New from Ponemon Institute: The State of Offensive Security in 2023. Read the Report ›
A programming language.
A situation in which the latency in a system allows an attacker to perform actions outside the expected order of operations. These actions race against a system’s internal timing and may give attackers access to sensitive information or the ability to purchase items without spending money.
Random access memory. Pronounced as “ram.” Do not spell out.
A Google AI algorithm that helps sort search results.
Malware that threatens to publish or delete data unless a ransom is paid.
A small single-board computer.
Ex: Raspberry Pi 3 Model B, Raspberry Pi Zero W
Remote access trojan. Pronounced as “rat.” Spell out on first use.
Write with a colon and no space, as in 32:9.
Risk-based auditing, authentication, or approach. Spell out on first use.
Role-based access control. Spell out on first use.
Numerous Occurrence MOnitoring & Recovery Exploit. An attack that affects the RC4 cipher. RC4 is pronounced as letters and numbers or as “ark-four.” Do not spell out.
Remote code execution. Pronounced as letters or the whole phrase. Spell out on first use.
Remote copy. A command in Unix that allows the transfer of files to and from another system over the network.
Short for receipt. A command in SMTP.
Remote Desktop Protocol. Do not use as a verb. Pronounced as letters or the whole phrase. Spell out on first use in public-facing documents.
Amazon Relational Database Service. Pronounced as letters or the whole phrase. Spell out on first use.
Ex: It offers real-time monitoring. Events occur in real time.
Google’s proprietary CAPTCHA system.
Indicates a censored section of code, often passwords or PII. Use the tech font if it’s part of a code snippet. Redact your images by adding black boxes in image editing software outside of your word processor.
The Reddit mascot is named Snoo.
A Linux operating system or the company that made it. The operating system’s full name is Red Hat Enterprise Linux.
An open source in-memory key value store.
A future casualty; cannon fodder; a minor character who is likely to die. Originally, auxiliary crew members of the Star Trek Enterprise who often died during missions. Informal.
A tool used during security assessments.
A type of offensive engagement. Define briefly on first use to clarify your intended meaning.
To lower the likelihood of an attack. Not synonymous with “mitigate,” which lessens the severity of an attack.
An attack pattern in which a payload is copied verbatim onto a victim’s context.
Regular expression. Pronounced as “redge-X” or “regg-X.”
A logical group of keys and values in the Windows Registry. Often targeted by attackers to steal hashed credentials.
Ex: System, SAM
When a previously remediated vulnerability becomes exploitable again.
The process of improving a system to a known good state in which elements of a vulnerability or its impact have been eliminated.
Fictional android in 1982’s Blade Runner.
Short for repository. Informal.
If referring to a title or a report in general, capitalize it in the normal font, as in “the Acme Application Assessment 2020 report.” If referring to the specific filename or path, use the tech font.
Use the normal font for all types of requests.
Ex: GET request, pull request
Use the normal font for all types of responses.
Ex: HTTP 200 OK response
To retroactively change the continuity of a story in a “do-over.” Informal.
Ex: This finding was not retested.
A reverse engineer. Informal.
Short for remote execute. Pronounced as “R-exec.”
Radio frequency. Spell out on first use.
The Remote Frame Buffer protocol. Spell out on first use.
Request for Comments. A formal document from the IETF made by a committee and then formally reviewed. For example, the RFC 1918 memorandum assigns private IP addresses. Pronounced as letters. Define on first use in public-facing documents.
Radio frequency identification card. Do not spell out.
Request for proposal. Spell out on first use in public-facing documents.
Red Hat Enterprise Linux. Pronounced as “rell.” Spell out on first use.
A search tool used during pen testing. Use the tech font when writing the command.
Reduced instruction set computer. This architecture is used in some microprocessors. Do not spell out.
The perceived threat of a security weakness based on the business impact, likelihood of exploitation, and cost to mitigate or reduce the threat.
A Bishop Fox tool for exploiting Java services. Pronounced like “army-scout.”
Random number generator. Spell out on first use.
A large password-cracking dictionary made from a 2009 data breach of the company RockYou.
To return to a previous version of software that is known to be problem-free due to an issue in the most recent version.
To gain root-level access. OK to use in formal writing when discussing Android mobile devices. Informal in other uses. When discussing iOS, use jailbreak instead.
Use the tech font when referring to a specific
root account or user. Use regular font when referring to a more general instance, such as the root of an XML document or a web root.
A collection of exploitation tools designed to gain root-level access to a target operating system.
A capture-the-flag competition and its supporting software infrastructure.
Return-oriented programming. Spell out on first use.
Ruby on Rails. A web application framework. Sometimes just called Rails. Spoken out loud as the whole phrase. Spell out or briefly define on first use.
Remote procedure call. Spell out on first use.
This refers to a tech company, an annual San Francisco security convention, and an encryption algorithm. RSA stands for the last names of the three co-founders. Pronounced as letters. Do not spell out. https://www.rsaconference.com/
Short for remote shell. Allows the execution of non-interactive programs on another system. Pronounced as letters or “R-shell.”
If it exists, there is porn of it. Informal.
A command to execute a program by “running as” another user.
Ex: The common language runtime. The runtime of Blade Runner. A run-time function or analytic. Run-time errors.
A programming language.
A ransomware attack.