Information security - The practice of protecting information by mitigating information risks
Vulnerability - A weakness which can be exploited by a threat actor
Threat - A potential negative action or event facilitated by a vulnerability
Shared Responsibility Model - A security and compliance framework that outlines the responsibilities of cloud service providers (CSPs) and customers for securing every aspect of the cloud environment
Malware - Any software intentionally designed to cause disruption to a computer, server, client, or computer network
Ransomware - A type of malware from cryptovirology that threatens to publish the victim's personal data or perpetually block access to it unless a ransom is paid
Social engineering - The psychological manipulation of people into performing actions or divulging confidential information
Phishing - A type of social engineering where an attacker sends a fraudulent message designed to trick a person into revealing sensitive information
Business Email Compromise (BEC) - A type of phishing attack in which an attacker impersonates a high-level executive and attempts to trick an employee or customer into transferring money or sensitive data
Infostealer - A type of Trojan horse designed to gather information from a system
Mirai (malware) - A malware that turns networked devices running Linux into remotely controlled bots that can be used as part of a botnet in large-scale network attacks
Think before you Click(Fix) - A social engineering technique that tricks users into running malicious commands on their devices by taking advantage of their target's tendency to solve minor technical issues
Attack Simulation Tools
Evilginx - A man-in-the-middle attack framework used for phishing login credentials along with session cookies
Zero trust security model - An approach to the design and implementation of IT systems where trust is never granted implicitly and verification is required for everyone
All data sources and computing services are considered resources.
All communication is secured regardless of network location.
Access to individual enterprise resources is granted on a per-session basis.
Access to resources is determined by dynamic policy and may include other behavioral and environmental attributes.
The enterprise monitors and measures the integrity and security posture of all owned and associated assets.
All resource authentication and authorization are dynamic and strictly enforced before access is allowed.
The enterprise collects as much information as possible about the current state of assets, network infrastructure and communications and uses it to improve its security posture.
Mutual authentication - A process in which both parties in a communications link authenticate each other
Control-flow integrity - A general term for computer security techniques that prevent a wide variety of malware attacks from redirecting the flow of execution of a program
Capture the flag (cybersecurity) - A hacking contest where participants use specialized knowledge and techniques to find hidden "Flags" (answers) and compete for the highest total score
Platforms
CTFd - The easiest Capture The Flag platform to host your own cyber security workshop, providing a rock solid base that is easily customizable with themes and plugins
Symmetric-key algorithm - Algorithms for cryptography that use the same cryptographic keys for both the encryption of plaintext and the decryption of ciphertext
Block Cipher
AES - A specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001
Salsa20 ChaCha - A variant of Salsa20 that increases the diffusion per round while achieving the same or slightly better performance
MAC (Message Authentication Code)
HMAC - A specific type of message authentication code (MAC) involving a cryptographic hash function and a secret cryptographic key
Modes of Operation
CBC (Cipher block chaining) - A mode of operation for a block cipher where a block of plaintext is XORed with the previous ciphertext block before being encrypted
GCM (Galois/Counter Mode) - A mode of operation for symmetric-key cryptographic block ciphers which is widely adopted for its performance
CCM - A mode of operation for cryptographic block ciphers designed to provide both authentication and confidentiality
Elliptic-curve Diffie-Hellman - A key agreement protocol that allows two parties to establish a shared secret over an insecure channel
Encryption Schemes
RSAES-PKCS1-v1_5 - An older Encryption/decryption Scheme (ES) was first standardized in version 1.5 of PKCS #1 and is known to be vulnerable
RSAES-OAEP - A padding scheme that enhances RSA encryption by adding randomness and preventing partial decryption, it was standardized in PKCS#1 v2 and RFC 2437
Signature Schemes
RSASSA-PKCS1-v1_5 - A Signature Scheme with Appendix (SSA) was first standardized in version 1.5 of PKCS #1 and is considered unforgeable according to Jager et al. (2018)
DSA - A public-key cryptosystem and Federal Information Processing Standard for digital signatures, it is based on the mathematical concept of modular exponentiation and the discrete logarithm problem
ECDSA - A variant of the Digital Signature Algorithm (DSA) that utilizes elliptic-curve cryptography
Key formats
PKCS #1: RSA Cryptography Specifications - A standard that provides the basic definitions of and recommendations for implementing the RSA algorithm for public-key cryptography
Cryptographic Message Syntax - The IETF's standard for cryptographically protected messages, used by cryptographic schemes and protocols to digitally sign, digest, authenticate, or encrypt any form of digital data
Public Key Infrastructure (PKI) - A set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates
Domain Control Validation - A process used by certificate authorities (CAs) to verify that the person or organization requesting a certificate has control over the domain(s) listed in the certificate
Trust Stores
Certifi - A carefully curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts
Public key certificate - An electronic document used to prove the validity of a public key
Domain Validated (DV)
Organization Validated (OV)
Extended Validation (EV)
Let's Encrypt - A nonprofit Certificate Authority providing TLS certificates
certbot - A free, open source software tool for automatically using Let's Encrypt certificates on manually-administrated websites to enable HTTPS
lego - A Let's Encrypt client and ACME library written in Go
Vault - A tool for securely accessing secrets like API keys, passwords, or certificates
SOPS - An editor of encrypted files that supports YAML, JSON, ENV, INI and BINARY formats
git-secret - A bash tool to store your private data inside a git repo
Kubernetes Ecosystem
Sealed Secrets - A Kubernetes controller and tool for one-way encrypted Secrets
Secrets Store CSI Driver - A driver that allows Kubernetes to mount multiple secrets, keys, and certs stored in enterprise-grade external secrets stores into pods as a volume
External Secrets Operator - A Kubernetes operator that integrates external secret management systems like AWS Secrets Manager, HashiCorp Vault, Google Secrets Manager, Azure Key Vault, and IBM Cloud Secrets Manager
Vendor Services
Azure Key Vault - A cloud service to safeguard cryptographic keys and other secrets used by cloud apps and services
Google Cloud Secret Manager - A secure and convenient storage system for API keys, passwords, certificates, and other sensitive data
AWS Key Management Service - A service that makes it easy for you to create and manage cryptographic keys
AWS Secrets Manager - A secrets management service that helps you protect access to your applications, services, and IT resources
Pretty Good Privacy (PGP) - A data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication
OpenPGP - A non-proprietary protocol for exchanging public keys and encrypted messages
Identity management - A framework of policies and technologies for ensuring that the proper people in an enterprise have the appropriate access to technology resources
Self-hosted IAM Platforms
FusionAuth CE - The self-hosted, community supported version of FusionAuth
KeyCloak - An open source identity and access management solution
FreeIPA - An integrated security information management solution combining Linux, 389 Directory Server, MIT Kerberos, NTP, DNS, and a certificate system
Cloud IAM Services
Microsoft Entra ID - A cloud-based identity and access management service
AWS IAM - A service that helps you securely control access to AWS resources
Amazon Cognito - A service that lets you add user sign-up, sign-in, and access control to your web and mobile apps
Auth0 - A flexible, drop-in solution to add authentication and authorization services to your applications
Directory service - A service that maps the names of network resources to their respective network addresses
LDAP - An open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services
OpenLDAP - An open source implementation of the Lightweight Directory Access Protocol
389 Directory Server - A free and open source software project developed by Red Hat for Linux systems
Single sign-on (SSO) - A service that allows one login for multiple applications
Protocols & Standards
OpenID Connect - A simple identity layer on top of the OAuth 2.0 protocol
SAML - A standard for logging users into applications
WS-Federation - A specification that defines mechanisms used to broker trust and manage identities, attributes and authentication between participating Web services
FIDO2 (WebAuthn, CTAP, Passkeys) - A set of specifications that enables users to leverage common devices to easily and securely authenticate to online services
Relying party - The website or online service that wants to verify a user's identity (e.g., your bank's website)
Authenticator - The device or software that securely stores cryptographic keys and performs authentication for the user.
Client - The software on the user's device, typically a web browser or operating system component, that communicates between the Relying Party and the Authenticator.
WebAuthn - An API for accessing Public Key Credentials
CTAP - A protocol that enables an external authenticator to communicate with a client platform
Passkeys - A phishing-resistant replacement for passwords
SPIFFE - The Secure Production Identity Framework for Everyone
Kerberos - A computer network authentication protocol that works on the basis of tickets
Credentials & Tokens
Basic authentication - A method for an HTTP user agent to provide a username and password when making a request
JSON Web Token (JWT) - An Internet standard for creating data with optional signature and/or optional encryption whose payload holds JSON that asserts some number of claims
Resource owner - the user who owns the data or resources that are being accessed
Resource server - the server that hosts the protected resources
Client - an application or service that wants to access the resources on behalf of the resource owner
Authorization server - the server that issues access tokens to the client
Platforms & Tools
Permify - An open-source authorization service that helps you to create any kind of authorization system with its Golang API
Azure Shared Access Signature (SAS) - A signed URI that points to one or more storage resources and includes a token that specifies the permissions and interval of access
Microsoft Security Development Lifecycle (SDL) - A software development process that helps developers build more secure software and address security compliance requirements while reducing development cost
SonarQube Server - A self-managed, automatic code review tool that systematically helps you deliver clean code
GitLab SAST - A tool that checks your source code for known vulnerabilities
Bandit (for Python) - A tool designed to find common security issues in Python code
Semgrep OSS - A fast, open-source, static analysis tool for finding bugs and enforcing code standards
Fluid attacks - A security tool that allows you to find vulnerabilities in your source code, containers and dependencies
Dynamic Analysis (DAST)
ZAP - The world's most widely used web app scanner, free and open source, and a community based GitHub Top 1000 project that anyone can contribute to
Nuclei - A fast and customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL
sqlmap - An open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers
Whispers - A static code analysis tool designed for parsing various common data formats in search of hardcoded credentials
Gitleaks - A SAST tool for detecting and preventing hardcoded secrets like passwords, api keys, and tokens in git repos
Talisman - A tool that installs a hook to your repository to ensure that potential secrets or sensitive information do not get committed
TruffleHog - A tool that scans your environment for secrets, digging deep into commit history and branches
AI-orchestrated Penetration Testing
PentestGPT - An automated penetration testing framework powered by Large Language Models (LLMs)
PentAGI - An open-source, fully autonomous AI agent system designed for automated security testing
Strix - A set of autonomous AI agents that act like real hackers to run code dynamically, find vulnerabilities, and validate them through actual proof-of-concepts
CAI - A lightweight, open-source framework that empowers security professionals to build and deploy AI-powered offensive and defensive automation
HexStrike AI - An advanced MCP server that lets AI agents autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research
Zen AI Pentest - An autonomous, AI-powered penetration testing framework that combines cutting-edge language models with professional security tools
Feluda - A blazing fast dependency graph generator for Python projects
Frameworks & Assessment
SLSA framework - A security framework of standards and controls to prevent tampering, improve integrity, and secure packages and infrastructure
in-toto - A framework to protect software supply chain integrity
OpenSSF Scorecard - An automated tool that assesses a number of important heuristics ("checks") associated with software security and assigns each check a score of 0-10
Provenance & Artifact Metadata
GUAC - An open source tool that aggregates software security metadata into a high fidelity graph database
Secure Distribution & Updates
The Update Framework (TUF) - A framework for securing software update systems, providing protection even against attackers that compromise the repository or signing keys
Code Signing & Integrity
Sigstore (Fulcio, Rekor, Cosign) - A new standard for signing, verifying and protecting software
The 4 Cs of Cloud-Native Systems - A defense-in-depth approach that divides security strategies into four distinct layers to provide multilayered protection for cloud-native applications
Microsoft Defender for Cloud - A cloud-native application protection platform (CNAPP) with a set of security measures and practices designed to protect cloud-based applications
Cloud Security Posture Management (CSPM)
AWS Security Hub - A cloud security posture management (CSPM) service that performs security best practice checks, aggregates alerts, and enables automated remediation
cnquery - A cloud-native, graph-based security tool that allows you to query your entire infrastructure as data
Cloud Workload Protection Platform (CWPP)
Amazon Inspector - An automated security assessment service that helps improve the security and compliance of applications deployed on AWS
Managed detection and response (MDR) - An outsourced service that provides organizations with threat hunting services and responds to threats once they are discovered
Microsoft Sentinel - A scalable, cloud-native, security information and event management (SIEM) and security orchestration, automation, and response (SOAR) solution
Amazon GuardDuty - A threat detection service that continuously monitors for malicious activity and unauthorized behavior
Detections & Auditing
Sigma Detection Format - A generic and open signature format that allows you to describe relevant log events in a straightforward manner
AWS CloudTrail - An AWS service that helps you enable operational and risk auditing, governance, and compliance of your AWS account
AWS Config - A service that enables you to assess, audit, and evaluate the configurations of your AWS resources
Computer security incident management - The monitoring and detection of security events on a computer or computer network, and the execution of proper responses to those events
Digital forensics - A branch of forensic science that involves the recovery, investigation, examination, and analysis of material found in digital devices, often in relation to mobile devices and computer crime
Computer forensics - A branch of digital forensic science pertaining to evidence found in computers and digital storage media
Tools & Platforms
Volatility - The world's most widely used framework for extracting digital artifacts from volatile memory (RAM) samples
Autopsy - A digital forensics platform and graphical interface to The Sleuth Kit and other digital forensics tools
CSP (Content Security Policy) - An added layer of security that helps to detect and mitigate certain types of attacks, including Cross-Site Scripting (XSS) and data injection attacks
HSTS (HTTP Strict Transport Security) - A web security policy mechanism that helps to protect websites against protocol downgrade attacks and cookie hijacking
Cross-origin isolation - A web security feature that allows a web page to use powerful features like SharedArrayBuffer and performance.measureUserAgentSpecificMemory()
Privacy sandbox - Google's initiative to create web technologies that protect people's privacy online and give companies and developers the tools to build thriving digital businesses
security.txt - A proposed standard which allows websites to define security policies for researchers
AWS WAF - A web application firewall that helps protect your web applications or APIs against common web exploits and bots
Azure Web Application Firewall - A cloud-native service that protects web apps from common web-hacking techniques and vulnerabilities
Network-level Protection
AWS Shield - A managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS
Azure DDoS Protection - A service that provides countermeasures against the most sophisticated DDoS threats
Fail2ban - An intrusion prevention software framework that protects computer servers from brute-force attacks
Snort (IPS) - The foremost Open Source Intrusion Prevention System (IPS) in the world
Host-based Firewalls
netfilter (iptables, nftables) - A framework inside the Linux kernel that enables packet filtering, network address translation, and other packet mangling
S/MIME - A standard provides cryptographic security services like authentication, message integrity, non-repudiation, privacy, and data security for electronic messaging applications
DNS Security
DNSSEC - A feature of the Domain Name System (DNS) that authenticates responses to domain name lookups
DNS over TLS (DoT) - A security protocol for encrypting and wrapping Domain Name System (DNS) queries and answers via the Transport Layer Security (TLS) protocol
DNS over HTTPS (DoH) - A protocol for performing remote Domain Name System (DNS) resolution via the HTTPS protocol
Tools & Libraries
OpenDKIM - A community effort develops and maintains a C library for producing DomainKeys Identified Mail-aware applications and an open-source milter for providing the service
Unity Catalog - A universal catalog for data and AI that provides interoperability, openness, and unified governance across various formats and platforms
Microsoft Purview - A unified approach to help organizations secure and govern data across their heterogeneous data estate
Amazon DataZone - A data management service that makes it faster and easier for customers to catalog, discover, share, and govern data stored across AWS, on premises, and third-party sources
Cyber Resilience Act - A regulation that aims to safeguard consumers and businesses buying or using products or software with a digital component by introducing mandatory cybersecurity requirements
Security & Privacy Frameworks
NIST SP 800-53
AC - Access Control
AT - Awareness and Training
AU - Audit and Accountability
CA - Assessment, Authorization and Monitoring
CM - Configuration Management
CP - Contingency Planning
IA - Identification and Authentication
IR - Incident Response
MA - Maintenance
MP - Media Protection
PE - Physical and Environmental Protection
PL - Planning
PM - Program Management
PS - Personnel Security
PT - Personally Identifiable Information Processing and Transparency
RA - Risk Assessment
SA - System and Services Acquisition
SC - System and Communications Protection
SI - System and Information Integrity
SR - Supply Chain Risk Management
OSCAL - The Open Security Controls Assessment Language, a NIST-led initiative that provides open, machine-readable formats (XML, JSON, YAML) to automate security and compliance processes
ISO/IEC 27001 / 27002
Industry & Audit Standards
PCI-DSS - The global standard for payment card data security
SOC 2 - A voluntary compliance standard for service organizations which specifies how organizations should manage customer data
FIPS 140-2 - A U.S. government computer security standard used to approve cryptographic modules
TPM (Trusted Platform Module) - A specification for a secure cryptoprocessor, a dedicated microcontroller designed to secure hardware through integrated cryptographic keys
Linux Mandatory Access Control
SELinux - A set of kernel modifications and user-space tools that have been added to various Linux distributions
AppArmor - A Linux kernel security module that allows the system administrator to restrict programs' capabilities with per-program profiles
bubblewrap - A low-level unprivileged sandboxing tool used by Flatpak and similar projects
Linux Fine-grained Access Control
Linux capabilities - A feature that grants some of the power of the superuser to a process, while not granting all of them
General Scanning
OpenSCAP - An open source implementation of the Security Content Automation Protocol (SCAP)
Lynis - A security auditing tool for systems running Linux, macOS, or Unix-based operating system