ABAC |
Attribute-Based Access Control: A method of restricting access based on attributes such as user, resource, and environment. |
AI |
Artificial Intelligence: The simulation of human intelligence in machines that can perform tasks such as learning and problem-solving. |
CNAPP |
Cloud-Native Application Protection Platform: A security solution designed to protect cloud-native applications and infrastructure. |
CVE |
Common Vulnerabilities and Exposures: A list of publicly disclosed cybersecurity vulnerabilities. |
CVSS |
Common Vulnerability Scoring System: A standardized framework for rating the severity of security vulnerabilities. |
CWE |
Common Weakness Enumeration: A list of common software weaknesses that can lead to vulnerabilities. |
DAST |
Dynamic Application Security Testing: A method of testing applications in runtime to identify vulnerabilities. |
EDR |
Endpoint Detection and Response: A security solution focused on detecting and responding to threats on endpoint devices. |
GRC |
Governance, Risk, and Compliance: A framework for managing an organization's governance, risk management, and compliance with regulations. |
IAM |
Identity and Access Management: A framework for managing digital identities and controlling access to resources. |
IAST |
Interactive Application Security Testing: A security testing method that analyzes applications during runtime to identify vulnerabilities. |
IR |
Incident Response: The process of identifying, managing, and mitigating security incidents. |
MDM |
Mobile Device Management: A solution to manage and secure mobile devices used in an organization. |
MFA |
Multi-Factor Authentication: A security mechanism requiring multiple forms of verification to access a system. |
NIST |
National Institute of Standards and Technology: A U.S. government agency that develops cybersecurity standards and guidelines. |
OLA |
Operational Level Agreement: An agreement between internal teams to support the delivery of a service as defined in an SLA. |
OWASP |
Open Web Application Security Project: A nonprofit organization focused on improving the security of software. |
RASP |
Runtime Application Self-Protection: A security technology that monitors and protects applications during runtime. |
RBAC |
Role-Based Access Control: A method of restricting access to resources based on user roles. |
SARIF |
Static Analysis Results Interchange Format: A standardized format for the output of static analysis tools. |
SAST |
Static Application Security Testing: A method of analyzing source code for vulnerabilities without executing the application. |
SBOM |
Software Bill of Materials: A detailed list of components, libraries, and dependencies used in a software application. |
SCA |
Software Composition Analysis: A process to identify and manage open-source components and their vulnerabilities in software. |
SIEM |
Security Information and Event Management: A system that collects, analyzes, and manages security data from across an organization. |
SLA |
Service Level Agreement: A contract that defines the level of service expected between a provider and a customer. |
SOC |
Security Operations Center: A centralized team responsible for monitoring, detecting, and responding to security incidents. |
SSO |
Single Sign-On: A user authentication process that allows access to multiple systems with one set of credentials. |
TDR |
Threat Detection and Response: A process or solution for identifying and responding to security threats. |
XDR |
Extended Detection and Response: A security solution that integrates multiple security products into a unified platform for threat detection and response. |