Security Glossary

Plain-language definitions for the terms you'll encounter in attack surface management.

A

Admin Panel: An admin panel is a web-based management interface that provides administrative control over a server, application, database, or network device.

Certificate Transparency Logs: Certificate Transparency (CT) logs are public, append-only records of TLS certificates issued by certificate authorities, enabling domain owners to detect unauthorised certificate issuance.
Cipher Suite: A cipher suite is a named combination of cryptographic algorithms used to secure a TLS connection, specifying the key exchange, authentication, encryption, and message integrity methods.
CSP: Content-Security-Policy (CSP) is an HTTP response header that restricts which content sources a browser may load on a page, preventing cross-site scripting and data injection attacks.
CVE: Common Vulnerabilities and Exposures—a unique identifier for publicly disclosed security vulnerabilities, maintained by MITRE and scored by the NVD.
CVSS: Common Vulnerability Scoring System—a standardised framework assigning severity scores (0.0–10.0) to security vulnerabilities based on exploitability and impact.

DKIM: DKIM (DomainKeys Identified Mail) is an email authentication method that uses cryptographic signatures to verify that an email was sent by an authorised server and was not modified in transit.
DMARC: DMARC (Domain-based Message Authentication, Reporting, and Conformance) is a DNS-based email policy that uses SPF and DKIM to prevent domain spoofing and provides reporting on authentication results.

HSTS: HTTP Strict Transport Security (HSTS) is a security header that forces browsers to connect to a site exclusively over HTTPS, preventing protocol downgrade and SSL stripping attacks.

Login Fingerprinting: Login fingerprinting is the technique of identifying the software behind a login page by analysing its HTML structure, HTTP headers, favicon, and other response characteristics.

Nuclei: Open-source vulnerability scanner by ProjectDiscovery using YAML-based templates to detect CVEs, misconfigurations, and exposures in web applications and services.

Service Fingerprinting: Service fingerprinting identifies the specific software and version running on an open network port by analysing protocol responses, banners, and behavioural characteristics.
Shadow IT: Shadow IT is technology assets - servers, applications, SaaS tools, and cloud instances - deployed within an organisation without the knowledge or approval of IT and security departments.
SPF: SPF (Sender Policy Framework) is a DNS TXT record that specifies which mail servers are authorised to send email for a domain, helping prevent email spoofing.
Subdomain Takeover: A subdomain takeover is an attack where an attacker claims an external resource (S3 bucket, Heroku app) that a subdomain's DNS still references, gaining control of the subdomain.

TCP Port: A TCP port is a numbered endpoint (0-65535) on a networked device that identifies a specific service or application. Open TCP ports accept incoming connections from other systems.
TLS: TLS (Transport Layer Security) is a cryptographic protocol that encrypts data transmitted between a client and server, protecting against eavesdropping and tampering. It is the successor to SSL.

X-Frame-Options: X-Frame-Options is an HTTP header that controls whether a page can be embedded in frames (iframe, frame, embed, object), preventing clickjacking attacks.