Skip to content
Macksofy Technologies
Reference

Cybersecurity Glossary

111plain-language definitions of the cybersecurity, testing, cloud, DFIR, and India & GCC compliance terms Macksofy works with every day — each linked to the service or audit it relates to.

Testing & Offensive Security

Testing & Offensive Security

VAPTVulnerability Assessment & Penetration Testing

VAPT combines a vulnerability assessment — automated scanning that finds weaknesses at breadth — with a penetration test that manually exploits them to prove real impact. Together they show both what is wrong and what an attacker could actually do.

Penetration Testing

Penetration testing is an authorized, simulated cyberattack in which testers safely exploit vulnerabilities in applications, networks, or cloud to demonstrate real business impact before criminals do. It is deeper and more manual than a vulnerability scan.

Vulnerability Assessment

A vulnerability assessment systematically identifies and ranks security weaknesses across systems using automated scanners and manual review. It prioritizes breadth of coverage over exploitation — it finds and rates issues but does not prove they are exploitable.

Purple Team

Purple teaming runs offensive (red) and defensive (blue) teams together so each simulated attack immediately becomes a validated detection improvement. It measures which techniques the SOC catches and closes the gaps, turning attack findings into lasting detection coverage.

Assumed Breach

Assumed breach is a testing model that starts from the premise an attacker is already inside — for example with a standard user account — and measures how far they can escalate and move. It tests internal controls rather than only the perimeter.

Privilege Escalation

Privilege escalation is the act of gaining higher permissions than initially granted — from a normal user to administrator or root. Vertical escalation raises privilege level; horizontal escalation takes over another account at the same level.

Lateral Movement

Lateral movement is how an attacker pivots from one compromised system to others across a network — reusing credentials, exploiting trust, or abusing remote-access tools — to reach high-value targets after an initial foothold.

Kerberoasting

Kerberoasting is an Active Directory attack that requests Kerberos service tickets and cracks them offline to recover the plaintext passwords of service accounts. It needs only a valid domain user and is a common path to privilege escalation.

Social Engineering

Social engineering manipulates people into revealing information or performing actions that weaken security — through phishing, pretexting, or impersonation. It targets human trust rather than technical flaws and is a leading cause of breaches.

Phishing

Phishing is a social-engineering attack that uses fraudulent emails, messages, or sites to trick victims into revealing credentials or installing malware. Spear phishing targets specific individuals; a phishing simulation safely tests staff resilience.

Bug Bounty

A bug bounty is a program that pays independent security researchers to responsibly report vulnerabilities they find in an organization's assets. It provides continuous, crowd-sourced testing but is unscoped and unscheduled, unlike a structured penetration test.

Command and ControlC2

Command and control (C2) is the infrastructure and channel an attacker uses to remotely manage compromised machines — issuing commands, moving data, and staging further attacks. Detecting C2 traffic is a core objective of a SOC.

Application & API Security

Application & API Security

OWASP API Security Top 10

The OWASP API Security Top 10 lists the most critical risks specific to APIs — led by broken object-level authorization (BOLA), broken authentication, and excessive data exposure. APIs need their own testing focus beyond the web Top 10.

API Security

API security protects the application programming interfaces that connect apps, mobile clients, and services from abuse — authorization flaws, authentication bypass, and data leakage. As APIs carry most modern traffic, they are a primary attack surface.

BOLA / IDORBroken Object-Level Authorization

BOLA (also called IDOR) is a flaw where an API or app lets a user access another user's data by changing an object identifier — because it checks authentication but not whether the requester owns that object. It is the top API security risk.

SSRFServer-Side Request Forgery

SSRF is a vulnerability where an attacker makes a server send requests to unintended destinations — often internal services or cloud metadata endpoints — turning the trusted server into a proxy. In cloud apps it can lead to credential theft and full compromise.

Cross-Site ScriptingXSS

Cross-site scripting (XSS) injects malicious scripts into web pages viewed by other users, running in their browser to steal sessions, credentials, or perform actions as them. Types include stored, reflected, and DOM-based XSS.

SQL InjectionSQLi

SQL injection inserts malicious SQL through unsanitized input so an attacker can read, modify, or delete database data — and sometimes execute commands. A classic, high-impact flaw prevented by parameterized queries.

CSRFCross-Site Request Forgery

CSRF tricks a logged-in user's browser into sending an unwanted authenticated request — for example transferring funds — by exploiting the browser's automatic inclusion of session cookies. Anti-CSRF tokens and SameSite cookies defend against it.

Broken Access Control

Broken access control means users can act outside their intended permissions — viewing others' data, reaching admin functions, or bypassing checks. It is the OWASP Top 10's number-one web risk and the root of BOLA/IDOR.

JWTJSON Web Token

A JSON Web Token is a signed, compact token that carries identity and claims between client and server for stateless authentication. Insecure signature verification, weak keys, or the 'none' algorithm are common JWT vulnerabilities in APIs.

OAuth 2.0

OAuth 2.0 is an authorization framework that lets an application access resources on a user's behalf without sharing their password, issuing scoped access tokens. Misconfigured redirect URIs and scopes are frequent sources of account-takeover flaws.

SAMLSecurity Assertion Markup Language

SAML is an XML-based standard for exchanging authentication and authorization data between an identity provider and a service, enabling single sign-on (SSO) for enterprises. Signature-wrapping and misconfiguration attacks can bypass it.

Secure Code Review

Secure code review manually inspects source code to find vulnerabilities black-box testing misses — hardcoded secrets, injection sinks, broken authorization, and unsafe crypto — often combined with SAST. It examines the code, not just the running app.

SASTStatic Application Security Testing

SAST analyzes an application's source code, bytecode, or binaries without running it, flagging insecure patterns early in development. It offers wide coverage but produces false positives and cannot see runtime behavior.

DASTDynamic Application Security Testing

DAST tests a running application from the outside, sending inputs to find vulnerabilities visible at runtime — like injection and misconfiguration — without access to source code. It complements SAST's code-level view.

IASTInteractive Application Security Testing

IAST instruments a running application to analyze code and data flow from the inside during testing, combining SAST's code visibility with DAST's runtime accuracy for fewer false positives. It runs within the app under test.

Related:SASTDAST

OWASP ASVSApplication Security Verification Standard

The OWASP ASVS is a detailed catalog of application security requirements and verification levels used to define scope and measure the rigor of an application security test. It turns 'is this app secure?' into checkable controls.

OWASP MASVSMobile Application Security Verification Standard

The OWASP MASVS defines security requirements for mobile apps — covering storage, cryptography, authentication, and platform interaction — and anchors mobile penetration test scopes for Android and iOS.

Prompt Injection

Prompt injection manipulates a large language model with crafted input so it ignores its instructions or performs unintended actions — leaking data or misusing connected tools. It is the top risk in the OWASP Top 10 for LLM Applications.

AI Security

AI security protects applications built on machine-learning and large-language models from risks like prompt injection, insecure output handling, data leakage, and agent/tool abuse, following the OWASP Top 10 for LLM Applications.

Detection, SOC & Response

Detection, SOC & Response

SOCSecurity Operations Center

A Security Operations Center is the team and facility that monitors an organization's security telemetry around the clock, detecting, investigating, and responding to threats — typically built around a SIEM and staffed by tiered analysts.

SIEMSecurity Information & Event Management

A SIEM collects, normalizes, and correlates logs and events from across an environment to detect threats, alert analysts, and support investigation and compliance. Wazuh, Microsoft Sentinel, and Splunk are common platforms.

SOARSecurity Orchestration, Automation & Response

SOAR platforms automate and orchestrate repetitive SOC tasks through playbooks — enriching alerts, containing hosts, and coordinating response — to cut mean time to respond and reduce analyst fatigue.

EDREndpoint Detection & Response

EDR is software on endpoints that continuously records activity, detects malicious behavior, and enables investigation and remote response — going beyond signature antivirus to catch fileless and behavioral attacks.

Related:XDRMDRSIEM

XDRExtended Detection & Response

XDR unifies detection and response across endpoints, network, cloud, email, and identity into one correlated platform, giving analysts a single view instead of siloed tools. It extends EDR beyond the endpoint.

Related:EDRMDR

MDRManaged Detection & Response

MDR is a service that delivers 24×7 threat detection, investigation, and active response using a provider's technology and analysts. Unlike a traditional MSSP, MDR emphasizes hands-on response, not just alerting.

MSSPManaged Security Service Provider

An MSSP outsources the operation of security controls — monitoring, device management, patching, and reporting — under SLAs. It provides broad coverage and alerting; MDR adds deeper, active threat response.

Threat Hunting

Threat hunting is the proactive search through telemetry for attackers who evaded automated detection, driven by hypotheses about adversary behavior. It finds threats before alerts fire and feeds new detections back to the SOC.

Detection Engineering

Detection engineering is the discipline of building, testing, and maintaining the rules and analytics a SOC uses to spot attacks — mapping coverage to frameworks like MITRE ATT&CK and tuning to cut false positives.

MITRE ATT&CK

MITRE ATT&CK is a globally used knowledge base of real-world adversary tactics and techniques, organized by attack stage. Teams use it to plan red-team operations, measure detection coverage, and communicate threats in a common language.

Threat IntelligenceCTI

Cyber threat intelligence is curated, actionable knowledge about the attackers, tools, and techniques targeting an organization or sector — turned into detections, blocklists, and risk decisions so defenders focus on relevant threats.

IOC / IOAIndicators of Compromise / Attack

Indicators of compromise (IOCs) are forensic artifacts — hashes, IPs, domains — showing a breach occurred; indicators of attack (IOAs) describe attacker behavior in progress. IOCs are reactive; IOAs enable earlier detection.

Zero Trust

Zero Trust is a security model that never assumes trust based on network location, instead continuously verifying every user, device, and request with least-privilege access and segmentation — so a stolen credential cannot roam freely.

IAM / PAMIdentity & Privileged Access Management

IAM governs who can access what across an organization; PAM specifically secures and monitors privileged (admin) accounts, the highest-value targets. Together they enforce least privilege and are foundational to Zero Trust.

Digital Forensics & Malware

Digital Forensics & Malware

DFIRDigital Forensics & Incident Response

DFIR combines incident response — containing and recovering from an active attack — with digital forensics, the investigation of what happened using preserved evidence. It covers ransomware, business email compromise, and Active Directory compromise.

Incident ResponseIR

Incident response is the structured process of preparing for, detecting, containing, eradicating, and recovering from a cyberattack, followed by lessons learned. A retainer gives an organization on-call responders before an incident hits.

Ransomware

Ransomware is malware that encrypts an organization's data and demands payment for decryption, often also stealing data to extort with the threat of leaking it (double extortion). It is among the most damaging and common enterprise threats.

Business Email CompromiseBEC

Business email compromise is a fraud in which attackers impersonate executives or vendors — often via a compromised or spoofed mailbox — to trick staff into transferring funds or data. It relies on social engineering, not malware.

Malware Analysis

Malware analysis reverse-engineers a suspicious file to determine what it does, how it spreads, and how to detect and remove it — using static, dynamic, and sandbox techniques — producing indicators of compromise and detection rules.

YARA

YARA is a pattern-matching tool and rule language used to identify and classify malware by textual or binary signatures. Analysts write YARA rules to detect malware families across files and memory.

Sandbox

A sandbox is an isolated, instrumented environment where suspicious files are detonated and observed safely, revealing their behavior without risking production systems. It underpins dynamic malware analysis.

Chain of Custody

Chain of custody is the documented, unbroken record of who handled digital evidence, when, and how — preserving its integrity so it is admissible and defensible. It is essential to forensic investigations and regulatory reporting.

Memory Forensics

Memory forensics analyzes a system's RAM to recover running processes, injected code, credentials, and network connections that never touch disk. It is vital for investigating fileless malware and live intrusions, using tools like Volatility.

Cloud & Infrastructure

Cloud & Infrastructure

Cloud Security

Cloud security protects workloads, data, and identities in AWS, Azure, and GCP against misconfiguration, over-permissive access, and exposure. Under the shared responsibility model the provider secures the cloud, and the customer secures what they run in it.

CSPMCloud Security Posture Management

CSPM continuously scans cloud accounts for misconfigurations and compliance drift — public storage, weak IAM, open ports — and reports or remediates them. It answers 'is our cloud configured securely?' at scale.

CNAPPCloud-Native Application Protection Platform

A CNAPP unifies cloud security capabilities — posture management, workload protection, and entitlement management — into a single platform spanning code to runtime. It consolidates CSPM, CWPP, and CIEM.

Related:CSPMCWPPCIEM

CWPPCloud Workload Protection Platform

A CWPP secures the running workloads themselves — virtual machines, containers, and serverless functions — with vulnerability scanning, hardening, and runtime threat detection across hybrid and multi-cloud environments.

CIEMCloud Infrastructure Entitlement Management

CIEM manages and right-sizes cloud identities and permissions, finding excessive or unused entitlements that widen the blast radius of a compromised account. It enforces least privilege across cloud IAM.

Kubernetes SecurityK8s

Kubernetes security hardens container orchestration — RBAC, network policies, admission control, and image scanning — against misconfiguration and container escape. Default-open settings make it a frequent source of cloud breaches.

Shared Responsibility Model

The shared responsibility model divides security duties between cloud provider and customer: the provider secures the underlying infrastructure, while the customer secures their data, identities, and configurations. Misunderstanding the line causes many cloud breaches.

Network Segmentation

Network segmentation divides a network into isolated zones so a breach in one cannot spread freely to others, enforced by firewalls, VLANs, and Zero Trust controls. It contains blast radius and is required by standards like PCI-DSS.

Vulnerability Management & Standards

Vulnerability Management & Standards

CVECommon Vulnerabilities & Exposures

A CVE is a unique public identifier (e.g. CVE-2024-12345) assigned to a specific disclosed vulnerability, giving everyone a common reference. The CVE list is the backbone of vulnerability tracking and advisories.

CVSSCommon Vulnerability Scoring System

CVSS is an open standard that scores a vulnerability's severity from 0 to 10 based on exploitability and impact, producing ratings from Low to Critical. It standardizes how findings are prioritized in reports.

Related:CVEEPSSCWE

CWECommon Weakness Enumeration

CWE is a community catalog of software and hardware weakness types — such as SQL injection or buffer overflow — that describe the root cause of vulnerabilities. Where a CVE is a specific instance, a CWE is the underlying class.

CAPECCommon Attack Pattern Enumeration

CAPEC is a catalog of common attack patterns describing how adversaries exploit weaknesses, complementing CWE's list of the weaknesses themselves. It helps model and defend against known attack techniques.

CPECommon Platform Enumeration

CPE is a standardized naming scheme for IT products, systems, and packages, used to match assets to the vulnerabilities (CVEs) that affect them. It underpins automated vulnerability correlation in scanners.

Related:CVECVSS

KEVKnown Exploited Vulnerabilities

The KEV catalog, maintained by the US CISA, lists vulnerabilities confirmed to be actively exploited in the wild. Prioritizing KEV entries focuses remediation on real, present risk rather than theoretical severity.

EPSSExploit Prediction Scoring System

EPSS estimates the probability that a vulnerability will be exploited in the near term, expressed as a percentage. Combined with CVSS severity, it helps teams prioritize the vulnerabilities most likely to actually be attacked.

Related:CVSSKEVCVE

SBOMSoftware Bill of Materials

An SBOM is a formal inventory of all components and dependencies in a piece of software, enabling rapid identification of which products are affected when a new vulnerability appears. SEBI CSCRF and other frameworks now mandate it.

Zero-Day

A zero-day is a vulnerability unknown to the vendor and without a patch, giving defenders zero days to prepare before it can be exploited. Zero-day exploits are highly valuable and dangerous until a fix ships.

Patch Management

Patch management is the process of identifying, testing, and deploying software updates that fix vulnerabilities within defined timelines. CERT-In mandates rapid patching of known-exploited flaws for Indian organizations.

Supply Chain Attack

A supply chain attack compromises an organization by first breaching a trusted third party — a software vendor, dependency, or service provider — then reaching downstream victims. SBOMs and vendor risk management reduce this exposure.

Third-Party / Vendor Risk

Third-party risk management assesses and monitors the security of vendors, cloud providers, and partners who can affect an organization's data or operations. RBI and SEBI require regulated entities to govern and audit their outsourced providers.

India Regulatory & Compliance

India Regulatory & Compliance

CERT-InIndian Computer Emergency Response Team

CERT-In is India's national nodal agency for cybersecurity incidents, under MeitY. It issues directions — including mandatory incident reporting and audit requirements — and empanels security auditors whose reports regulators accept.

CERT-In Empanelment

CERT-In empanelment is formal recognition of a security auditor by CERT-In, allowing its assessments to be accepted by RBI, SEBI, UIDAI, IRDAI, and other regulators without rework. Macksofy is a CERT-In empanelled auditor.

DPDP ActDigital Personal Data Protection Act, 2023

The DPDP Act is India's data-protection law governing how businesses collect and process personal data, mandating consent, breach notification, and data-principal rights. It applies to any organization handling Indian residents' personal data.

Data Fiduciary

Under the DPDP Act, a data fiduciary is any entity that determines the purpose and means of processing personal data — the equivalent of a controller under GDPR. It bears primary responsibility for protecting that data.

Significant Data FiduciarySDF

A Significant Data Fiduciary is a data fiduciary designated by the government as high-volume or high-risk under the DPDP Act, triggering extra duties — a Data Protection Officer, Data Protection Impact Assessments, and independent audits.

NCIIPC / CIINational Critical Information Infrastructure Protection Centre

NCIIPC protects India's Critical Information Infrastructure — systems whose failure would impact national security or the economy. Under IT Act §70, designated CII operators must meet defined security controls and audits.

IRDAI Cyber Security Guidelines

The IRDAI information and cyber security guidelines require insurers to run VAPT, appoint a CISO, and report incidents, protecting policyholder data and insurance systems under India's insurance regulator.

International & GCC Compliance

International & GCC Compliance

ISO/IEC 27001

ISO/IEC 27001 is the international standard for an Information Security Management System — a governed framework of policies, risk treatment, and controls with continuous improvement. Certification is a widely recognized proof of security maturity.

ISO/IEC 27701

ISO/IEC 27701 extends ISO 27001 into a Privacy Information Management System, operationalizing data-protection controls. It helps organizations evidence DPDP and GDPR compliance on top of an existing ISMS.

SOC 2

SOC 2 is an independent attestation that a service organization's controls meet the Trust Services Criteria — security, availability, confidentiality, processing integrity, and privacy. It is often required by US and global enterprise buyers.

PCI-DSSPayment Card Industry Data Security Standard

PCI-DSS is the mandatory security standard for any business that stores, processes, or transmits payment-card data, spanning network, encryption, access control, and testing. Version 4.0 introduced a flexible customized approach.

HIPAA

HIPAA is the US law setting requirements for protecting patient health information (PHI), relevant to Indian healthcare BPOs and health-tech serving US clients through administrative, physical, and technical safeguards.

GDPRGeneral Data Protection Regulation

GDPR is the EU regulation governing how organizations handle EU residents' personal data, with strict consent, transfer, and breach rules and heavy fines. Indian businesses serving EU customers must comply.

NIST CSFNIST Cybersecurity Framework

The NIST Cybersecurity Framework organizes security around six functions — Govern, Identify, Protect, Detect, Respond, Recover — as a flexible, risk-based benchmark used worldwide to assess and improve security maturity.

NESA / UAE IASUAE Information Assurance Standards

The UAE Information Assurance Standards, issued by NESA/SIA, mandate security controls for entities in critical sectors across management and technical domains. They are a baseline compliance requirement for UAE organizations.

ADHICSAbu Dhabi Healthcare Information & Cyber Security Standard

ADHICS sets mandatory security controls for healthcare entities in the Emirate of Abu Dhabi, protecting patient data and clinical systems. Hospitals, clinics, and health-tech operating there must comply.

DESC ISRDubai Electronic Security Center — Information Security Regulation

The DESC Information Security Regulation mandates security controls for Dubai government entities and their partners. Organizations working with the Dubai government must meet its requirements.

UAE PDPLPersonal Data Protection Law

The UAE PDPL (Federal Decree-Law 45/2021) governs personal-data processing across the Emirates, with consent, transfer, and breach requirements — the UAE's federal equivalent of GDPR and India's DPDP.

SAMA CSFSaudi Central Bank Cyber Security Framework

The SAMA Cyber Security Framework mandates graded controls and maturity for banks, insurers, and financial firms regulated by the Saudi Central Bank. It is a core compliance requirement for Saudi financial institutions.

NCA ECCEssential Cybersecurity Controls

Saudi Arabia's National Cybersecurity Authority Essential Cybersecurity Controls (ECC) are mandatory for government and critical-sector organizations, spanning governance, defence, resilience, and third-party domains.

OT / ICS Security

OT / ICS Security

OT SecurityOperational Technology

OT security protects the operational technology — the hardware and software that monitors and controls physical processes in factories, energy, and utilities. Unlike IT, it prioritizes safety and availability over patching, so testing must avoid disrupting live processes.

ICS / SCADAIndustrial Control Systems / Supervisory Control & Data Acquisition

ICS are the control systems that run industrial processes; SCADA is a type of ICS for remote monitoring and control across distributed sites. Both were built for reliability, not security, making them high-value targets for attackers.

IEC 62443

IEC 62443 is the leading international standard for industrial automation and control-system security, defining security levels, zones, and conduits to segment and protect OT environments. It anchors most OT security programs.

Purdue Model

The Purdue model is a reference architecture that layers industrial networks into levels — from physical process up to enterprise IT — to guide segmentation between OT and IT. Enforcing its boundaries limits how far an attack can spread.

Certifications

Certifications

OSCPOffensive Security Certified Professional

The OSCP is the industry's benchmark hands-on penetration-testing certification from OffSec, earned by compromising machines in a 24-hour proctored lab exam. It proves practical exploitation skill rather than multiple-choice knowledge.

CEHCertified Ethical Hacker

The CEH (EC-Council) is a foundational certification teaching the five phases of ethical hacking across a broad range of attack techniques, now with an AI track. It is widely requested in Indian job postings as an entry credential.

CHFIComputer Hacking Forensic Investigator

The CHFI (EC-Council) certifies the ability to detect and investigate cyberattacks and gather court-admissible digital evidence, covering the forensic process end to end. It suits DFIR and investigation roles.

CISSPCertified Information Systems Security Professional

The CISSP (ISC²) is a senior, management-oriented certification covering eight security domains, widely regarded as a benchmark for experienced security professionals and CISOs. It requires several years of relevant experience.

Related:CISMCISA

CISACertified Information Systems Auditor

The CISA (ISACA) certifies expertise in auditing, control, and assurance of information systems, held by many lead auditors on ISO 27001, RBI, and SEBI engagements. It is a standard credential for compliance-audit roles.

CISMCertified Information Security Manager

The CISM (ISACA) certifies information-security management and governance skills, aimed at those who design and oversee an enterprise security program. It is common among CISOs and vCISOs.

CERT-In Empanelled

Need one of these turned into an engagement?

From VAPT and red teaming to CERT-In, RBI, SEBI and DPDP audits — Macksofy delivers across India and the UAE.

Talk to us

Get a fixed-price proposal in 48 hours.

Tell us about your security need — pentest, audit, training or a wider engagement. A senior consultant will reply within a few business hours.

CERT-In Empanelled
Information Security Auditor · India
  • CERT-In Empanelled
  • EC-Council ATC · CompTIA Authorized
  • 20,000+ professionals trained
  • India + UAE engagements
Human verification· Cloudflare Turnstile

By submitting this form you agree to be contacted by Macksofy. We typically respond within a few business hours and never share your details. Protected by Cloudflare Turnstile and rate limiting.