Security Glossary

A standards list from the non-profit Open Worldwide Application Security Project representing a broad consensus about the most critical security risks to web applications.

Software that is released with a license allowing anyone to view, modify, and distribute the source code.

A tool that automates the process of installing, upgrading, configuring, and removing software packages.

The process of distributing and applying updates to software to fix vulnerabilities and improve functionality.

A simulated cyberattack against an application to identify security weaknesses that could be exploited by malicious actors.

Information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context.

A type of attack where malicious input is crafted to manipulate or alter the behavior of an AI system, particularly those using natural language processing (NLP) models.

The history and origin of software components, tracking their creation, modification, and distribution.

The act of following relevant laws, regulations, and guidelines set by governing bodies to operate within legal frameworks.

A set of standards and principles that guide the operations and governance of an organization within its industry.

The process of correcting or mitigating identified security vulnerabilities to protect applications from potential threats.

The amount and type of risk that an organization is willing to take in order to meet their strategic objectives.

The systematic process of evaluating potential risks that may be involved in a projected activity or undertaking.

The process of identifying, assessing, and prioritizing risks followed by coordinated efforts to minimize, monitor, and control the impact of unfortunate events.

The steps taken by an organization to reduce the impact and likelihood of a risk occurring.

The process of evaluating and assigning a score to vulnerabilities based on their severity, exploitability, and potential impact on the organization.

Navigate risk-based vulnerability management with AppSOC. Our glossary aids in understanding threat intelligence and vulnerability prioritization.

Guidance for developers on the most dangerous software errors of the Common Weakness Enumeration (CWE) list that have been found web applications.

A continuous process, often initiated early in SDLC, to review security controls present within the architecture of a system or application.

A comprehensive evaluation of an application's security posture, including vulnerability scans, penetration tests, and compliance checks.

A set of minimum security standards and configurations that must be met to ensure an acceptable level of security for applications.