Comprehensive definitions of security terms, frameworks, and methodologies used in penetration testing, compliance, and DevSecOps.
Consensus-based, best-practice security configuration guides developed by the Center for Internet Security. CIS Benchmarks provide specific hardening recommendations for operating systems (Windows, Linux, macOS), cloud platforms (AWS, Azure, GCP), network devices, and applications to reduce attack surface and improve security posture.
A service model providing strategic security leadership without hiring a full-time Chief Information Security Officer. vCISO services include executive-level security guidance, risk management, compliance oversight, security program development, vendor assessments, and board-level reporting at a fraction of the cost of a full-time executive.
A security testing methodology that analyzes running applications for vulnerabilities by simulating attacks against live systems. DAST tools test applications from the outside (black-box testing), identifying issues like SQL injection, XSS, authentication flaws, and configuration errors that appear during runtime.
The practice of integrating security testing and practices throughout the software development lifecycle, making security a shared responsibility among development, security, and operations teams. DevSecOps involves automated security testing (SAST, DAST), dependency scanning, infrastructure-as-code security, secrets management, and continuous monitoring in CI/CD pipelines.
A revolutionary Linux kernel technology enabling programs to run sandboxed in the kernel without modifying source code or loading kernel modules. In security, eBPF powers next-generation observability, networking (Cilium), and runtime security tools with minimal performance overhead, enabling deep visibility into system behavior.
An extension of DevSecOps that focuses specifically on securing Git-based workflows, repositories, and CI/CD pipelines. GitSecOps practices include branch protection, signed commits, secrets scanning, pre-commit hooks for security checks, secure GitHub Actions/GitLab CI configurations, and supply chain security measures.
An Active Directory attack technique where adversaries request service tickets for accounts with Service Principal Names (SPNs), then crack the ticket's encryption offline to reveal the service account password. Successful Kerberoasting often leads to privilege escalation, as service accounts frequently have elevated permissions.
Post-exploitation technique where attackers move through a network from system to system after initial compromise, seeking to access additional resources, escalate privileges, and reach high-value targets. Common techniques include Pass-the-Hash, Pass-the-Ticket, remote services exploitation, and internal reconnaissance.
A globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. MITRE ATT&CK provides a common language for describing attacker behavior across the kill chain, enabling threat modeling, detection engineering, red team operations, and security gap analysis. It covers Enterprise, Mobile, and ICS environments.
A simulated cyberattack performed by security professionals to identify vulnerabilities in systems, networks, and applications before real attackers can exploit them. Unlike vulnerability assessments, penetration testing involves active exploitation to demonstrate real-world attack impact, including chaining vulnerabilities, privilege escalation, and data exfiltration.
An attack technique where adversaries gain higher-level permissions than initially obtained, typically moving from standard user access to administrator or root privileges. Vertical escalation increases access on the same system; horizontal escalation accesses other accounts at the same level. Common vectors include misconfigurations, unpatched vulnerabilities, and credential theft.
A security testing methodology that analyzes source code, bytecode, or binaries for security vulnerabilities without executing the application. SAST tools (like Semgrep, Bearer, SonarQube) identify issues early in development including SQL injection, XSS, insecure cryptography, and hardcoded secrets.
A formal, machine-readable inventory of software components and dependencies used in building an application. SBOMs enable vulnerability tracking, license compliance, and supply chain security by documenting exactly what code comprises a software product. Formats include SPDX and CycloneDX.
A generic signature format for SIEM systems enabling portable detection rules across different platforms. SIGMA rules describe suspicious patterns in log data (Windows events, web server logs, etc.) and can be converted to queries for Splunk, Elastic, Microsoft Sentinel, and other security tools.
A security framework for ensuring the integrity of software artifacts throughout the supply chain. SLSA provides incremental levels (1-4) of assurance covering source integrity, build integrity, and provenance, helping organizations prevent tampering, improve reproducibility, and verify artifact authenticity.
A compliance framework developed by AICPA that evaluates how organizations manage customer data based on five Trust Service Criteria: security, availability, processing integrity, confidentiality, and privacy. SOC2 Type I assesses control design; Type II assesses operational effectiveness over time. Essential for SaaS companies and service providers.
A pattern-matching tool used primarily for malware identification and classification. YARA rules describe patterns (strings, byte sequences, conditions) to identify malware families, suspicious files, or indicators of compromise. Widely used in threat intelligence, incident response, and endpoint detection.
A security model based on the principle "never trust, always verify" that requires strict identity verification for every person and device attempting to access resources, regardless of network location. Zero Trust eliminates implicit trust, implements least-privilege access, assumes breach, and continuously validates security posture through microsegmentation and strong authentication.
Our team can help you implement these security practices. Get started with a consultation.
Contact Us