” was popularized by former United States Secretary of Defense Donald Rumsfeld, and has its origins in psychological research. More
A vulnerability is a weakness or issue within a system, software, or application that could be exploited by a malicious party or hacker to gain unauthorized access to an organization. More
Vulnerability management (VM) is the process of identifying, categorizing, and remediating security vulnerabilities to proactively defend against threats. More
A vulnerability scanner is a tool that inspects applications, systems, networks, and software for potential vulnerabilities and compares details about the assets encountered to a database of information about known security holes in those assets that may involve services and ports, anomalies in packet construction, and potential paths to exploitable programs or scripts. More
A web application firewall (WAF) is a security device that protects web applications from a variety of attacks, including SQL injection, cross-site scripting (XSS), and distributed denial-of-service (DDoS) attacks. More
Also known as a web app, a web application is software running on a web server that is accessed by users via a browser called a client. Google Docs is a common example of a web application. More
A query and response protocol commonly used for querying databases storing registered users or assignees of internet resources. This includes information on the owners of a domain name, IP address block, or autonomous system. The response is delivered in a human-readable format, the current iteration of which was drafted by the Internet Society. More
Zero Trust is a model for security centered on the belief that organizations should not automatically trust anything, whether inside or outside their network perimeters. More
