Glossary

Offensive security is a proactive approach that involves testing an organization’s security posture from the viewpoint of an adversary. The intent of offensive security is to validate that an organization’s security performs as intended. It can include activities such as ethical hacking and penetration testing to identify and remediate risks that a malicious party could exploit. By employing offensive security methods, security teams can act like attackers to help the organization uncover and eliminate paths of least resistance before attackers can exploit gaps.

Open-Source Intelligence (OSINT) refers to the collection and analysis of any information about an individual or organization that can be legally gathered from free, public sources. While much of the information comes from the internet and can include usernames, social networks profiles, IP addresses, and public records, it also includes data found in images, videos, webinars and public speeches. OSINT operations require no specialized skills and can be conducted by anyone including IT and security teams or attackers who use a variety of techniques to sift through visible data to find the opening they need.

The Open Web Application Security Project (OWASP) is an online non-profit community that aims to improve software security. Since 2003, OWASP has periodically published a Top 10 list of the most critical and common web application security risks. The data behind the list comes from many sources including security vendors, consultants, and organizations.