Skip to main content
Blog
Vendor
Glossary
Resources
Sign in
Blog
Vendor
Glossary
Resources
Sign in
Home
/
Glossary
AppSec Glossary
Definitions for application security and software supply chain practitioners.
Browse by category
Attack Techniques
27 terms
Vulnerability Management
26 terms
Identity and Access Management
25 terms
Software Supply Chain
24 terms
Application Security
22 terms
Cloud Security
19 terms
Application Security Testing
18 terms
DevSecOps
17 terms
Data Security
14 terms
AI Security
13 terms
Security Operations
12 terms
API Security
10 terms
Governance and Compliance
10 terms
Threat Modeling
10 terms
Browse A-Z
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
Showing
247 terms
A
AI Agent Security
AI Red Teaming
API Abuse
API Discovery
API Enumeration
API Gateway
API Posture Management
API Schema Validation
API Security
Abuse Case Modeling
Access Control
Adversarial Machine Learning Attacks
Agent Tool Abuse
Anomaly Detection
Application Detection and Response
Application Layer Encryption
Application Monitoring
Application Risk
Application Security
Application Security Posture Management
Artifact Registry Security
Artifact Signing
Artificial Intelligence Security
Attack Path
Attack Path Analysis
Attack Surface
Attack Vector
Attribute-Based Access Control
Audit Logging
Authentication
Authorization
Autonomous Agent Risk
B
Breach and Attack Simulation
Broken Access Control
Broken Authentication
Broken Function Level Authorization
Broken Object Level Authorization
Brute Force Attack
Bug Bounty Programs
Build Provenance
Build Security
Business Logic Attacks
Business Logic Vulnerabilities
C
CI/CD Security
Cache Poisoning
Clickjacking
Cloud Identity and Access Management
Cloud Security Posture Management
Cloud Workload Protection Platform
Cloud-Native Application Protection Platform
Cloud-Native Security
Code Signing
Command Injection
Common Vulnerabilities and Exposures
Common Vulnerability Scoring System
Compensating Controls
Compliance as Code
Configuration Drift
Container Escape
Container Hardening
Container Security
Content Security Policy
Continuous Compliance
Continuous Security Validation
Control Mapping
Cookie Security
Coordinated Vulnerability Disclosure
Credential Stuffing
Cross-Origin Resource Sharing
Cross-Site Request Forgery
Cross-Site Scripting
D
Data Access Auditing
Data Classification
Data Loss Prevention
Data Masking
Data Minimization
Data Poisoning
Data Protection
Defense in Depth
Dependency Confusion
Dependency Management
Dependency Pinning
Dependency Scanning
Deserialization Attacks
Detection Engineering
Developer Security Training
Development Security and Operations
Directory Traversal
Drift Detection
Dynamic Application Security Testing
E
Encryption Key Rotation
Encryption at Rest
Encryption in Transit
Environment Isolation
Ephemeral Workloads
Exploit Chaining
Exploit Prediction Scoring System
Exploitability
Exposure Management
Exposure Validation
F
False Negatives
False Positives
Fine-Grained Authorization
Function-as-a-Service Security
Fuzz Testing
G
GraphQL Introspection Abuse
GraphQL Security
H
HTTP Request Smuggling
Hallucination Exploitation
Host Header Injection
I
IDE Security Plugins
Identity Federation
Identity Threat Detection and Response
Identity and Access Management
Image Scanning
Immutable Infrastructure
Indicators of Attack
Indicators of Compromise
Infrastructure as Code Security
Injection Attacks
Insecure Deserialization
Instance Metadata Attacks
Interactive Application Security Testing
J
JSON Web Token
Jailbreaking
Just-Enough Access
Just-in-Time Access
K
Key Management
Kill Chain
Known Exploited Vulnerabilities
Kubernetes Security
L
Large Language Model Security
Lateral Movement
Least Privilege
Lockfiles
M
Machine Identity Management
Maintainer Account Takeover
Malicious Packages
Man-in-the-Middle Attack
Membership Inference Attacks
Memory Corruption
Memory Safety
Microsegmentation
Misuse Cases
Model Drift
Model Inversion Attacks
Model Security
Model Supply Chain Security
Multi-Factor Authentication
N
Network Segmentation
O
OAuth
OWASP API Security Top 10
Open Redirect
OpenID Connect
Output Filtering
P
PASTA
Package Integrity
Parameter Pollution
Password Spraying
Penetration Testing
Personally Identifiable Information
Pipeline Security
Policy Enforcement
Policy as Code
Pre-commit Hooks
Privacy by Design
Privilege Escalation
Privileged Access Management
Prompt Injection
Provenance Attestation
Purple Teaming
R
Race Conditions
Rate Limit Bypass
Rate Limiting
Reachability Analysis
Remote Code Execution
Replay Attack
Reproducible Builds
Responsible Disclosure
Retrieval Augmented Generation Security
Risk Acceptance
Risk Prioritization
Risk-Based Vulnerability Management
Role-Based Access Control
Runtime Application Self-Protection
Runtime Detection
Runtime Security
S
SBOM Enrichment
SQL Injection
STRIDE
Same-Origin Policy
Secrets Management
Secrets Rotation
Secrets Scanning
Secrets Sprawl
Secure Defaults
Secure Software Development Lifecycle
Security Architecture Review
Security Champions Program
Security Code Review
Security Debt
Security Effectiveness
Security Headers
Security Maturity Model
Security Misconfiguration
Security Posture
Security as Code
Sensitive Data Exposure
Server-Side Request Forgery
Serverless Misconfiguration
Serverless Security
Service Accounts
Session Fixation
Session Hijacking
Session Management
Shadow APIs
Shift Left
Shift Right
Sigstore
Single Sign-On
Software Bill of Materials
Software Composition Analysis
Software Supply Chain
Static Application Security Testing
Subresource Integrity
Supply Chain Risk
Supply-chain Levels for Software Artifacts
T
Threat Detection
Threat Hunting
Threat Intelligence Feeds
Threat Modeling
Threat Surface Management
Token-Based Authentication
Tokenization
Tool Injection
Trust Boundary
Typosquatting
V
Vulnerability Exploitability eXchange
Vulnerability Management
Vulnerability Scanning
W
Web Application Firewall
Web Cache Deception
Workload Identity
Workload Identity Federation
Workload Security
Z
Zero Trust Architecture
Zombie APIs
