AppSec (Application Security) Key Terms:
- Secure Coding: Writing software with security best practices to prevent vulnerabilities.
- Vulnerability: Weaknesses in an application that could be exploited.
- SAST (Static Application Security Testing): Code analysis to find vulnerabilities without executing the program.
- DAST (Dynamic Application Security Testing): Security testing of running applications to find vulnerabilities.
- Penetration Testing: Simulated cyberattack to identify security gaps.
- Threat Modeling: Identifying potential threats to applications and mitigating them.
- OWASP (Open Web Application Security Project): A foundation that provides tools, guidelines, and best practices for AppSec.
- Cross-Site Scripting (XSS): A common web vulnerability allowing attackers to inject malicious scripts.
- SQL Injection: A type of attack where malicious SQL statements are executed.
- Identity and Access Management (IAM): Controlling who has access to applications.
- Application Firewalls (WAF): Firewalls that protect applications by filtering traffic.
- DevSecOps: Integration of security practices into the DevOps pipeline.
- Zero Trust: Security model that assumes no user or system is trusted by default.
- Patch Management: Regular updating of software to fix security flaws.
- API Security: Protecting the APIs that applications use to communicate with each other.
Technology Risk Key Terms:
- Cybersecurity: The practice of protecting systems, networks, and programs from digital attacks.
- Data Breach: Unauthorized access to sensitive or confidential information.
- Third-Party Risk: Risks introduced by external vendors, partners, or service providers.
- Business Continuity: Ensuring critical business operations continue during disruptions.
- Disaster Recovery: Process of restoring systems after a failure or cyberattack.
- Operational Risk: Risk of loss due to failed processes, systems, or external events.
- Compliance: Adhering to regulations (e.g., GDPR, HIPAA) to avoid legal or financial penalties.
- Incident Response: The process of managing a security breach or attack.
- Encryption: Protecting data by converting it into a secure code.
- Cloud Security: Measures taken to secure cloud computing environments.
- Risk Assessment: The process of identifying, analyzing, and prioritizing risks.
- Phishing: Fraudulent attempt to obtain sensitive information, often via email.
- Malware: Malicious software designed to harm, exploit, or steal data.
- Ransomware: A type of malware that encrypts data and demands a ransom for decryption.
- Zero-Day Vulnerability: An unknown vulnerability that is exploited before a patch is available.
- Backup and Recovery: Systems to ensure data can be restored in case of an attack or failure.
Application Security (AppSec) & Technology Risk Specialist role: