Cybersecurity Glossary
Cybersecurity is the practice of protecting computers, networks, and data from unauthorized access, attacks, or damage. It involves a range of technologies, processes, and best practices designed to safeguard digital systems from cyber threats, such as hacking, malware, and data breaches. This glossary provides clear definitions of essential cybersecurity terms, helping users understand the key concepts and tools used to defend against these growing digital risks.
Various terms used in Advisories
Term | Meaning | Definition |
---|---|---|
CVE | Common Vulnerabilities and Exposures. | System that provides a reference method for publicly known information-security vulnerabilities and exposures. |
CVE ID | CVE Identifier | An alphanumeric string that identifies a Publicly Disclosed vulnerability. The format of the CVE ID is defined in the CVE Record Format. |
CWE | Common Weakness Enumeration | Category system for hardware and software weaknesses and vulnerabilities. Check the top 25 CWE of 2023. |
CNA | CVE Numbering Authority | An authorized entity with specific scope and responsibility to regularly assign CVE IDs and publish corresponding CVE Records. |
Fix | A change to software to remediate, mitigate, or otherwise address a vulnerability. “Fix” is used broadly and includes terms such as patch, fix, hotfix, update, and upgrade. | |
POC | proof of concept | A proof of concept is a prototype that demonstrates the viability of a vulnerabilty |
CVSS | Common Vulnerability Scoring System | A free and open industry standard for assessing the severity of computer system security vulnerabilities. |
SU | Super user | vulnerabilities accessible only under authentication (weak via unpredictable immutable token or strong via login / password or token with a limited lifespan) |
Type of vulnerability
All categories are available on NIST site.
Term | CWE | Meaning |
---|---|---|
SQLi | CWE-89 | SQL injection |
RCE | CWE-94 | Remote Code Execution |
XSS | CWE-79 | Cross-site Scripting |
SSRF | CWE-918 | Server-side request forgery |
XXE | CWE-611 | XML External Entity attack |
CSRF | CWE-352 | Cross-Site Request Forgery |