Decoding Cybersecurity Lingo

Cybersecurity Glossary

Welcome to our comprehensive Cybersecurity Glossary – your definitive guide to the intricate language of cybersecurity. As cyber threats continue to evolve, so does the lexicon used to describe them. Whether you’re a professional delving deeper into the world of digital protection or a curious individual navigating the vast expanse of cyber terminology, our glossary offers clear and concise explanations for every term. From firewalls and VPNs to botnets and beyond, unlock the meanings behind the buzzwords and jargon that dominate the cybersecurity landscape. Bookmark this page and stay updated with the essential vocabulary every internet user should know.


WAF, or Web Application Firewall, is a security system that monitors, filters, and blocks potentially harmful HTTP traffic to and from a web application. It protects web applications from various online threats such as SQL injection, cross-site scripting, and other web-based attacks.


CDN, or Content Delivery Network, is a system of distributed servers that deliver web content and resources to users based on their geographic location, ensuring faster load times and reduced server load.


DNSSEC is a security protocol that adds an extra layer of protection to the DNS for a domain. It works by digitally signing DNS entries to ensure they are not manipulated or forged during transit, and helps verify the authenticity and integrity of the website and services connected to your domain.


Malware, short for malicious software, is any software designed to harm, exploit, or damage any computer, server, client, or computer network.


Phishing is a fraudulent attempt to obtain sensitive information, such as usernames, passwords, or credit card details, by disguising as a trustworthy entity, often through deceptive emails or websites.

Social Engineering

Social Engineering, in a cybersecurity context, refers to manipulating individuals into divulging confidential information or performing actions that compromise security, often through deception or persuasion.


A network security device or software that monitors and filters incoming and outgoing network traffic based on established security policies.


A type of malware that encrypts a victim’s files, then demands payment in exchange for the decryption key.

Two-Factor Authentication (2FA)

An extra layer of security requiring not only a password and username but also a piece of information only the user knows or has access to.


A network of private computers infected with malicious software and controlled as a group without the owners’ knowledge, often used for sending spam or launching DDoS attacks.

DDoS (Distributed Denial of Service)

An attack where multiple systems flood a targeted system or resource with traffic, causing it to become overwhelmed and unavailable to users.


The practice and study of techniques for securing communication and data from adversaries.

Intrusion Detection System (IDS)

A system or software that monitors network traffic for suspicious activity or violations and alerts administrators.


A software vulnerability that is unknown to those who would be interested in fixing the vulnerability, making it particularly valuable to malicious actors.

Endpoint Security

The protection of internet-connected devices (endpoints) like computers, mobile devices, and networks from potential threats.

HTTPS (Hyper Text Transfer Protocol Secure)
The secure version of HTTP, which ensures data transfer between a user’s browser and the website is encrypted and secure from eavesdropping.
Brute Force Attack
An attack method where an attacker tries numerous combinations of usernames and passwords to gain unauthorized access to a website.
Cross-Site Scripting (XSS)

A vulnerability in web applications that allows attackers to inject malicious scripts into web pages viewed by users.

Cross-Site Request Forgery (CSRF)

An attack that tricks users into performing unintended actions on a website where they’re authenticated, potentially causing unwanted changes or revealing sensitive data.

SQL Injection

An attack technique where malicious SQL code is inserted into input fields to manipulate or exploit a website’s database.

Content Security Policy (CSP)

A security feature implemented by web servers to prevent XSS attacks by controlling which sources of content are allowed to be loaded by web browsers.

Directory Traversal

An attack method that allows attackers to access restricted directories and execute commands outside of the web server’s root directory.

Session Hijacking

An attack where an unauthorized user takes over a legitimate user’s online session, often to steal sensitive data or perform malicious actions.

Drive-by Download

An unexpected download of malicious software onto a user’s system when they visit a compromised website.


Malicious script uploaded to a web server which allows an attacker remote access and control over the website.