Additional Terminology

Comp Sci

Buffer Overflow Attacks

A buffer overflow attack typically involves violating programming languages and overwriting the bounds of the buffers they exist on.

Cross-site Scripting (X-SS)

Cross-site scripting (XSS) is a web security issue that sees cyber criminals execute malicious scripts on legitimate or trusted websites.

Exploit Development

To use someone or something unfairly for your own advantage: Laws exist to stop companies exploiting their employees

Hacker

A hacker is a person who breaks into a computer system.

IP Address

An IP address is like a digital street address for your device (phone, computer, etc.) on the internet, a unique set of numbers (e.g., 192.168.0.1) that lets other devices find it, send data to it, and receive information from it, making online communication possible.

Malware

Malware (malicious software) is any bad program that secretly invades your device to steal data, spy on you, lock your files (ransomware), or just mess things up, often for money or sabotage.

Network Mapping

Network mapping is the process of visually representing network structure, including devices, connections and data flow, to help IT teams analyze, monitor and manage network performance effectively.

Network Scanning

Network scanning is a process used to identify active devices (hosts), services running on them, and other details about the system and network.

Network Topology

A network topology is the physical and logical arrangement of nodes and connections in a network.

Open-source Intelligence (OSINT)

Open Source Intelligence (OSINT) is the practice of collecting, analyzing, and extracting valuable insights from publicly available information to produce actionable intelligence for decision-making.

OS Detection

Operating system (OS) detection is a feature in Nmap that remotely scans a target host and presents details of its operating system if there is a match.

Password Craking Tool

Password cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system.

Penetration Testing

Penetration testing (or pen testing) is a security exercise where a cyber-security expert attempts to find and exploit vulnerabilities in a computer system.

Port Scanning

A port scan is a common technique hackers use to discover open doors or weak points in a network.

Pretexting

Pretexting is a certain type of social engineering technique that manipulates victims into divulging information.

Response Plan

A response plan is a documented, step-by-step strategy outlining how an organization detects, acts upon, and recovers from emergencies or security incidents.

Search Engine Dorking

This is a technique using specialized search operators to find security vulnerabilities, sensitive data and hidden information indexed by search engines, that are not accessible by standard queries.

Security Posture Assessment

A security posture assessment is a structured, organization-wide evaluation of cybersecurity readiness.

Social Engineering Attacks

A security posture assessment is a structured, organization-wide evaluation of cybersecurity readiness.

SQL Injection

A web security vulnerability allows attackers to interfere with queries an application makes to the database.

System Forensics

System Forensics is the process of retrieving useful information from the Operating System (OS) of the computer or mobile device in question.

Testing: Black Box

Black box testing involves testing a system with no prior knowledge of its internal workings.

Testing: Grey Box

A gray box assessment is a structured evaluation based on the available knowledge of the system under test.

Testing: White Box

White box testing is an approach that allows testers to inspect and verify the inner workings of a software system.

Vishing (Voice Phishing)

Refers to fraudulent phone calls or voice messages designed to trick victims into providing sensitive information, like login credentials, credit card numbers, or bank details