Information security - The practice of protecting information by mitigating information risks
Vulnerability - A weakness which can be exploited by a threat actor
Threat - A potential negative action or event facilitated by a vulnerability
Shared Responsibility Model - A security and compliance framework that outlines the responsibilities of cloud service providers (CSPs) and customers for securing every aspect of the cloud environment
Malware - Any software intentionally designed to cause disruption to a computer, server, client, or computer network
Ransomware - A type of malware from cryptovirology that threatens to publish the victim's personal data or perpetually block access to it unless a ransom is paid
Social engineering - The psychological manipulation of people into performing actions or divulging confidential information
Phishing - A type of social engineering where an attacker sends a fraudulent message designed to trick a person into revealing sensitive information
Business Email Compromise (BEC) - A type of phishing attack in which an attacker impersonates a high-level executive and attempts to trick an employee or customer into transferring money or sensitive data
Infostealer - A type of Trojan horse designed to gather information from a system
Think before you Click(Fix) - A social engineering technique that tricks users into running malicious commands on their devices by taking advantage of their target's tendency to solve minor technical issues
Attack Simulation Tools
Evilginx - A man-in-the-middle attack framework used for phishing login credentials along with session cookies
Zero trust security model - An approach to the design and implementation of IT systems where trust is never granted implicitly and verification is required for everyone
All data sources and computing services are considered resources.
All communication is secured regardless of network location.
Access to individual enterprise resources is granted on a per-session basis.
Access to resources is determined by dynamic policy and may include other behavioral and environmental attributes.
The enterprise monitors and measures the integrity and security posture of all owned and associated assets.
All resource authentication and authorization are dynamic and strictly enforced before access is allowed.
The enterprise collects as much information as possible about the current state of assets, network infrastructure and communications and uses it to improve its security posture.
Mutual authentication - A process in which both parties in a communications link authenticate each other
Control-flow integrity - A general term for computer security techniques that prevent a wide variety of malware attacks from redirecting the flow of execution of a program
Symmetric-key algorithm - Algorithms for cryptography that use the same cryptographic keys for both the encryption of plaintext and the decryption of ciphertext
Block Cipher
AES - A specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001
Salsa20 ChaCha - A variant of Salsa20 that increases the diffusion per round while achieving the same or slightly better performance
MAC (Message Authentication Code)
HMAC - A specific type of message authentication code (MAC) involving a cryptographic hash function and a secret cryptographic key
Modes of Operation
CBC (Cipher block chaining) - A mode of operation for a block cipher where a block of plaintext is XORed with the previous ciphertext block before being encrypted
GCM (Galois/Counter Mode) - A mode of operation for symmetric-key cryptographic block ciphers which is widely adopted for its performance
CCM - A mode of operation for cryptographic block ciphers designed to provide both authentication and confidentiality
Elliptic-curve Diffie-Hellman - A key agreement protocol that allows two parties to establish a shared secret over an insecure channel
Encryption Scheme
RSAES-PKCS1-v1_5, RSAES-OAEP
Signature Scheme
RSASSA-PKCS1-v1_5, RSASSA-PSS, DSA, ECDSA
Key format
PKCS #1: RSA Cryptography Specifications - A standard that provides the basic definitions of and recommendations for implementing the RSA algorithm for public-key cryptography
Public Key Infrastructure (PKI) - A set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates
Domain Control Validation - A process used by certificate authorities (CAs) to verify that the person or organization requesting a certificate has control over the domain(s) listed in the certificate
Trust Stores
Certifi - A carefully curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts
Public key certificate - An electronic document used to prove the validity of a public key
Domain Validated (DV)
Organization Validated (OV)
Extended Validation (EV)
Let's Encrypt - A nonprofit Certificate Authority providing TLS certificates
certbot - A free, open source software tool for automatically using Let's Encrypt certificates on manually-administrated websites to enable HTTPS
lego - A Let's Encrypt client and ACME library written in Go
Pretty Good Privacy (PGP) - A data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication
OpenPGP - A non-proprietary protocol for exchanging public keys and encrypted messages
Identity management - A framework of policies and technologies for ensuring that the proper people in an enterprise have the appropriate access to technology resources
Self-hosted IAM Platforms
FusionAuth CE - The self-hosted, community supported version of FusionAuth
KeyCloak - An open source identity and access management solution
FreeIPA - An integrated security information management solution combining Linux, 389 Directory Server, MIT Kerberos, NTP, DNS, and a certificate system
Cloud IAM Services
Microsoft Entra ID - A cloud-based identity and access management service
AWS IAM - A service that helps you securely control access to AWS resources
Amazon Cognito - A service that lets you add user sign-up, sign-in, and access control to your web and mobile apps
Auth0 - A flexible, drop-in solution to add authentication and authorization services to your applications
Directory service - A service that maps the names of network resources to their respective network addresses
LDAP - An open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services
OpenLDAP - An open source implementation of the Lightweight Directory Access Protocol
389 Directory Server - A free and open source software project developed by Red Hat for Linux systems
Authentication - The act of proving an assertion, such as the identity of a computer system user
Protocols & Standards
OpenID Connect - A simple identity layer on top of the OAuth 2.0 protocol
SAML - A standard for logging users into applications
WS-Federation - A specification that defines mechanisms used to broker trust and manage identities, attributes and authentication between participating Web services
FIDO2 (WebAuthn, CTAP, Passkeys) - A set of specifications that enables users to leverage common devices to easily and securely authenticate to online services
Relying party - The website or online service that wants to verify a user's identity (e.g., your bank's website)
Authenticator - The device or software that securely stores cryptographic keys and performs authentication for the user.
Client - The software on the user's device, typically a web browser or operating system component, that communicates between the Relying Party and the Authenticator.
WebAuthn - An API for accessing Public Key Credentials
CTAP - A protocol that enables an external authenticator to communicate with a client platform
Passkeys - A phishing-resistant replacement for passwords
SPIFFE - The Secure Production Identity Framework for Everyone
Kerberos - A computer network authentication protocol that works on the basis of tickets
Credentials & Tokens
Basic authentication - A method for an HTTP user agent to provide a username and password when making a request
JSON Web Token (JWT) - An Internet standard for creating data with optional signature and/or optional encryption whose payload holds JSON that asserts some number of claims
Resource owner - the user who owns the data or resources that are being accessed
Resource server - the server that hosts the protected resources
Client - an application or service that wants to access the resources on behalf of the resource owner
Authorization server - the server that issues access tokens to the client
Platforms & Tools
Permify - An open-source authorization service that helps you to create any kind of authorization system with its Golang API
Azure Shared Access Signature (SAS) - A signed URI that points to one or more storage resources and includes a token that specifies the permissions and interval of access
Microsoft Defender for Cloud - A cloud-native application protection platform (CNAPP) with a set of security measures and practices designed to protect cloud-based applications
AWS Security Hub - A cloud security posture management (CSPM) service that performs security best practice checks, aggregates alerts, and enables automated remediation
Managed detection and response (MDR) - An outsourced service that provides organizations with threat hunting services and responds to threats once they are discovered
Microsoft Sentinel - A scalable, cloud-native, security information and event management (SIEM) and security orchestration, automation, and response (SOAR) solution
Amazon GuardDuty - A threat detection service that continuously monitors for malicious activity and unauthorized behavior
Detections & Auditing
Sigma Detection Format - A generic and open signature format that allows you to describe relevant log events in a straightforward manner
AWS CloudTrail - An AWS service that helps you enable operational and risk auditing, governance, and compliance of your AWS account
AWS Config - A service that enables you to assess, audit, and evaluate the configurations of your AWS resources
CSP (Content Security Policy) - An added layer of security that helps to detect and mitigate certain types of attacks, including Cross-Site Scripting (XSS) and data injection attacks
HSTS (HTTP Strict Transport Security) - A web security policy mechanism that helps to protect websites against protocol downgrade attacks and cookie hijacking
Cross-origin isolation - A web security feature that allows a web page to use powerful features like SharedArrayBuffer and performance.measureUserAgentSpecificMemory()
Privacy sandbox - Google's initiative to create web technologies that protect people's privacy online and give companies and developers the tools to build thriving digital businesses
security.txt - A proposed standard which allows websites to define security policies for researchers
AWS WAF - A web application firewall that helps protect your web applications or APIs against common web exploits and bots
Azure Web Application Firewall - A cloud-native service that protects web apps from common web-hacking techniques and vulnerabilities
Network-level Protection
AWS Shield - A managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS
Azure DDoS Protection - A service that provides countermeasures against the most sophisticated DDoS threats
Fail2ban - An intrusion prevention software framework that protects computer servers from brute-force attacks
Snort (IPS) - The foremost Open Source Intrusion Prevention System (IPS) in the world
Host-based Firewalls
netfilter (iptables, nftables) - A framework inside the Linux kernel that enables packet filtering, network address translation, and other packet mangling
S/MIME - A standard provides cryptographic security services like authentication, message integrity, non-repudiation, privacy, and data security for electronic messaging applications
DNS Security
DNSSEC - A feature of the Domain Name System (DNS) that authenticates responses to domain name lookups
DNS over TLS (DoT) - A security protocol for encrypting and wrapping Domain Name System (DNS) queries and answers via the Transport Layer Security (TLS) protocol
DNS over HTTPS (DoH) - A protocol for performing remote Domain Name System (DNS) resolution via the HTTPS protocol
Tools & Libraries
OpenDKIM - A community effort develops and maintains a C library for producing DomainKeys Identified Mail-aware applications and an open-source milter for providing the service
TPM (Trusted Platform Module) - A specification for a secure cryptoprocessor, a dedicated microcontroller designed to secure hardware through integrated cryptographic keys
Linux Mandatory Access Control
SELinux - A set of kernel modifications and user-space tools that have been added to various Linux distributions
AppArmor - A Linux kernel security module that allows the system administrator to restrict programs' capabilities with per-program profiles
Linux Fine-grained Access Control
Linux capabilities - A feature that grants some of the power of the superuser to a process, while not granting all of them
General Scanning
OpenSCAP - An open source implementation of the Security Content Automation Protocol (SCAP)
Lynis - A security auditing tool for systems running Linux, macOS, or Unix-based operating system