New from Ponemon Institute: The State of Offensive Security in 2023. Read the Report ›
An authentication protocol standard. Pronounced as “O-auth.” Do not spell out.
A programming language.
Off-by-one error. Spoken out loud as the whole phrase. Always spell out in formal writing.
Optical character recognition. Pronounced as letters or the whole phrase. Spell out on first use.
Open Data Protocol. A RESTful means of exposing access to a data store. Do not spell out unless defining the term.
Original equipment manufacturer. Spoken out loud as letters or the whole phrase. Spell out on first use.
Off-the-block cryptocurrency transactions.
Offensive security. Informal. Spell out on first use in public-facing documents.
Avoid using this term to describe websites. To discuss open redirects, focus on origins instead.
Ex: They attended an off-site team building event. The team went off site.
Object-Graph Navigation Language. An open source language. Vulnerable to injection attacks. Pronounced as “ogg-null.”
Informal. Do not use in formal reports outside of the 200 OK response, quoted code, and tables.
A company providing enterprise identity control. Some of our clients use Okta SSO internally.
…omitted for brevity…
This phrase indicates that irrelevant parts of the quoted code have not been included.
A command-line script on one line.
A satirical news site.
Hidden services On Tor.
Ex: Wikipedia is an online encyclopedia. A functioning system is on line.
Short for on-premises. Informal.
On-site at a physical location. Often used to describe servers not on the cloud.
Ex: It was an on-site engagement. The team went to an on-site. The team was on site.
Out-of-band. Spoken out loud as the whole phrase. Spell out on first use.
Object-oriented programming. Pronounced as letters or the whole phrase. Spell out on first use.
Operation code. A piece of a machine language instruction. Do not spell out as a phrase.
Software with its source code made available to encourage modifications. In common usage, this is often used interchangeably with “free software.” However, some open source software may not be free due to restrictions on modification and distribution.
Open source VPN software.
Another term for a security researcher, more commonly used in the military and NSA, and also used by Bishop Fox’s Cosmos service.
Tools used to decrypt credentials during security assessments.
Operations security. Pronounced as “opp-seck.” Do not spell out. OPSEC can also refer to Check Point’s Open Platform for Security framework. Briefly define if you’re writing about the framework.
Object-relational mapping. A technique that uses object-oriented programming to interact with a database. Spell out on first use.
Orphan web pages are not linked to by any other pages on the same site.
Operating system. Pronounced as letters. To pluralize, spell it out as operating systems instead of “OS’s” or “OSes.”
Offensive Security Certified Professional. Pronounced as letters. Do not spell out when appending as a certification title to a person’s name. Other similar certifications include OSCE and OSWE.
Open Services Gateway Initiative. A Java framework for developing and deploying modular applications. Do not spell out unless defining the framework.
Open source intelligence. Pronounced as “O-S-int” or “O-sint.” Spell out on first use.
Open source software. Spell out on first use. Do not use as an adjective.
Short for USB On-The-Go. Informal. Spell out on first use.
Short for “one-time password” in security or “one true pairing” in online fandom communities. Pronounced as letters or the whole phrase. Spell out on first use.
Ex: It was an out-of-scope server. The service was out of scope.
Outlook Web Access. Spoken out loud as the whole phrase. Spell out on first use.
Every few years, the Open Web Application Security Project curates a list of the top 10 threats in information security. Pronounced “O-wasp.” https://www.owasp.org/
A web vulnerability proxy and scanner.