-
FIND ALL YOUR CYBER SECURITY ANSWERS ON OUR WIKI PAGE
The Cert2Connect wiki for a clear overview of terminology and the many abbreviations in the cyber, cloud and software security landscape.
Checkmarx
-
Ansible
Read moreAnsible is an open-source automation tool that simplifies the management and configuration of IT infrastructure. It allows you to automate tasks, deploy applications, and manage systems in a more efficient and consistent way. Ansible uses a simple and human-readable language to define automation tasks, making it accessible to both developers and operations teams.
-
Application Security
Read moreApplication security is the practice of protecting computer applications from external security threats by using software, hardware, techniques, best practices and procedures. Application security encompasses the security considerations that take place during application development and design, as well as the systems and approaches to protect applications after they are deployed.
-
AppSec Awareness
Read moreAppSec Awareness is a term used to increase awareness of security in applications. It includes understanding the risks associated with developing, deploying and using software applications, as well as taking steps to mitigate those risks.
-
AWS CloudFormation
Read moreAWS CloudFormation is a service provided by Amazon Web Services (AWS) that enables you to provision and manage resources in an automated and consistent manner. It allows you to define your infrastructure as code using templates, making it easier to create, update, and delete AWS resources as part of your application deployment process.
-
AWS SAM
Read moreAWS SAM (Serverless Application Model) is an open-source framework provided by Amazon Web Services (AWS) to simplify the development, deployment, and management of serverless applications on AWS Lambda and other serverless services. SAM extends the capabilities of AWS CloudFormation to support the serverless paradigm, making it easier to define and manage serverless resources as code.
-
Azure Boards
Read moreAzure Boards is a work tracking system provided by Microsoft Azure DevOps Services (formerly known as Visual Studio Team Services) that helps software development teams plan, track, and manage work efficiently. It is a comprehensive solution for Agile project management and enables teams to collaborate, track progress, and deliver high-quality software.
-
CI-server
Read moreA "CI server," also known as a "Continuous Integration server," is a software tool that automates the process of continuous integration in software development. It's a critical component of a CI/CD (Continuous Integration/Continuous Deployment) pipeline.
The CI server monitors the source code repository for changes and triggers automated build and testing processes whenever new code is pushed. It helps ensure that code changes are integrated smoothly, and it quickly detects integration issues and regressions.
-
CI/CD-pipeline
Read moreA "CI/CD pipeline" stands for "Continuous Integration/Continuous Deployment pipeline." It is a set of automated processes that help development teams build, test, and deploy software changes to production in a consistent and efficient manner. The pipeline encompasses a series of stages, from code integration and automated testing to deployment and monitoring.
-
Codebashing
Read more"Codebashing" refers to a cybersecurity training platform that focuses on teaching developers secure coding practices. It offers interactive and hands-on training modules designed to help developers understand and mitigate security vulnerabilities and threats in their code.
The platform provides real-world scenarios, challenges, and simulations to help developers learn how to identify and address potential security issues, such as cross-site scripting (XSS), SQL injection, and more. Codebashing aims to integrate security awareness directly into the software development process, empowering developers to write more secure code from the outset.
-
Compliance
Read moreCompliance is a term used to describe how well an organization complies with the laws and regulations that apply to it. Compliance means that an organization is aware of the risks it runs if it does not comply with the rules, and that it takes measures to limit or prevent those risks. Compliance helps an organization to protect its reputation, customer satisfaction and financial results.
-
Container Security
Read more"Container Security" refers to the practices and measures taken to secure containers and the applications running within them. Containers are lightweight, portable, and isolated environments that package an application along with its dependencies and runtime environment. Ensuring container security is essential to prevent unauthorized access, data breaches, and other security vulnerabilities.
-
Continuous Security Validation (CSV)
Read more"Continuous Security Validation" (CSV) refers to an approach in which a system's or organization's security measures and controls are continuously tested and evaluated to ensure consistent and effective protection.
Continuous security validation uses automated tools and techniques to regularly monitor and assess the security status of systems, networks, and applications. This includes simulating attacks, testing security measures and identifying potential weaknesses. By validating continuously, organizations can quickly respond to new threats, vulnerabilities and changes in IT infrastructure to ensure that security is maintained at all times.
-
Darkweb
Read moreThe "dark web" refers to a part of the internet that is not indexed by traditional search engines and is not easily accessible through regular web browsers. It is a subset of the broader "deep web," which includes any online content that is not indexed by search engines, such as private databases, password-protected websites, and more. The dark web is often associated with anonymity, privacy, and a certain level of illicit activity.
-
DAST
Read moreDynamic Application Security Testing (DAST) is a method of testing the security of an application while it is running and in use.
DAST uses automated tools to actively identify an application's security weaknesses while it is running and accessible through a web browser. The purpose of DAST is to find vulnerabilities that can be used by malicious people to gain access to sensitive information or to misuse the application.
DAST involves testing various security aspects of the application such as input validation, authentication and authorization, session management, and security configuration. By performing these tests, an organization can improve the security of their application and thus reduce the likelihood of security incidents. -
DEVOPS
Read moreDEVOPS is a method in the software development and IT industry. It is a combination of development (Dev) and operations (Ops) that automates and integrates the processes between software developers and IT teams. The goal of DEVOPS is to increase the speed and quality of software delivery.
DEVOPS promotes collaboration, transparency, and continuous improvement among all roles involved in the software development lifecycle (SDLC).
-
DevSecOps
Read moreDevSecOps is a development approach that integrates security ("Sec" for "Security") into the entire software development process ("Dev" for "Development") using operational ("Ops") principles.
-
Docker
Read moreDocker is an open-source platform that automates the deployment, packaging, and management of applications inside lightweight, portable containers. Containers provide a consistent environment for applications to run, ensuring that they can work seamlessly across different computing environments, from development to production.
-
General Data Protection Regulation (GDPR)
Read moreThe General Data Protection Regulation (GDPR) is an European privacy law that came into effect on May 25, 2018. The GDPR is designed to give individuals more control over their personal data and to regulate and harmonize the way organizations process and protect personal data.
-
GitHub
Read moreGitHub is a widely used web-based platform for version control and collaboration that enables developers to work together on software projects. It provides a range of tools and features to facilitate code sharing, collaboration, and project management.
-
GitLab
Read moreGitLab is a web-based platform for version control, continuous integration, and collaboration. Similar to GitHub, GitLab provides tools and features to help developers manage and collaborate on software projects, but it also includes built-in continuous integration and continuous deployment (CI/CD) capabilities.
-
Google Deployment Manager
Read moreGoogle Cloud Deployment Manager is a service provided by Google Cloud Platform (GCP) that allows you to define, deploy, and manage cloud resources using configuration files. It enables you to use Infrastructure as Code (IaC) principles to create and manage your cloud infrastructure in a consistent and repeatable manner.
-
Helm
Read moreHelm is an open-source package manager for Kubernetes, a container orchestration platform. It simplifies the deployment and management of applications and services in Kubernetes clusters by providing a way to define, package, and distribute Kubernetes resources as "charts." Helm charts encapsulate all the necessary components, configurations, and dependencies needed to deploy an application in a consistent and repeatable manner.
-
IAST
Read moreIAST stands for Interactive Application Security Testing. It is a technique used to test and improve the security of web applications. The technique analyzes the runtime behavior of a web application to detect potential security vulnerabilities, such as SQL injections and cross-site scripting. IAST works by injecting an agent into the runtime environment of the web application, which makes it possible to monitor and analyze the behavior of the application while it is running. The results of the analysis are used to improve the security of the application and to comply with certain security standards.
-
IDE
Read moreAn integrated development environment or IDE is computer software that supports a software developer in developing computer software. It consists of a number of components that together form a software suite.
-
Indirect Code Execution
Read moreIndirect code execution refers to executing code from an external source, such as an input file, database, or external API, rather than writing the code directly into the program.
It is important to understand the risks of indirect code execution because malicious external sources can inject code and perform malicious activities on the system where the code is executed. It is therefore important to validate and remediate the input before output to ensure the safety of the system.
-
Infrastructure as Code (IaC)
Read moreInfrastructure as Code (IaC) is a concept within software development and system administration where infrastructure configuration and provisioning are treated as programmable code. With IaC, system administrators and developers can define, deploy, and manage infrastructure resources, such as virtual machines, networks, storage, and more, using code.
-
Jira
Read moreJira is a popular issue and project tracking software developed by Atlassian. It is widely used by software development and project management teams to plan, track, and manage work in an organized and efficient manner.
-
Kubernetes
Read moreKubernetes, often abbreviated as "K8s," is an open-source container orchestration platform developed by Google. It automates the deployment, scaling, and management of containerized applications. Kubernetes provides a framework for managing and orchestrating containers in a clustered environment, making it easier to deploy and operate complex microservices architectures.
-
Malware
Read moreMalware is short for "malicious software" and is also referred to as "malicious software". It is software designed to harm computer systems, networks or mobile devices and can take various forms, such as viruses, trojans, spyware, ransomware and adware.
-
Microsoft ARM
Read moreMicrosoft ARM (Azure Resource Manager) is the cloud management service used in Microsoft Azure for provisioning and managing resources. It provides a unified way to create, update, and manage resources in Azure by grouping them into resource groups and enabling you to define their configurations as JSON templates.
-
OpenAPI 3.0
Read moreOpenAPI 3.0, also known as OpenAPI Specification (OAS) 3.0 or Swagger 3.0, is a standardized specification for defining and documenting RESTful APIs. It provides a way to describe the structure, behavior, and interactions of APIs, making it easier for developers to understand and use them.
-
OWASP
Read moreOWASP (Open Web Application Security Project) is an international non-profit organization dedicated to improving the security of software applications. OWASP aims to help organizations identify and mitigate security risks in their software applications.
-
Payment Card Industry Data Security Standard (PCI DSS)
Read moreThe Payment Card Industry Data Security Standard (PCI DSS) is a global security standard developed to ensure and enhance the security of payment card data. It is established by the Payment Card Industry Security Standards Council (PCI SSC), an organization founded by major credit card companies such as Visa, MasterCard, American Express, Discover, and JCB.
-
Repositories
Read moreIn the context of software development and version control, a repository (often abbreviated as "repo") is a centralized location or storage space where code, files, and other resources related to a project are stored and managed. Repositories are fundamental to modern software development practices and enable collaborative development, version tracking, and code management.
-
Sandbox
Read moreA sandbox is a closed and secure environment in which software can be tested without harming the system it is running on
-
SAST
Read moreSAST stands for Static Application Security Testing. It is a type of security test that analyzes the source code of an application to identify potential security vulnerabilities. SAST tools can analyze code for common security flaws such as buffer overflows, SQL injection, and cross-site scripting. The main advantage of SAST is that it can identify security vulnerabilities early in the development process, allowing developers to fix them before deploying the application. However, SAST has some limitations, such as the inability to identify certain types of security vulnerabilities, such as those that require runtime data.
-
SBOM
Read moreSBOM - Software Bill of Materials is a structured list of components used in building a piece of software. Just as a manufacturing bill of material lists all the parts and materials needed to make a product, an SBOM provides a comprehensive overview of all software components that make up a software application.
-
SCA
Read more"SCA" stands for "Static Code Analysis." It refers to the process of analyzing source code without executing it, typically as part of a software development or quality assurance process. Static code analysis tools examine the code for potential defects, vulnerabilities, code smells, and adherence to coding standards.
Static code analysis helps identify issues early in the development lifecycle, allowing developers to address them before the code is deployed or released. This approach can lead to improved code quality, reduced software vulnerabilities, and better maintainability.
-
SCM
Read more"SCM" stands for "Source Code Management." It refers to the practices and tools used to manage and control changes to source code during software development. SCM encompasses a set of processes and methodologies that help developers track, version, collaborate on, and maintain their codebase.
SCM includes features like version control, branching, merging, change tracking, and collaboration. It ensures that multiple developers can work on the same codebase simultaneously, manage different versions of the code, and coordinate their contributions effectively.
Popular SCM tools include Git, Subversion (SVN), Mercurial, and Perforce. These tools provide the infrastructure for versioning code, managing branches, and facilitating collaboration among development teams.
-
SDLC
Read moreSDLC stands for Software Development Life Cycle and is a process used in software development to ensure that the final product is of high quality and meets user needs. The SDLC process usually includes the following phases: planning, design, development, testing, implementation, and maintenance.
-
Security Posture Management
Read more"Security Posture Management" refers to the process of assessing, analyzing and managing an organization's overall security posture and controls. This includes identifying vulnerabilities, evaluating security controls and policies, and taking steps to improve and maintain overall security. The goal of security posture management is to increase an organization's resilience to cyberthreats and maintain a strong security posture.
-
Security-by-design
Read more"Security-by-design" is a principle and approach in which security considerations are integrated into every stage of the design and development process of software, systems, applications, or products. The goal of security-by-design is to ensure that security measures and safeguards are built into the foundation of a solution rather than added as an afterthought.
-
SQL injections
Read moreAn SQL injection is a vulnerability in a website or application that allows malicious users to enter and execute malicious SQL code through input fields or URL parameters. This allows them to access sensitive information or even manipulate the entire database of the website or application.
-
Terraform
Read moreTerraform is an open-source infrastructure as code (IaC) tool created by HashiCorp. It allows developers and operators to define and manage infrastructure resources using declarative configuration files. Terraform enables you to provision, manage, and update infrastructure components across various cloud providers and on-premises environments.
-
YAML
Read moreYAML (YAML Ain't Markup Language) is a human-readable data serialization format commonly used for configuration files, data exchange, and other structured text-based tasks. It is often used in software development for defining settings, configurations, and data structures in a clear and concise manner.