New from Ponemon Institute: The State of Offensive Security in 2023. Read the Report ›
When discussing a physical door, use a space, as in back door.
Adding features from a new software version into an older version of the same software.
The speed or capacity of a data network measured in volume over units of time, as in 50Mbps.
An SSL vulnerability and attack. So named because its security implications were realized 13 years after it first appeared in the codebase.
Ex: host-based, logic-based, role-based
A Unix command-line interpreter and command language. The default login shell for Linux and macOS.
Beginner’s All-purpose Symbolic Instruction Code. A programming language. Do not spell out.
A host often used as a gateway to pivot into other hosts. It should be specially hardened.
Business continuity plan. Spell out on first use.
An SSL/TLS attack.
Browser Exploitation Framework.
Bit error rate. It can also stand for Basic Encoding Rules, so spell out on first use.
Practice that aligns with compliance guidelines or industry standards. Sometimes “best” practices are actually baseline requirements. In those cases, refer to them as standard practices, industry standards, basic requirements, or foundational controls. Corporate jargon; use sparingly.
An informal name for Bishop Fox. Use very sparingly and only where space is limited.
Border Gateway Protocol. Spell out on first use.
Business impact analysis. Spell out on first use.
The symbol of totalitarian surveillance from the novel Nineteen Eighty-Four. Big Brother is watching you.
A load balancer. Pronounced like “big-I-P.”
The base-2 number system used by computers. 0 or 1. Also describes data stored in this way, as in binary executable files.
A DNS server.
A brute-force cryptographic attack that exploits mathematical probability theory to achieve a hash collision. (The birthday paradox states that in a room of 23 people, the likelihood of two people having the same birthday is 50%, even though it seems less likely than that.)
Offensive security company founded in 2006.
A binary digit. When abbreviated, use lowercase b for bits and uppercase B for bytes.
Ex: a key length of at least 2048 bits, a 2048-bit RSA key
An Atlassian product for Git and Mercurial.
A digital cryptocurrency created by an unknown party known as Satoshi Nakamoto.
Changing a bit from
1. This may describe a logical operation, an error, or an attack.
Microsoft Windows disk encryption software.
Black-box testing is done without prior knowledge of the environment. Also refers to the flight recorders found on planes.
A series of annual security conferences that happen in the USA, Europe, and Asia. https://www.blackhat.com/
Consider using the alternate terms denylist or blocklist.
Our preferred term in formal writing to describe unindexed, illegal online activity hubs. Tor and I2P are colloquially known as “dark web” browsers.
A British anthology TV series. Each episode focuses on an aspect of the societal consequences of advanced technology.
An SSH certificate authority.
During a blind attack, the attacker is unable to view the outcome of an action.
Binary large object.
An Azure service.
A ledger of transactions. Beware of products that claim to solve all problems through the use of blockchains.
An alternative term for blacklist. Use this term to match client preference in client-facing documents.
A tool used to map access relationships in Microsoft environments.
An encryption algorithm.
A Microsoft vulnerability (CVE-2019-0708) that was disclosed in May of 2019.
To fatally fail. To abruptly, definitively, and catastrophically stop working (like a program or system). Informal.
Blue teams run scenarios to defend a target or environment from potential attackers. They reduce the attack surface, employ hardening strategies, and use honeypots.
A unifying wireless system named after Harald Bluetooth, a Norwegian king.
Bluetooth Low Energy. Spell out on first use.
Baseboard management controller. Spell out on first use.
A sentient video game console-shaped cartoon robot from Adventure Time. Pronounced like “B-moh.”
An IT support portal.
Used in expressions in code to evaluate a condition, or in search terms to filter results. Write in tech font.
The verb form is often used with “up.”
An automated program like a chatbot or Twitterbot.
A network of bots sometimes used in ransomware attacks.
A variant of the CRIME exploit.
To describe the specific impact of a breach, you can say that information was exposed, disclosed, obtained, or stolen.
A intentional stopping point in code to allow debugging.
An old, heavy cell phone or a dead device. A bricked device is irrecoverably broken. Informal.
Describes software developed for legacy applications or environments.
A trial-and-error attack conducted against a security mechanism such as a password or encryption key.
Berkeley Software Distribution. A Unix derived operating system.
A global series of security events. http://www.securitybsides.com/
When discussing a type of bucket, use the normal font. When discussing a specific bucket’s name, use the tech font, as in “the
A crowdsourced bug bounty security company.
A web application proxy. Do not shorten to Burp in formal writing.
A connection between computer components.
Ex: address bus, serial bus
Spell out on first use.
Bring your own device. Describes policies that allow employees to use their own computers and phones for work. BYOD is pronounced as letters or the whole phrase.
A byte is eight bits. Kilobyte (KB), megabyte (MB), gigabyte (GB), terabyte (TB), petabyte (PB), exabyte (EB). Always write out bytes and bits, as in 10 bytes. Use the abbreviation for larger units. No space between number and unit, as in 64TB. Within abbreviations, use uppercase B for bytes (KB), lowercase b for bits (Gb).