Comprehensive definitions of key cybersecurity terms, concepts, and techniques used by security professionals.
Practices and tools to protect Application Programming Interfaces from attacks and misuse.
A program where organizations reward security researchers for finding and reporting vulnerabilities.
An attack that forces authenticated users to submit unwanted requests to a web application.
A vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users.
Part of the internet only accessible through special software like Tor, often used for anonymous communication.
The process of converting data into a coded format to prevent unauthorized access.
A piece of software or technique that takes advantage of a vulnerability to cause unintended behavior.
The organized approach to addressing and managing the aftermath of a security breach.
Intelligence collected from publicly available sources for security research and investigations.
A standard awareness document listing the top 10 most critical web application security risks.
Authorized simulated cyberattack on a computer system to evaluate its security.
A cyberattack that uses disguised emails or websites to steal sensitive information.
Malware that encrypts files and demands payment for the decryption key.
A group that simulates real-world attacks to test an organization's security defenses.
Psychological manipulation techniques used to trick people into revealing confidential information.
A code injection technique that exploits security vulnerabilities in database queries.
Evidence-based knowledge about existing or emerging threats to inform security decisions.
A systematic process of identifying, quantifying, and prioritizing security vulnerabilities.
A security system that monitors and filters HTTP traffic to protect web applications.
A software vulnerability unknown to the vendor with no available patch.