Cybersecurity Glossary

CVE (Common Vulnerabilities and Exposures) is a standardized identifier system for publicly known cybersecurity vulnerabilities.

A Man-in-the-Middle (MITM) attack occurs when an attacker secretly intercepts and relays communication between two parties who believe they are communicating directly.

The OWASP Top 10 is a standard awareness document for web application security listing the most critical security risks to web applications.

Penetration testing is an authorized simulated cyberattack on a system to evaluate security by attempting to exploit vulnerabilities.

Phishing is a social engineering attack using fraudulent emails or messages disguised as legitimate sources to steal credentials or install malware.

Ransomware is malicious software that encrypts victim files and demands payment (ransom) for the decryption key.

Social engineering is the psychological manipulation of people into divulging confidential information or performing actions that compromise security.

SQL injection is a code injection technique where malicious SQL statements are inserted into an input field to manipulate the database.

Zero trust is a security framework requiring strict identity verification for every user and device attempting to access resources, regardless of network location.

A zero-day vulnerability is a software security flaw unknown to the vendor with no available patch at the time of discovery.