A
API Security
API security is the process of protecting APIs, the parts of modern software that let applications communicate, from unauthorized access, abuse, or attacks.
API Security Testing
API Security Testing finds and fixes vulnerabilities like broken auth or data leaks in APIs, essential to protect modern apps and sensitive data.
Application Security
Application security is the practice of protecting software from vulnerabilities and attacks across the entire SDLC. Learn its importance, common threats, and lifecycle practices for securing modern applications in cloud and container environments.
Application Security Assessment
An application security assessment is the process of identifying and fixing vulnerabilities in software. Learn its goals, components, common tools, and challenges to protect applications from cyber threats.
Application Security Life Cycle
The application security life cycle integrates security into every phase of software development—from planning and design to deployment and maintenance. Learn its stages, best practices, and why it is critical for protecting modern applications.
Application Security Posture Management (ASPM)
pplication Security Posture Management (ASPM) is a platform that gives organizations complete visibility and control over their application security risks across the entire software lifecycle.
Application Security Testing
Application Security Testing (AST) means checking applications for weaknesses that attackers could use. Common AST methods include SAST, DAST, and IAST, which help keep software secure at every stage of development.
C
CI/CD security
CI/CD Security is the process of integrating security into the Continuous Integration and Continuous Deployment (CI/CD) pipeline, from commit to deployment
Cloud Security Posture Management (CSPM)
Cloud Security Posture Management (CSPM) is a security method and toolset that continuously monitors the cloud environment to detect and fix misconfiguration, compliance violations, and security risk on cloud platforms such as AWS, Azure, or Google Cloud
Common Vulnerabilities and Exposures (CVE)
CVE stands for Common Vulnerabilities and Exposures. It is a system that keeps track of cybersecurity vulnerabilities that are already known to the public.
Container Security
Container Security is the process of protecting containerized applications (running on Docker or Kubernetes) across their entire lifecycle, from build to runtime.
D
DevSecOps
DevSecOps is a way of working that adds security to every step of the DevOps process, starting with coding and testing and continuing through deployment and maintenance
Dynamic Application Security Testing (DAST)
Dynamic application security testing, or DAST, is a way to check an application's security while it is running. Unlike SAST, which looks at the source code, DAST tests security by simulating real attacks like SQL Injection and Cross-Site Scripting (XSS) in a live setting
I
Infrastructure as Code (IaC) Security
Infrastructure as Code (IaC) security is the process of securing your cloud infrastructure by scanning the configuration files or scripts written in specific languages like Terraform, CloudFormation, Kubernetes YAML, etc., before deployment.
Interactive Application Security Testing (IAST)
Interactive Application Security Testing (IAST) is a method that blends SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing) to find application vulnerabilities more effectively.
M
Malware Detection
Malware detection means finding and blocking harmful software such as viruses, ransomware, spyware, and trojans on systems, networks, and applications.
MFA (Multi-Factor Authentication)
Multi-factor authentication is a security method that requires two or more types of verification to access an application or system. MFA adds an extra layer of protection, so you are not just relying on a password
O
Open Source Audit
Open Source Audit is a comprehensive review of all open-source components used within a software application
OWASP Top 10
The OWASP Top 10 lists the most serious web application vulnerabilities. OWASP also offers helpful resources so developers and security teams can learn how to find, fix, and prevent these issues in today’s applications.
S
SBOM
SBOM is detail inventory of components that make up a software, including third-party and open-sources libraries, and framework version.
Secret Detection
Secret detection is the process of scanning codebases, CI/CD pipelines, and the cloud to identify exposed secrets such as API keys, credentials, encryption keys, or tokens. This is crucial because attackers, such as credential-stuffing bots or cloud resource hijackers, can exploit these exposed secrets to gain unauthorized access.
Security Remediation
Remediation means fixing or removing weaknesses in an organization's systems to make them secure and reduce risk.
Software Composition Analysis (SCA)
Software Composition Analysis (SCA) is security process to identifies and manage risks in third-party libraries used within application
Software Development Life Cycle (SDLC)
The Software Development Life Cycle, or SDLC, is a process that helps** development teams plan, design, build, test, and launch applications in an organized way.
Software Supply Chain Security
Software supply chain security is about keeping every part, process, and tool safe throughout software development, from the first line of code to final deployment.
SQL Injection (SQLi)
SQL Injection (SQLi) is a type of attack where attackers input malicious SQL statement into input field to manipulate database.
SSDLC
SSDLC (Secure Software Development Life Cycle) is an extension of the traditional SDLC that embeds security practices into every stage of software development—design, coding, testing, deployment, and maintenance. Its goal is to identify and address vulnerabilities early, reducing costly fixes and ensuring more secure applications.
Static Application Security Testing (SAST)
SAST is a type of application security testing that checks an application's source code (the original code written by developers), dependencies (external libraries or packages the code relies on), or binaries (compiled code ready to run) before it runs.