Skip to content

Latest commit

 

History

History
63 lines (61 loc) · 4.95 KB

glossary.md

File metadata and controls

63 lines (61 loc) · 4.95 KB
Raw
description
Find here some terms you may not heard of...

Glossary

  • **DevOps: "**DevOps" combines development and operations to unite people, process and technology in all software lifecycle [source].
  • GitOps: "GitOps" uses Git repositories as a single source of truth to deliver infrastructure as code [source].
  • DevSecOps: "DevSecOps" stands for development, security, and operations. It's an approach to culture, automation, and platform design that integrates security as a shared responsibility throughout the entire IT lifecycle [source].
  • SasS: short for "Software as a Service".
  • SAST: short for "Static Application Security Testing". Analysing source code to identify vulnerabilities.
  • DAST: short for "Dynamic Application Security Testing". Analysing the application from the outside using the available outputs and inputs (a black-box approach).
  • IAST: short for "Interactive Application Security Testing". Combine static and dynamic techniques to improve testing [source].
  • SDLC: short for "Software Development Lifecycle". Is the cost-effective and time-efficient process that development teams use to design and build high-quality software [source].
  • SCA: short for "Software Composition Analysis". Analysing dependencies in a codebase to manage exposure to security and/or license compliance issues.
  • SRE: short for "Site Reliability Engineering".
  • K8s: short-way to write "Kubernetes".
  • IaC: short for "Infrastructure as Code", using DevOps methodology and versioning with a descriptive model to define and deploy infrastructure [source].
  • SBOM: short for "Software Bill Of Materials", is a nested inventory that make up software components. They include critical information about the libraries, tools, and processes used to develop, build, and deploy a sofware artifact [source].
  • AIO: short for "All In One".
  • CVE: short for "Common Vulnerabilities and Exposures", is a list of publicly disclosed computer security flaws [source].
  • VM: short for "Virtual Machine".
  • AWS: short for "Amazon Web Services".
  • GCP: short for "Google Cloud Platform".
  • GH: short for "GitHub".
  • GHAS: short for "GitHub Advanced Security".
  • CSPM: short for "Cloud Security Posture Management".
  • IDS: short for "Intrusion Detection System".
  • IPS: short for "Intrusion Protection System".
  • SOC: short for "System and Organization Controls".
  • CERT: short for "Computer Emergency Response (or readiness) Team".
  • CSIRT: short for "Computer Security Incident Response Team".
  • CIRT: short for "Computer Incident Response Team" or (less frequently) "Cybersecurity Incident Response Team".
  • SOAR: short for "Security Orchestration, Automation and Response".
  • SIEM: short for "Security Information and Event Management".
  • SIM: short for "Security Information Management".
  • SEM: short for "Security Event Management".
  • DFIR: short for "Digital Forensics and Incident Response".
  • SCAP: short for "Security Content Automation Protocol".
  • CSP: short for "Content Security Policy".
  • OSS: short for "Open Source Software".
  • XSS: short for "Cross-Site Scripting".
  • RSS: short for "Really Simple Syndication", a XML format to distribute content in the web.
  • REST: acronym for "REpresentational State Transfer", an architectural style for distributed hypermedia systems.
  • E2E: short for "End to End".
  • SSL: short for "Secure Sockets Layer", to protect connections.
  • TLS: short for "Transport Layer Security", transport protocol.
  • JWT: short for "JSON Web Token".
  • OTP: short for "One Time Password".
  • OATH: short for "Open Authentication".
  • X509: standard defining the format of public key credentials.
  • UFW: short for "Uncomplicated Firewall", a Linux firewall.
  • DSL: short for "Domain-specific language".
  • CI: short for "Continuous Integration".
  • CD: short for "Continuous Delivery".
  • HW: short for "Hardware".
  • OCI: short for "Oracle Cloud Infrastructure" or "Open Container Initiative".
  • MDR: short for "Managed Detection and Response".
  • MSS: short for "Managed Security Services".
  • CIS: short for "Cyber Intelligence Services" (also the abbreviation for the "Center of Internet Security").
  • RTS: short for "Red Team Services".
  • GRC: short for "Governance, Risk and Compliance".
  • CTI: short for "Cybersecurity Technology Integration".