Attacks & Vulnerabilities
| Acronym | Full Name | Description |
|---|---|---|
| CVE | Common Vulnerabilities and Exposures | Standardized identifier for publicly disclosed security vulnerabilities |
| CSRF | Cross-Site Request Forgery | Attack that tricks a user’s browser into making unintended requests |
| DoS | Denial of Service | Attack that makes a service or network unavailable |
| IDOR | Insecure Direct Object References | Web flaw where access control on object references is missing |
| RCE | Remote Code Execution | Vulnerability allowing an attacker to run arbitrary code remotely |
| SMBGhost | — | Critical SMBv3 vulnerability (CVE-2020-0796) |
| SQLi | SQL Injection | Attack that injects malicious SQL into a query |
| SSRF | Server-Side Request Forgery | Attack that causes the server to make requests on the attacker’s behalf |
| TOCTOU | Time-Of-Check-To-Time-Of-Use | Race-condition vulnerability class |
| XSS | Cross-Site Scripting | Attack that injects malicious scripts into web pages viewed by other users |
| A08 | OWASP Top 10 – A08 | Software & Data Integrity Failures category in the OWASP Top 10 |
Defense & Controls
| Acronym | Full Name | Description |
|---|---|---|
| ACL | Access Control List | List defining which users/systems have which permissions |
| AES | Advanced Encryption Standard | Symmetric encryption algorithm widely used today |
| ASLR | Address Space Layout Randomization | Memory protection that randomizes process memory locations |
| DAC | Discretionary Access Control | Access control where the resource owner sets permissions |
| DEP / NX | Data Execution Prevention / No-Execute | Prevents code execution in data memory regions |
| FIM | File Integrity Monitoring | Detects unauthorized changes to files |
| MFA | Multi-Factor Authentication | Authentication requiring two or more independent factors |
| SELinux | Security-Enhanced Linux | Linux kernel security module enforcing mandatory access control |
| SUID / SGID | Set User ID / Set Group ID | Unix permission bits that run a file with the owner’s privileges |
| TCB | Trusted Computing Base | Set of hardware/software critical to a system’s security |
| VPN | Virtual Private Network | Encrypted tunnel protecting traffic over an untrusted network |
| WAF | Web Application Firewall | Filters malicious HTTP traffic before it reaches an application |
| ZTA | Zero Trust Architecture | ”Never trust, always verify” security model |
| CSP | Content Security Policy | HTTP header that restricts resources a browser can load |
| HMAC | Hash-based Message Authentication Code | Cryptographic MAC using a hash function and secret key |
| SHA-256 | Secure Hash Algorithm 256-bit | Cryptographic hash function producing a 256-bit digest |
| SSL | Secure Sockets Layer | Predecessor to TLS; largely deprecated |
| TLS | Transport Layer Security | Cryptographic protocol securing communications over a network |
Networking
| Acronym | Full Name | Description |
|---|---|---|
| ARP | Address Resolution Protocol | Maps IP addresses to MAC addresses on a local network |
| AS | Autonomous System | Independently administered network on the Internet |
| BGP | Border Gateway Protocol | Routing protocol used between autonomous systems on the Internet |
| DHCP | Dynamic Host Configuration Protocol | Automatically assigns IP addresses to devices on a network |
| DNS | Domain Name System | Translates domain names to IP addresses |
| FTP | File Transfer Protocol | Protocol for transferring files between hosts |
| HTTP | Hypertext Transfer Protocol | Core application-layer protocol of the web |
| HTTPS | Hypertext Transfer Protocol Secure | HTTP protected by TLS |
| ICMP | Internet Control Message Protocol | Used for diagnostic messages (e.g., ping) |
| IP | Internet Protocol | Network-layer protocol for packet delivery |
| IPv4 | Internet Protocol version 4 | 32-bit IP addressing scheme |
| LAN | Local Area Network | Network covering a limited area (home, office, campus) |
| MAC | Media Access Control | Hardware address of a network interface |
| NAT | Network Address Translation | Rewrites private IP addresses to public ones at a router |
| NFC | Near Field Communication | Short-range wireless communication standard |
| P2P | Peer-to-Peer | Network architecture without a central server |
| PSTN | Public Switched Telephone Network | Traditional circuit-switched telephone infrastructure |
| RFID | Radio-Frequency Identification | Technology using radio waves to identify tags/objects |
| SMTP | Simple Mail Transfer Protocol | Protocol for sending email |
| SSH | Secure Shell | Protocol for secure remote login and command execution |
| STUN | Session Traversal Utilities for NAT | Protocol to discover public IP/port behind a NAT |
| TCP | Transmission Control Protocol | Connection-oriented, reliable transport protocol |
| TCP/IP | Transmission Control Protocol / Internet Protocol | Core protocol suite of the Internet |
| Tor | The Onion Router | Anonymity network routing traffic through multiple relays |
| TTL | Time To Live | Limits the lifespan of data in a network or cache |
| UDP | User Datagram Protocol | Connectionless, low-latency transport protocol |
| UPnP | Universal Plug and Play | Protocol for automatic network device discovery |
| WAN | Wide Area Network | Network spanning large geographic areas |
Authentication & Identity
| Acronym | Full Name | Description |
|---|---|---|
| DKIM | DomainKeys Identified Mail | Email authentication via cryptographic signatures |
| DMARC | Domain-based Message Authentication, Reporting and Conformance | Email policy framework combining SPF and DKIM |
| JWT | JSON Web Token | Compact, URL-safe token for transmitting claims |
| OAuth 2.0 | Open Authorization 2.0 | Authorization framework for delegated access |
| PII | Personally Identifiable Information | Data that can identify a specific individual |
| SPF | Sender Policy Framework | Email authentication specifying authorized mail senders |
| SSN | Social Security Number | U.S. government-issued personal identifier |
Web & Application Security
| Acronym | Full Name | Description |
|---|---|---|
| API | Application Programming Interface | Interface for programmatic interaction between systems |
| BOLA | Broken Object Level Authorization | API equivalent of IDOR; missing authorization on object access |
| CRUD | Create, Read, Update, Delete | Standard set of data operations |
| DOM | Document Object Model | Browser’s tree representation of an HTML document |
| GraphQL | Graph Query Language | Query language and runtime for APIs |
| OWASP | Open Web Application Security Project | Non-profit focused on web application security |
| OWASP ZAP | OWASP Zed Attack Proxy | Open-source web application security scanner |
| REST | Representational State Transfer | Architectural style for distributed hypermedia systems |
Operating Systems & Platforms
| Acronym | Full Name | Description |
|---|---|---|
| BIOS | Basic Input/Output System | Firmware initializing hardware at boot |
| CLI | Command-Line Interface | Text-based interface for interacting with a system |
| GNU | ”GNU’s Not Unix” | Unix-compatible free software project |
| GUI | Graphical User Interface | Visual interface using windows, icons, and menus |
| HAL | Hardware Abstraction Layer | Software layer between hardware and the OS |
| KVM | Kernel-based Virtual Machine | Linux virtualization module |
| MMU | Memory Management Unit | Hardware component managing virtual-to-physical memory mapping |
| OS | Operating System | Software managing hardware resources and providing services |
| POSIX | Portable Operating System Interface | Unix compatibility standard |
| RTOS | Real-Time Operating System | OS designed for time-critical applications |
| SELinux | Security-Enhanced Linux | Mandatory access control framework for Linux |
| SUID / SGID | Set User ID / Set Group ID | Unix permission bits that run a file with elevated privileges |
| VM | Virtual Machine | Software emulation of a physical computer |
| VMM | Virtual Machine Monitor | Software layer managing virtual machines (a.k.a. Hypervisor) |
| WSL | Windows Subsystem for Linux | Compatibility layer running Linux binaries on Windows |
Cloud & Infrastructure
| Acronym | Full Name | Description |
|---|---|---|
| AWS | Amazon Web Services | Amazon’s cloud computing platform |
| EC2 | Elastic Compute Cloud | AWS virtual server service |
| IaaS | Infrastructure as a Service | Cloud model providing virtualized compute resources |
| ICS | Industrial Control Systems | Systems controlling industrial processes and infrastructure |
| ISP | Internet Service Provider | Company providing Internet connectivity |
| IX / IXP | Internet Exchange / Internet Exchange Point | Physical infrastructure where networks exchange traffic |
| MSP | Managed Service Provider | Company managing IT services on behalf of clients |
Intelligence & Monitoring
| Acronym | Full Name | Description |
|---|---|---|
| EXIF | Exchangeable Image File Format | Metadata embedded in image files (location, device, time) |
| OSINT | Open Source Intelligence | Intelligence gathered from publicly available sources |
| RTT | Round-Trip Time | Time for a packet to travel to a destination and back |
Shell & CLI Commands
| Acronym / Command | Full Name | Description |
|---|---|---|
cp | copy | Copies files or directories |
df | Disk Free | Shows available disk space |
dirb | Directory brute-forcer | Web content scanner for hidden directories |
du | Disk Usage | Shows disk space used by files/directories |
mv | move | Moves or renames files |
nc | netcat | Reads/writes data across network connections |
nmap | Network Mapper | Network discovery and security auditing tool |
| NSE | nmap Scripting Engine | Nmap’s built-in scripting framework |
ps | process status | Lists running processes |
pwd | Print Working Directory | Shows the current directory path |
rm | remove | Deletes files or directories |
sed | stream editor | Filters and transforms text streams |
sudo | superuser do | Runs a command with elevated (root) privileges |
tar | Tape ARchive | Creates and extracts archive files |
tr | translate | Translates or deletes characters in a stream |
| Bash | Bourne Again SHell | Default shell on most Linux distributions |
| Zsh | Z Shell | Extended Bourne shell with many improvements |
Miscellaneous
| Acronym | Full Name | Description |
|---|---|---|
| ASCII | American Standard Code for Information Interchange | 7-bit character encoding standard |
| CTF | Capture The Flag | Cybersecurity competition format |
| GDPR | General Data Protection Regulation | EU data privacy regulation |
| HITL | Human in the Loop | AI safety pattern requiring human review of decisions |
| LLM | Large Language Model | AI model trained on large text corpora |
| NVD | National Vulnerability Database | U.S. government database of known vulnerabilities |
| UUID | Universally Unique Identifier | 128-bit identifier designed to be globally unique |
| UTF-8 | Unicode Transformation Format, 8-bit | Variable-width character encoding for Unicode |