Uphill Security

Glossary

This is still a proof of concept!

Architecture #

Access Control #

• Principle of Least Privilege

Security Model #

• Defense in Depth
• Zero Trust Security Model

Attacks #

Availability #

• Denial of Service
• Distributed Denial of Service

Data Theft #

• Data Exfiltration

Exploitation #

• Exploit
• Payload

Human Factor #

• Social Engineering

Network Security #

• Man-in-the-Middle Attack

Persistence #

• Web Shell

Physical Security #

• Tailgating

Post Exploitation #

• Lateral Movement

Remote Access #

• Bind Shell
• Reverse Shell

Social Engineering #

• Baiting
• Phishing
• Pretexting
• Spear Phishing

Concepts #

Fundamentals #

• Confidentiality Integrity Availability Triad

Cryptography #

Asymmetric #

• Rivest-Shamir-Adleman

Certificates #

• Public Key Infrastructure

Hashing #

• Cryptographic Hash Function
• Password Salt

Protocols #

• Secure Sockets Layer
• Transport Layer Security

Symmetric #

• Advanced Encryption Standard

Defense #

Application Security #

• Web Application Firewall

Authentication #

• JSON Web Token
• Multi-Factor Authentication
• Open Authorization
• Security Assertion Markup Language
• Single Sign-On

Authorization #

• Access Control
• Discretionary Access Control
• Mandatory Access Control
• Role-Based Access Control

Configuration #

• System Hardening

Data Security #

• Data Loss Prevention

Deception #

• Canary Token
• Honeypot

Endpoint Security #

• Endpoint Detection and Response

Isolation #

• Sandbox

Monitoring #

• Security Information and Event Management

Network Security #

• Firewall
• Intrusion Detection System
• Intrusion Prevention System
• Virtual Private Network

Malware #

Crypto Malware #

• Ransomware

Distributed #

• Botnet

Persistence #

• Backdoor

Remote Access #

• Trojan Horse

Spyware #

• Keylogger

Stealth #

• Rootkit

Methodology #

Assessment #

• Security Audit
• Vulnerability Assessment

Information Gathering #

• Enumeration
• Reconnaissance
• Scanning

Risk Assessment #

• Threat Modeling

Risk Management #

• Risk Assessment

Operations #

Collaborative Security #

• Purple Team Operations

Defensive Security #

• Blue Team Operations

Investigation #

• Digital Forensics

Offensive Security #

• Red Team Operations

Proactive Defense #

• Threat Hunting

Security Operations #

• Incident Response
• Security Operations Center

Vulnerability Management #

• Patch Management

Pentesting #

Application Security #

• Dynamic Application Security Testing
• Interactive Application Security Testing
• Static Application Security Testing

Network Security #

• Remote Internal Penetration Testing

Standards #

Compliance #

• General Data Protection Regulation
• Health Insurance Portability and Accountability Act
• ISO/IEC 27001
• National Institute of Standards and Technology
• Payment Card Industry Data Security Standard

Vulnerability Management #

• Common Vulnerabilities and Exposures
• Common Vulnerability Scoring System
• Common Weakness Enumeration

Web Security #

• Open Web Application Security Project

System #

Networking #

• Domain Name System

Threats #

Threat Actors #

• Advanced Persistent Threat
• Insider Threat

Vulnerabilities #

• Zero-Day Vulnerability

Tools #

Exploitation #

• Metasploit Framework

Network Analysis #

• Wireshark

Operating System #

• Kali Linux

Reconnaissance #

• Network Mapper

Web Security #

• Burp Suite

Vulnerabilities #

Access Control #

• Insecure Direct Object Reference
• Privilege Escalation

Critical #

• Remote Code Execution

Memory Corruption #

• Buffer Overflow

Web Application #

• Cross-Site Request Forgery
• Cross-Site Scripting
• Local File Inclusion
• Remote File Inclusion
• Server-Side Request Forgery
• SQL Injection
• XML External Entity