Glossary

#

2FA

Two-Factor Authentication (2FA) is a security method that requires users to provide two types of authentication factors to confirm their identity. It is considered a subset of MFA, since MFA (Multi-Factor Authentication) can involve two or more verification factors, while 2FA specifically means exactly two

A

Application Security

Application security is the practice of protecting software from vulnerabilities and attacks across the entire SDLC. Learn its importance, common threats, and lifecycle practices for securing modern applications in cloud and container environments.

Application Security Assessment

An application security assessment is the process of identifying and fixing vulnerabilities in software. Learn its goals, components, common tools, and challenges to protect applications from cyber threats.

Application Security Life Cycle

The application security life cycle integrates security into every phase of software development—from planning and design to deployment and maintenance. Learn its stages, best practices, and why it is critical for protecting modern applications.

Application Security Testing

Application Security Testing (AST) means checking applications for weaknesses that attackers could use. Common AST methods include SAST, DAST, and IAST, which help keep software secure at every stage of development.

D

Dynamic Application Security Testing (DAST)

Dynamic application security testing, or DAST, is a way to check an application's security while it is running. Unlike SAST, which looks at the source code, DAST tests security by simulating real attacks like SQL Injection and Cross-Site Scripting in a live setting

I

Interactive Application Security Testing (IAST)

Interactive Application Security Testing (IAST) is a method that blends SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing) to find application vulnerabilities more effectively.

M

MFA (Multi-Factor Authentication)

Multi-factor authentication is a security method that requires two or more types of verification to access an application or system. MFA adds an extra layer of protection, so you are not just relying on a password

P

Phishing

Phishing is type of social engineering attack where attackers potray as trusted entities either banks, cloud services, working mate, etc to trick victim so they reveal their sensitive information like password, credit card number or other credentials.

S

Software Composition Analysis (SCA)

Software Composition Analysis (SCA) is security process to identifies and manage risks in third-party libraries used within application

SQL Injection (SQLi)

SQL Injection (SQLi) is a type of attack where attackers input malicious SQL statement into input field to manipulate database.

SSDLC

SSDLC (Secure Software Development Life Cycle) is an extension of the traditional SDLC that embeds security practices into every stage of software development—design, coding, testing, deployment, and maintenance. Its goal is to identify and address vulnerabilities early, reducing costly fixes and ensuring more secure applications.

Static Application Security Testing (SAST)

SAST is a type of application security testing that checks an application's source code (the original code written by developers), dependencies (external libraries or packages the code relies on), or binaries (compiled code ready to run) before it runs.

X

XSS (Cross-Site Scripting)

Cross-Site Scripting, or XSS, is a security flaw in websites that lets attackers add harmful scripts to web pages. Most of the time, these scripts are written in JavaScript.

Z

Zero Trust

Zero Trust is a cybersecurity concept that assumes no device, user, or application should be trusted, even if inside the network perimeter. Access is only granted after verification of device health, identity, and context.