New from Ponemon Institute: The State of Offensive Security in 2023. Read the Report ›
Pronounced as “demon” or “day-mun.” A background system process on a computer. Daemon processes often include the letter D at the end, as in
An electrical engineering wiring scheme. Informal.
A Bishop Fox creation. A Raspberry Pi on a drone that can access tall buildings inconspicuously as a flying hacker laptop.
Short for decentralized autonomous organization or data access object. Spell out on first use.
A nebulous term (along with “dark web” and “deep web”) written and used inconsistently to refer to unindexed online black markets. In formal writing, it’s better to call it the black market or specify the site or service.
A security industry publication.
Always write data in the singular, as in “the data was recovered.”
Use the tech font for data URIs.
Write out dates (e.g., October 15, 2020) where possible to avoid day/month confusion with global audiences.
A one-day, women-centered security conference. https://www.dayofshecurity.com/
Ex: day-to-day activities
Database. Spell out on first use unless it’s part of a name, as in MongoDB or IMDb.
Database administrator. Pronounced as letters. Spell out on first use in public-facing documents.
Short for “doing business as.”
Dynamic Data Exchange. Spell out on first use.
Distributed denial of service. Pronounced “D-doss” or as letters. Spell out on first use.
Short for double data rate or the arcade game Dance Dance Revolution. Spell out on first use to clarify your intended meaning.
OK to use in formal writing.
Avoid using this term. If possible, try a more specific description like revoke a token or end a session.
Short for decapsulate. To remove the outer coating from a chip.
To tell a program that a function exists before the function has been defined.
Short for decommissioned. Informal.
Famous IBM chess-playing AI. The name was inspired by Deep Thought: the fictional supercomputer in The Hitchhiker’s Guide to the Galaxy.
AI-fabricated video, originally used in pornography.
An annual security conference in Las Vegas. https://www.defcon.org/
Defense readiness condition. A U.S. military alert scale that is set at DEFCON 5 during peacetime and elevates to DEFCON 4 and above during threatening situations.
Ex: If you are interested in defense in depth, employ a defense-in-depth strategy.
Spell out on first use. DoS is pronounced as “doss” or the whole phrase.
Ex: A denial of service is caused by denial-of-service attacks.
Bishop Fox’s preferred alternative term to blacklist. Rephrase to avoid using this term as a verb in formal writing.
Frustration from software malfunctions caused by errors in third-party software. Informal.
Describes hardware or software that is considered retired but left in for backward compatibility; included but outdated and unsupported.
Data Encryption Standard. A symmetric-key encryption cipher. DES is pronounced as letters or “dezz.” Do not spell out; briefly define on first use.
The process of reconstructing a serialized object. Do not use this interchangeably with “unserialize.” There is an
unserialize() function in PHP.
Latin for “god from the machine.” A plot device in which an unresolvable problem is conveniently fixed by an unlikely solution.
Short for developer or a system in development, as opposed to a production (
prod) system. Also called
Short for development, security, operations. Corporate jargon.
Diffie-Hellman key exchange.
Dynamic HTML. Do not spell out.
An annual, women-centered security conference held at the same time as DEF CON in Las Vegas.
Digital Imaging and Communications in Medicine. The standard for managing medical imaging information.
A brute-force attack in which words from a list such as a dictionary or prior security breach are used to guess a password or decrypt a cipher.
A tool that finds the differences between two files, or the output of such a tool. Can also refer to the Linux tool
A method for securely exchanging secret information.
A common suffix for Bishop Fox tools created by Fran Brown.
Ex: GoogleDiggity, SearchDiggity, ZipDiggity
If it’s a type of directive, use the normal font. If it’s a named directive, use the tech font, as in “
SetCookies directive” or “
Also called a folder. If it’s a type of directory, use the normal font. If it’s a named directory, use the tech font, as in ”the
Also called path traversal.
Dirty copy-on-write; the CVE-2016-5195 vulnerability.
A messaging platform that originally focused on video gaming.
Short for distribution, as in a version of Linux. Informal.
DomainKeys Identified Mail. This standard allows messages that originate from a protected domain to be cryptographically signed. Pronounced “D-kim.” Spell out on first use.
Data loss prevention.
Short for direct message or dungeon master in Dungeons and Dragons. Both are informal.
Direct memory access. An exploitable hardware feature.
Domain-based Message Authentication, Reporting and Conformance. This protocol allows an organization to instruct other mail servers on what to do when fraudulent mail from the protected domain is received. Pronounced “D-mark.”
Digital Millennium Copyright Act. A U.S. copyright law. Spell out on first use.
Demilitarized zone. Also known as a perimeter network. It refers to a less secured portion of a network between external firewalls and the WAN connection.
Short for Distinguished Name in the LDAP API. Spell out on first use.
Domain Name System. Types of records stored in the DNS database include IP addresses, name servers, SMTP mail exchangers, and Start of Authority (SOA). Do not spell out.
Short for document. Do not use in formal writing.
The practice of a company deliberately using the product they make. Corporate jargon; do not use in formal writing.
Department of Justice.
Document Object Model. Pronounced “dahm.”
Write domain names in tech font.
An object that interfaces with a port and protrudes from it.
Ex: Bluetooth adapter, USB drive
Disk Operating System. This is unlikely to come up in our formal writing, but readers may confuse denial of service (DoS) with this.
Denial of service; a common vulnerability. Spell out on first use. DoS is pronounced as “doss” or the whole phrase.
A type of configuration file.
A cryptographic attack that takes advantage of backward compatibility.
Ex: POODLE attack
Revealing PII to maliciously target an individual online and IRL.
The data protection API used in some Microsoft products. Pronounced as letters. Spell out in public-facing writing.
Damage, reproducibility, exploitability, affected users, and discoverability: five categories of security threats. A risk assessment model.
A data storage device. If it’s a type of drive, use the normal font. If discussing a drive by name, use the tech font, as in “the
Describes a method of attack that does not require direct user interaction. A drive-by download delivers malicious software without the user noticing their device is compromised.
Always hyphenate, as in “server-driven.”
Digital rights management. Spell out on first use.
Decrypting RSA with Obsolete and Weakened eNcryption attack. A TLS bug. Do not spell out.
Informal. For the verb, try download, exfiltrate, extract, gather, remove, retrieve, take, or view instead. For the noun, use extraction.
A file from a memory dump, core dump, stack dump, hex dump, heap dump, etc. Informal.