Security Glossary

Clear and concise explanations of key terms related to password security.

ア行

RBAC - Role-Based Access Control

RBAC assigns permissions through roles rather than directly to users. Standardized as ANSI/INCITS 359, it simplifies permission management in large organizations by grouping privileges into named roles.

IAM - Identity and Access Management

IAM centrally manages identities and access permissions. It unifies authentication and authorization through models like RBAC and ABAC to enforce least-privilege. Misconfigurations in cloud IAM are a leading cause of breaches.

IDS vs IPS - Intrusion Detection and Prevention

IDS monitors network traffic for suspicious activity while IPS blocks threats automatically. See how both fit into a layered network defense strategy.

Identity Providers - Centralized Authentication Services

An identity provider (IdP) centrally manages user credentials and issues assertions via SAML or OIDC. Okta, Azure AD, and Google Workspace are leading examples in enterprise environments.

IP Spoofing - Forging Source Addresses in Packets

IP spoofing fakes the sender address in network packets to bypass filters or amplify DDoS floods. Learn how ingress filtering and BCP38 counter it.

IP Blocklists - Blocking Known Malicious Sources

An IP blocklist denies access from addresses flagged as malicious. Learn how threat feeds, firewalls, and automated updates keep your list effective.

Account Takeover - Hijacking User Accounts

Account takeover is unauthorized access to someone else's account via credential stuffing, phishing, or SIM swapping. Compromising an email account often triggers a chain reaction across linked services.

Access Control Models - RBAC, ABAC, and ACL

Access control determines who can view or modify resources. Compare role-based, attribute-based, and access control list models to pick the right fit.

Adware - Unwanted Ads and Hidden Tracking Risks

Adware forces intrusive ads onto your screen and may track browsing habits. Learn how it bundles with free software and the most effective removal steps.

Argon2 - Modern Password Hashing Algorithm

Argon2 won the 2015 Password Hashing Competition. Its memory-hard design resists GPU and ASIC parallel attacks, and OWASP recommends it as the top-priority algorithm for password storage.

Encryption Explained - Symmetric, Asymmetric, and More

Encryption transforms readable data into ciphertext only authorized parties can decode. Covers AES, RSA, and TLS to help you choose the right method.

Incident Response - A Step-by-Step Cyber Attack Plan

Incident response is the structured process of detecting, containing, and recovering from breaches. Walk through the six essential phases of an IR plan.

Air-Gapped Networks - Physical Isolation for Security

An air-gapped system has no connection to the internet or external networks. Learn when physical isolation is the right choice for critical infrastructure.

HSM - Hardware Security Modules Explained

An HSM is tamper-resistant hardware that stores and processes cryptographic keys. See how HSMs protect keys in banking, PKI, and cloud environments.

HSTS - HTTP Strict Transport Security

HSTS is a security header that forces browsers to use HTTPS for all connections to a domain. It prevents SSL-stripping attacks and can be preloaded into browsers for first-visit protection.

API Keys - Service Authentication Strings

An API key is a string used to authenticate requests between services. It identifies the caller but can be abused if leaked, so strict secret management practices are essential.

SSL/TLS - How HTTPS Encrypts Your Connection

SSL/TLS encrypts data between browser and server to prevent eavesdropping. Learn how the TLS handshake, certificates, and cipher suites keep you safe.

Single Sign-On (SSO) - One Login for All Apps

SSO authenticates users once and grants access to multiple services seamlessly. See how SAML, OpenID Connect, and federation simplify enterprise login.

SQL Injection - How Attackers Exploit Databases

SQL injection inserts malicious queries through input fields to read or modify database records. Learn parameterized queries and other proven defenses.

scrypt - Memory-Hard Key Derivation

scrypt is a memory-hard password hashing function designed by Colin Percival in 2009 for Tarsnap. Its high memory requirement makes GPU and ASIC parallel attacks significantly harder.

SBOM - Software Bill of Materials

An SBOM lists every component in a piece of software. U.S. Executive Order 14028 is driving adoption, and the Log4Shell incident highlighted SBOMs as essential for supply-chain security.

MFA Bypass - Techniques That Defeat Multi-Factor Auth

MFA bypass techniques circumvent multi-factor authentication through methods like real-time phishing proxies, SIM swapping, and MFA fatigue attacks. Understanding these threats is key to choosing phishing-resistant factors.

End-to-End Encryption (E2EE) - True Message Privacy

E2EE ensures only the sender and recipient can read a message, with no middleman access. See how messaging apps implement E2EE to protect conversations.

Endpoint Security - Protecting Devices from Threats

Endpoint security protects PCs, smartphones, and other devices. It has evolved from traditional antivirus to EDR and XDR, using behavioral detection and telemetry for advanced threat hunting.

Password Entropy - How to Measure Real Strength

Entropy quantifies password randomness in bits. Higher entropy means exponentially harder to crack. See how length and character variety affect security.

OAuth 2.0 - Secure Delegated Authorization

OAuth lets apps access your data without sharing your password. Understand access tokens, scopes, grant types, and how they manage permissions securely.

OpenID Connect - Identity Layer on OAuth 2.0

OpenID Connect (OIDC) adds an identity layer on top of OAuth 2.0, providing standardized user authentication. It returns an ID token with user claims, enabling SSO across web and mobile apps.

OSINT - Open Source Intelligence

OSINT gathers intelligence from publicly available sources such as social media, WHOIS, and DNS records. Both attackers in reconnaissance and defenders in threat analysis rely on it.

カ行

Cryptographic Key Management Best Practices

Key management covers generating, storing, rotating, and destroying encryption keys. Poor key handling can undermine even the strongest cryptography.

Keyloggers - How They Steal Your Passwords

A keylogger records every keystroke to capture passwords and personal data. Learn how keyloggers spread, how to detect them, and effective countermeasures.

CASB - Cloud Access Security Broker

A CASB monitors and controls access to cloud services. Its four pillars - visibility, compliance, data security, and threat protection - govern cloud usage including shadow IT.

CAPTCHA - Telling Humans and Bots Apart

CAPTCHA challenges verify that a visitor is human, not an automated bot. Explore image, audio, and invisible CAPTCHA types that guard forms and logins.

Cyber Threat Intelligence for Proactive Defense

Threat intelligence collects and analyzes data on emerging cyber threats. Learn how actionable intel helps security teams anticipate and block attacks.

Threat Modeling - Identifying Risks by Design

Threat modeling systematically identifies and evaluates threats to a system. Frameworks like STRIDE and PASTA help teams surface security risks during the design phase.

Cloud Storage - Storing Data Online Securely

Cloud storage lets you save and manage data over the internet. Understanding the difference between server-side and client-side encryption and managing shared links carefully are key to staying secure.

Clickjacking - Hidden Clicks on Invisible Layers

Clickjacking tricks users into clicking hidden elements by overlaying transparent frames on legitimate pages. X-Frame-Options and CSP frame-ancestors directives are the primary defenses.

Cryptojacking - Unauthorized Crypto Mining

Cryptojacking hijacks computing resources to mine cryptocurrency without consent. It spreads through malware or browser scripts, and abnormal CPU usage is the primary detection signal.

What Is Credential Stuffing?

Credential stuffing automates stolen username-password pairs against multiple sites. Discover why reusing passwords puts every account at risk.

Credential Leaks - When Passwords Go Public

A credential leak is the exposure of passwords, tokens, or other authentication data. Leaks occur through database breaches, phishing, and malware, fueling credential-stuffing attacks at scale.

Cross-Site Scripting (XSS) - Types and Prevention

XSS injects malicious scripts into web pages to steal cookies or redirect users. Covers stored, reflected, and DOM-based XSS with defense techniques.

Privilege Escalation - From User to Admin Access

Privilege escalation lets attackers elevate from a basic account to full admin control. Learn vertical and horizontal techniques and defenses against them.

Public-Key Cryptography - Asymmetric Encryption

Public-key cryptography uses separate keys for encryption and decryption. RSA and elliptic-curve algorithms are the most common, underpinning TLS handshakes and digital signatures.

Attack Surface - All Possible Entry Points

The attack surface is the sum of all points where an attacker can attempt to enter a system. It spans digital, physical, and social domains, and minimizing it is a core security principle.

CORS - Cross-Origin Resource Sharing

CORS is a browser mechanism that controls which origins can access resources on another domain. Misconfigured CORS headers can expose APIs to unauthorized cross-origin requests.

Security Code Review - Catching Bugs Before Release

Code review catches vulnerabilities and logic errors before they reach production. Learn manual review techniques and how SAST tools automate detection.

PII - Personally Identifiable Information

PII is any data that can identify an individual, split into direct identifiers and quasi-identifiers. GDPR and other privacy laws impose strict handling requirements on this category of data.

Security Compliance - SOC 2, ISO 27001, PCI DSS

Compliance aligns security practices with laws and industry standards. Learn how SOC 2, ISO 27001, and PCI DSS frameworks are audited and maintained.

サ行

Principle of Least Privilege - Minimize Permissions

Least privilege grants users only the minimum access they need. Learn how it limits blast radius, prevents insider threats, and supports zero trust.

Cyber Kill Chain - Seven Phases of an Attack

The Cyber Kill Chain is a framework that breaks cyberattacks into seven phases. Proposed by Lockheed Martin in 2011, it helps defenders systematically plan countermeasures at each stage.

Cyber Insurance - Coverage, Costs, and Eligibility

Cyber insurance offsets costs from data breaches, ransomware, and business disruption. Learn typical coverage, common exclusions, and how to qualify.

SASE - Secure Access Service Edge

SASE converges networking and security into a single cloud-delivered service. It combines SD-WAN, CASB, ZTNA, and FWaaS to secure access for distributed workforces without traditional VPN bottlenecks.

Supply Chain Attacks - Threats in Software Delivery

Supply chain attacks inject malicious code into trusted software updates or open-source packages. Learn how these attacks unfold and how to defend.

SAML - Security Assertion Markup Language

SAML is an XML-based standard for exchanging authentication and authorization data between an identity provider and a service provider. It remains the backbone of enterprise SSO deployments.

Sandboxing - Isolating Untrusted Code Safely

A sandbox runs suspicious programs in an isolated environment to prevent system damage. See how sandboxing catches zero-day malware before it spreads.

CSRF - Cross-Site Request Forgery Explained

CSRF tricks your browser into sending unauthorized requests while you are logged in. Learn how anti-CSRF tokens and SameSite cookies prevent this attack.

CSP - Content Security Policy

CSP is a security header that restricts which resources a web page can load. It mitigates XSS attacks by controlling script-src, style-src, and other directives that define allowed content origins.

GDPR - EU Data Protection Rules Explained

The GDPR governs how organizations collect, store, and process personal data of EU residents. Understand consent rules, data subject rights, and penalties.

CVE - How Vulnerabilities Are Identified and Tracked

CVE assigns unique IDs to publicly disclosed security flaws for tracking and prioritization. Learn how CVSS severity scores guide patching decisions.

SIEM - Centralized Security Event Monitoring

SIEM collects logs across your infrastructure, correlates events, and triggers real-time alerts. See how it powers modern threat detection and response.

JWT - JSON Web Tokens for Authentication

A JWT is a compact, URL-safe token for transmitting claims between parties. Widely used for API authentication, improper signature verification or algorithm confusion can lead to serious vulnerabilities.

Business Continuity Planning - Surviving Disruptions

A BCP ensures critical operations continue during cyberattacks or natural disasters. Learn risk assessment, backup sites, and crisis communication plans.

Dictionary Attacks - Guessing Passwords with Words

A dictionary attack tests common words, phrases, and leaked passwords to crack credentials. Learn why random passwords and lockout policies stop it.

SIM Swapping - How Attackers Hijack Phone Numbers

SIM swapping tricks your carrier into transferring your number to an attacker, bypassing SMS 2FA. Learn how to lock your mobile account and use safer MFA.

Shadow IT - Unapproved Technology Use

Shadow IT refers to IT services and devices employees use without IT department approval. It creates data-leakage and compliance risks and leaves blind spots in account management.

Certificate Transparency - Public Logging of TLS Certificates

Certificate Transparency (CT) requires certificate authorities to log all issued certificates in public, append-only logs. It enables domain owners to detect misissued or fraudulent certificates quickly.

Shoulder Surfing - Preventing Visual Password Theft

Shoulder surfing is the act of watching someone enter a password or PIN in public. Privacy screens, biometric unlock, and awareness help prevent it.

Single Sign-On (SSO) - One Login for Everything

SSO lets users authenticate once and access multiple applications without re-entering credentials. It improves productivity and security posture but creates a single point of failure if compromised.

Spyware - How It Tracks You and How to Remove It

Spyware silently monitors your activity and sends personal data to third parties. Learn how it installs, the warning signs, and effective removal steps.

Spear Phishing - Targeted Email Attack Tactics

Spear phishing crafts personalized messages using researched details about a specific target. See how it differs from mass phishing and why it succeeds.

VPN Split Tunneling - Benefits and Security Trade-offs

Split tunneling routes only selected traffic through the VPN while the rest goes direct. Weigh the performance gains against the security risks involved.

Smishing - SMS Phishing Attacks

Smishing is phishing delivered via SMS. Text messages have higher open rates than email, and fake delivery-notification scams have surged. RCS messaging introduces additional risk vectors.

Security Vulnerabilities - How Flaws Get Exploited

A vulnerability is a weakness in software or configuration that attackers can exploit. Learn how scanning, patching, and secure coding reduce exposure.

Biometric Authentication - Fingerprint, Face, Iris

Biometrics verify identity using unique physical traits such as fingerprints and facial geometry. Weigh the convenience gains against spoofing risks.

Responsible Disclosure - Reporting Vulnerabilities Ethically

Responsible disclosure is the practice of privately reporting security vulnerabilities to vendors before public release. Coordinated disclosure timelines and bug bounty programs formalize the process.

Secure Coding Practices for Developers

Secure coding prevents injection, XSS, and buffer overflows at the source. Learn OWASP Top 10 guidelines and input validation techniques for safer apps.

Secure Boot - Verified Startup Process

Secure Boot verifies the digital signatures of firmware and OS loaders at startup to prevent bootkits and rootkits. It forms the first link in a chain of trust from hardware to operating system.

Security Awareness Training - Building a Human Firewall

Security awareness training raises the security literacy of organizations and individuals. Phishing simulations and gamification-based programs are replacing traditional annual lectures as the standard approach.

Security Audits - Evaluating Your Cyber Defenses

A security audit reviews controls, policies, and infrastructure for weaknesses. Learn about audit types, frameworks like ISO 27001, and remediation steps.

Security Keys - Hardware Authentication Devices

A security key is a physical device for strong authentication, typically using FIDO2/WebAuthn protocols. It provides phishing-resistant two-factor or passwordless login via USB, NFC, or Bluetooth.

Security Tokens - Hardware Keys and OTP Devices

Security tokens generate one-time codes or store cryptographic keys for strong authentication. Compare hardware keys like YubiKey with software OTP apps.

Session Tokens - Temporary Authentication Credentials

A session token is a temporary credential issued after login to identify the user. Managed as cookies or JWTs, a stolen token can lead to session hijacking attacks.

Session Hijacking - How Attackers Steal Logins

Session hijacking captures cookies or tokens to impersonate authenticated users. Learn how HTTPS, secure cookies, and token rotation block this attack.

Zero-Knowledge Proofs - Proving Without Revealing

A zero-knowledge proof lets one party prove knowledge of a secret without revealing it. The concept powers passwordless authentication schemes and zero-knowledge encryption services.

Zero-Day Exploits - Attacks Before Patches Exist

A zero-day targets a flaw unknown to the vendor, leaving no time to patch. Understand why these exploits are so dangerous and how to limit your risk.

Zero Trust Security - Never Trust, Always Verify

Zero trust treats every access request as untrusted regardless of network location. Learn the core principles, architecture, and implementation roadmap.

Social Engineering Attacks and How to Defend Yourself

Social engineering exploits human psychology rather than technical flaws. Explore pretexting, baiting, and tailgating tactics with practical defense tips.

Social Login - Sign In with Google, Apple, and More

Social login lets users sign in to third-party services with a Google, Apple, or other social account via OAuth 2.0 or OpenID Connect. It boosts convenience but carries risks of over-permissioning and privacy exposure.

Security Operations Center (SOC) - Roles and Tools

A SOC is a dedicated team that monitors, detects, and responds to cyber threats around the clock. Learn the key roles, essential tools, and workflows.

Password Salting - Why Hashing Alone Falls Short

A salt prepends unique random data before hashing so identical passwords yield different digests. Learn why salting defeats rainbow table attacks.

タ行

The Dark Web - Stolen Data and Hidden Markets

The dark web is an encrypted layer of the internet reachable only through Tor. Stolen passwords and personal data are bought and sold on its markets.

Dark Patterns - Deceptive UI Design Tricks

Dark patterns are deceptive UI designs that nudge users into unintended actions, from hard-to-cancel subscriptions to manipulative cookie consent banners that undermine privacy and security settings.

Typosquatting - Fake Domains from Misspelled URLs

Typosquatting registers domains that mimic popular sites to exploit typing mistakes. See how attackers use lookalike URLs for phishing and malware.

Defense in Depth - Layered Cybersecurity Strategy

Defense in depth stacks multiple security controls so no single failure compromises the system. See how firewalls, encryption, and monitoring combine.

Multi-Factor Authentication (MFA) - Why It Matters

MFA combines two or more verification factors - knowledge, possession, and biometrics. Learn why MFA blocks over 99 percent of automated account attacks.

Man-in-the-Middle (MITM) Attacks Explained

MITM attackers intercept communication between two parties to eavesdrop or alter data. See how TLS, VPNs, and certificate pinning prevent interception.

Encryption in Transit - Protecting Data on the Wire

Encryption in transit secures data moving across networks using TLS, VPNs, or SSH. Learn why unencrypted traffic is an easy target for eavesdropping.

DNS over HTTPS (DoH) - Encrypting DNS Queries

DoH encrypts DNS lookups inside HTTPS so ISPs and attackers cannot see which sites you visit. Learn how to enable DoH in your browser and on your router.

DNS Spoofing - Cache Poisoning and Redirection

DNS spoofing corrupts resolver caches to redirect users to malicious sites. See how DNSSEC and encrypted DNS protocols like DoH defend against poisoning.

DNS Filtering - Blocking Threats at the DNS Layer

DNS filtering blocks access to malicious or unwanted domains by intercepting DNS queries. It provides network-wide protection without installing agents on every device.

DMZ Network Architecture and Its Security Role

A DMZ creates a buffer zone between the internet and your internal network for public-facing servers. Learn how it contains damage from compromised hosts.

TOTP - Time-Based One-Time Passwords for 2FA

TOTP generates a fresh code every 30 seconds for two-factor authentication. See how authenticator apps use TOTP to add a strong second login factor.

DDoS Attacks - How They Work and How to Mitigate

A DDoS attack overwhelms servers with traffic from thousands of sources to force outages. Learn how botnets drive these attacks and proven defense methods.

TPM - Trusted Platform Module

A TPM is a hardware security chip that generates and stores cryptographic keys and verifies secure boot. Windows 11 requires TPM 2.0, and the chip underpins BitLocker and passkey storage.

Deepfakes - Detection and Defense Strategies

Deepfakes leverage deep learning to forge realistic audio and video for fraud. Learn detection techniques and verification methods to counter them.

DMARC - Domain-Based Email Authentication

DMARC is a domain-based email authentication protocol that combines SPF and DKIM results, letting domain owners control how spoofed messages are handled by receiving mail servers.

Disaster Recovery Planning - RTO, RPO, and Failover

A disaster recovery plan defines how to restore systems after outages or attacks. Learn how to set RTO and RPO targets and design failover strategies.

Data Minimization - Collect Only What You Need

Data minimization limits the collection and retention of personal data to what is strictly necessary. A core GDPR principle, it reduces breach impact and simplifies compliance obligations.

Data Classification - Organizing by Sensitivity Level

Data classification labels information by sensitivity to guide encryption, access controls, and retention. Learn common classification tiers and methods.

Data Masking - Anonymizing Sensitive Information

Data masking replaces real data with realistic fake values for safe use in testing and analytics. Compare static, dynamic, and on-the-fly techniques.

Data Breaches - Causes, Impact, and Response Steps

A data breach exposes sensitive records through hacking, misconfigurations, or insider threats. Learn the leading causes and a step-by-step response plan.

Tailgating - Physical Intrusion by Following

Tailgating is a physical intrusion method where an unauthorized person follows an authorized entrant through a secured door. Mantraps and anti-passback systems are effective countermeasures.

Digital Certificates - Proving Identity Online

A digital certificate binds a public key to an identity, verified by a certificate authority. TLS certificates secure websites, while code-signing certificates verify software authenticity.

Digital Signatures - Verifying Data Authenticity

A digital signature uses public-key cryptography to prove a message is unaltered and confirm the sender. Learn how signing and verification work.

Digital Forensics - Investigating Cyber Incidents

Digital forensics is the process of collecting, preserving, and analyzing digital evidence after a security incident. Proper chain-of-custody procedures ensure findings are admissible and actionable.

DevSecOps - Security in the Development Pipeline

DevSecOps integrates security into the development process by embedding SAST, DAST, and SCA into CI/CD pipelines, catching vulnerabilities early through a shift-left approach.

Tor - Anonymous Communication Network

Tor is an anonymous communication network using multi-layer encryption. Developed by the U.S. Naval Research Laboratory, it routes traffic through three relay nodes to protect sender anonymity and is also the gateway to the dark web.

Tokenization - Replacing Sensitive Data with Tokens

Tokenization swaps credit card numbers and other sensitive data with non-reversible tokens. See how it differs from encryption and reduces PCI DSS scope.

Data Anonymization - Removing Personal Identifiers

Data anonymization irreversibly removes personal identifiers so individuals cannot be re-identified. Techniques include generalization, suppression, and differential privacy, each with trade-offs in data utility.

Drive-By Downloads - Silent Malware Installation

A drive-by download installs malware simply by visiting a compromised or malicious webpage. Exploit kits target browser and plugin vulnerabilities, making timely patching the best defense.

Trojan Horse Malware - Disguised Digital Threats

A trojan poses as legitimate software to slip past defenses. Once inside, it can steal data, install backdoors, or download additional malware payloads.

ナ行

Insider Threats - Risks from Within

An insider threat is a security risk caused intentionally or accidentally by someone inside the organization. Because insiders hold legitimate access, perimeter defenses alone cannot detect them.

Double Extortion Ransomware - Encrypt and Leak

Double extortion ransomware encrypts files and threatens to publish stolen data. Even organizations with backups face pressure, as the data-leak threat adds reputational and regulatory risk.

What Is Two-Factor Authentication (2FA)?

Two-factor authentication adds a second verification layer to your login. Compare SMS codes, authenticator apps, and hardware keys for safety.

Certificate Authorities and the Chain of Trust

A certificate authority issues digital certificates that verify website identity. Understand how the chain of trust secures every HTTPS connection.

Network Segmentation - Stopping Lateral Movement

Network segmentation divides a network into isolated zones so breaches cannot spread. Explore VLANs, micro-segmentation, and zero trust network design.

ハ行

Bug Bounty Programs - Crowdsourced Vulnerability Discovery

Bug bounty programs reward researchers who responsibly report security flaws. Learn how leading companies structure and run successful bounty programs.

Passkeys - FIDO2 Passwordless Authentication

Passkeys replace passwords with public-key cryptography stored on your device. See which platforms support passkeys and how to enable passwordless login.

Passkey Sync - Cross-Device Credential Sharing

Passkey sync replicates FIDO2 credentials across devices through platform cloud services like iCloud Keychain or Google Password Manager, solving the single-device limitation of traditional security keys.

Passphrases - Memorable Yet Strong Passwords

A passphrase combines multiple words into a long password that is easier to remember than random characters yet delivers high entropy, making it ideal for master passwords and encryption keys.

Password Spraying - Low-and-Slow Account Attacks

Password spraying tests a few common passwords across many accounts to evade lockouts. Learn detection methods and why unique passwords are your defense.

Password Fatigue - The Burden of Too Many Passwords

Password fatigue is the psychological strain of managing numerous passwords. It drives risky behaviors like reuse and simplification, making password managers and passkeys essential remedies.

Password Hashing - Irreversible Storage for Credentials

Password hashing transforms passwords into irreversible digests for storage. Combined with salting and stretching, it eliminates plaintext risk and resists offline cracking after a breach.

Password Policy Best Practices for 2025

A strong password policy defines minimum length, complexity, and rotation rules. Learn NIST-aligned guidelines that improve security without user friction.

How Password Managers Keep Your Accounts Safe

Password managers generate, encrypt, and auto-fill unique credentials for every login. Learn how an encrypted vault simplifies security across all devices.

Passwordless Authentication - Beyond Passwords

Passwordless authentication eliminates traditional passwords in favor of biometrics, security keys, or magic links. It reduces phishing risk and password fatigue while improving user experience.

Password Rotation - Periodic Credential Changes

Password rotation is the practice of changing passwords at regular intervals. NIST now advises against forced rotation unless a breach is suspected, as it often leads to weaker password choices.

Backups - Protecting Data with Copies

A backup stores a copy of data in a separate location. The 3-2-1 rule is the recommended strategy, and offline backups are increasingly important as a defense against ransomware.

Backdoors in Cybersecurity - Hidden System Access

A backdoor bypasses normal authentication to give attackers covert access. Learn how backdoors get planted in software and the best ways to detect them.

Cryptographic Hashing - Protecting Stored Passwords

A hash function converts data into a fixed-length digest that cannot be reversed. See how bcrypt, Argon2, and salting secure passwords against cracking.

Patch Management - Why Timely Updates Matter

Patch management tests and deploys software updates that fix known vulnerabilities. Most successful exploits target systems with missing patches.

Honeypots - Decoy Systems That Trap Attackers

A honeypot mimics a real system to lure attackers and study their methods. See how security teams use honeypots for early warning and threat intelligence.

bcrypt - Time-Tested Password Hashing

bcrypt is a Blowfish-based password hashing function designed in 1999. Its adjustable cost factor and automatic salt generation have made it a trusted standard for decades.

PKI - Public Key Infrastructure Explained

PKI manages digital certificates and encryption keys for secure communication. Explore certificate authorities, trust chains, and key revocation processes.

PBKDF2 - Password-Based Key Derivation

PBKDF2 derives cryptographic keys from passwords and is standardized in NIST SP 800-132. Used in Wi-Fi WPA2, it lacks GPU resistance, so migration to Argon2 or bcrypt is recommended.

OAuth PKCE - Secure Authorization for Public Clients

PKCE (Proof Key for Code Exchange) protects the OAuth 2.0 authorization code flow against interception attacks. Originally designed for mobile apps, it is now recommended for all OAuth clients.

BEC - Business Email Compromise

Business email compromise impersonates executives or partners via email to trick targets into wire transfers or sharing confidential data. FBI reports put cumulative losses above $50 billion, with AI deepfakes raising the threat.

Vishing - Voice Phishing Attacks

Vishing uses phone calls to impersonate banks or tech support and extract sensitive information. AI voice synthesis combined with caller-ID spoofing is making these attacks increasingly convincing.

Firewalls Explained - Packet Filtering to NGFW

Firewalls monitor and filter network traffic based on predefined security rules. Covers packet filtering, stateful inspection, and next-gen firewalls.

FIDO/WebAuthn - Passwordless Authentication Standards

FIDO/WebAuthn is an international standard for passwordless authentication. It uses public-key cryptography to deliver phishing-resistant login flows and forms the technical foundation for passkeys.

Fileless Malware - Attacks That Leave No Files

Fileless malware operates entirely in memory or abuses legitimate system tools, leaving no traditional file artifacts. It evades signature-based antivirus and requires behavioral detection for identification.

Fuzz Testing - Finding Hidden Software Vulnerabilities

Fuzzing feeds random or malformed input to software to trigger crashes and expose flaws. See how coverage-guided fuzzers find bugs that unit tests miss.

Phishing Attacks - How to Recognize and Avoid Them

Phishing tricks you with fake emails and spoofed websites to steal credentials. Learn the warning signs, real-world examples, and steps to stay protected.

Phishing-Resistant MFA - Unphishable Authentication

Phishing-resistant MFA uses cryptographic binding between authenticator and origin to block credential interception. FIDO2 security keys and passkeys are the primary implementations.

VPN Explained - How It Protects Your Privacy Online

A VPN encrypts internet traffic and masks your IP address through a secure tunnel. Learn when a VPN truly protects you and how to pick the right one.

Privacy by Design - Building Privacy In from the Start

Privacy by Design embeds privacy into systems from the outset. Based on Ann Cavoukian's seven principles, it became a legal obligation under GDPR Article 25.

Browser Fingerprinting - Tracking Without Cookies

Browser fingerprinting identifies users by collecting browser settings and environment data. Unlike cookies it cannot be deleted, making it useful for fraud detection but a privacy concern.

Pretexting - Fabricated Scenarios for Data Theft

Pretexting is a social-engineering technique that fabricates a scenario to extract information. Impersonating IT support or HR is typical, and it often serves as the opening move in a BEC attack.

Brute Force Attacks - How They Crack Passwords

Brute force attacks try every possible combination until the correct password is found. See how password length, complexity, and rate limiting stop them.

Proxy Servers - Intermediaries for Network Traffic

A proxy server sits between client and server as a relay. Forward and reverse proxies serve different roles, enabling content filtering, caching, and load balancing.

Penetration Testing - Simulating Real-World Attacks

Pen testers simulate real attacks to uncover vulnerabilities before criminals do. Learn the testing phases, common tools, and how findings drive fixes.

Whaling Attacks - Phishing That Targets Executives

Whaling sends highly personalized phishing emails to CEOs and senior leaders. Learn why these attacks cause massive losses and how to prevent them.

Port Scanning - Network Reconnaissance Techniques

Port scanning probes a host for open ports to map running services and potential weaknesses. Learn about SYN scans, TCP connect scans, and firewall rules.

Encryption at Rest - Securing Data on Disk

Encryption at rest protects files on disks, databases, and backups from unauthorized access. Learn how AES-256 and proper key management guard stored data.

Botnets - How Infected Device Networks Operate

A botnet is a network of compromised devices controlled remotely for DDoS, spam, and theft. Explore the botnet lifecycle and how takedowns are executed.

マ行

Magic Links - Passwordless Email Login

A magic link is a one-time URL sent to a user's email that grants instant login without a password. It shifts the security boundary to the email account and must include expiration and single-use protections.

Malware Types - Viruses, Trojans, Worms, and More

Malware is any software designed to damage or exploit a device. Learn to identify viruses, trojans, worms, and spyware, and how to remove them safely.

Watering Hole Attacks - Compromising Trusted Sites

A watering hole attack plants exploits on websites a target group regularly visits. Learn how attackers choose sites and how to reduce your exposure.

Email Authentication - SPF, DKIM, and DMARC

Email authentication uses SPF, DKIM, and DMARC to verify sender identity and prevent spoofing. Proper configuration of all three protocols is essential for protecting domains from phishing abuse.

ラ行

Lateral Movement - Spreading Inside a Network

Lateral movement is the post-breach technique of moving sideways through a network. Attackers use Pass-the-Hash, RDP abuse, and other methods to reach high-value targets and escalate damage.

Ransomware - How It Spreads and How to Stop It

Ransomware locks your files with encryption and demands payment for the key. Understand infection vectors, prevention strategies, and recovery options.

Recovery Codes - Backup Access for MFA

Recovery codes are one-time backup codes for regaining account access when the primary MFA device is lost. They must be stored securely offline, as they bypass normal authentication.

Replay Attacks - Reusing Captured Data

A replay attack intercepts and retransmits legitimate communication to gain unauthorized access. Nonces, timestamps, and challenge-response protocols counter it, and FIDO/WebAuthn is structurally resistant.

Rootkits - Stealthy Malware Deep in Your OS

A rootkit hides deep in the OS to maintain persistent, undetected access. Explore kernel-level and user-level rootkits and how to find them.

Rainbow Table Attacks - Cracking Hashed Passwords

Rainbow tables map precomputed hashes to plaintext for instant password lookups. See why salted hashes and modern algorithms render this attack obsolete.

Rate Limiting - Controlling API and Web Traffic

Rate limiting caps how many requests a user or IP can send in a given window. Learn how it stops brute force attacks, scraping, and API abuse.

Red Teaming - Adversarial Security Testing

A red team tests an organization's security from an attacker's perspective. Broader and longer than a penetration test, red-team exercises include physical intrusion and social engineering for realistic assessment.

Breach Notification - Reporting Data Leaks

Breach notification is the obligation to inform affected individuals and authorities after a data leak. GDPR requires notification within 72 hours; delays risk fines and loss of trust.