Bishop Fox named “Leader” in 2024 GigaOm Radar for Attack Surface Management. Read the Report ›

Version 2.0

Cybersecurity Style Guide

O

OAuth

An authentication protocol standard. Pronounced as “O-auth.” Do not spell out.

Related:

Objective-C

A programming language.

OBOE (n.)

Off-by-one error. Spoken out loud as the whole phrase. Always spell out in formal writing.

Related:

OCI

Oracle Cloud Infrastructure. Spell out on first use.

oclHashcat

An older version of hashcat.

Related:

OCR (n. or adj.)

Optical character recognition. Pronounced as letters or the whole phrase. Spell out on first use.

OData

Open Data Protocol. A RESTful means of exposing access to a data store. Do not spell out unless defining the term.

OEM, OEMs (n.)

Original equipment manufacturer. Spoken out loud as letters or the whole phrase. Spell out on first use.

Related:

off-by-one error (OBOE) (n.)

Always spell out in formal writing.

Related:

off-chain (adj.)

Off-the-block cryptocurrency transactions.

offsec or OffSec (n.)

Offensive security. Informal. Spell out on first use in public-facing documents.

Related:

off-site (adj.), off site

Avoid using this term to describe websites. To discuss open redirects, focus on origins instead.

Ex: They attended an off-site team building event. The team went off site.

Related:

OGNL

Object-Graph Navigation Language. An open source language. Vulnerable to injection attacks. Pronounced as “ogg-null.”

OK

Informal. Do not use in formal reports outside of the 200 OK response, quoted code, and tables.

Okta

A company providing enterprise identity control. Some of our clients use Okta SSO internally.

…omitted for brevity…

This phrase indicates that irrelevant parts of the quoted code have not been included.

Related:

on-demand (adj.), on demand

Ex: on-demand services, services on demand

Related:

one-liner (n.)

A command-line script on one line.

The Onion

A satirical news site.

.onion sites

Hidden services On Tor.

online (adj. or n.), on line

Ex: Wikipedia is an online encyclopedia. A functioning system is on line.

Related:

on-prem (adj.)

Short for on-premises. Informal.

on-premises (adj.)

On-site at a physical location. Often used to describe servers not on the cloud.

on-site (n. or adj.), on site

Ex: It was an on-site engagement. The team went to an on-site. The team was on site.

OOB (adj.)

Out-of-band. Spoken out loud as the whole phrase. Spell out on first use.

OOP (n.)

Object-oriented programming. Pronounced as letters or the whole phrase. Spell out on first use.

Related:

opcode (n.)

Operation code. A piece of a machine language instruction. Do not spell out as a phrase.

OpenID

An authentication protocol.

Related:

open source (adj.)

Software with its source code made available to encourage modifications. In common usage, this is often used interchangeably with “free software.” However, some open source software may not be free due to restrictions on modification and distribution.

OpenVPN

Open source VPN software.

operator (n.)

Another term for a security researcher, more commonly used in the military and NSA, and also used by Bishop Fox’s Cosmos service.

OpManager Decrypter

Tools used to decrypt credentials during security assessments.

OPSEC or OpSec (n.)

Operations security. Pronounced as “opp-seck.” Do not spell out. OPSEC can also refer to Check Point’s Open Platform for Security framework. Briefly define if you’re writing about the framework.

Related:

ORM (n.)

Object-relational mapping. A technique that uses object-oriented programming to interact with a database. Spell out on first use.

Related:

OOP
orphan (n.), orphaned (adj.)

Orphan web pages are not linked to by any other pages on the same site.

OS (n.)

Operating system. Pronounced as letters. To pluralize, spell it out as operating systems instead of “OS’s” or “OSes.”

OSCP

Offensive Security Certified Professional. Pronounced as letters. Do not spell out when appending as a certification title to a person’s name. Other similar certifications include OSCE and OSWE.

Related:

OSGi

Open Services Gateway Initiative. A Java framework for developing and deploying modular applications. Do not spell out unless defining the framework.

OSINT (n.)

Open source intelligence. Pronounced as “O-S-int” or “O-sint.” Spell out on first use.

OSS (n.)

Open source software. Spell out on first use. Do not use as an adjective.

OT (n.)

Operational technology. Spell out on first use.

Related:

IT
OTA (adj.)

Over-the-air (programming). Spell out on first use.

OTG

Short for USB On-The-Go. Informal. Spell out on first use.

OTP, OTPs (n.)

Short for “one-time password” in security or “one true pairing” in online fandom communities. Pronounced as letters or the whole phrase. Spell out on first use.

out-of-band (OOB) (adj.)

Spell out on first use.

Related:

out-of-scope (adj.), out of scope

Ex: It was an out-of-scope server. The service was out of scope.

Related:

OWA

Outlook Web Access. Spoken out loud as the whole phrase. Spell out on first use.

OWASP, OWASP Top 10

Every few years, the Open Web Application Security Project curates a list of the top 10 threats in information security. Pronounced “O-wasp.” https://www.owasp.org/

OWASP Zed Attack Proxy

A web vulnerability proxy and scanner.

-owned (adj.)

Always hyphenate.

Ex: attacker-owned, client-owned, government-owned

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.