Key Terminology

Cybersecurity and application security can seem complex, especially if you're not immersed in the field. At ARTAIS, we believe in transparency and education. This glossary breaks down key terms you'll encounter when working with us, so you can feel confident in your understanding and decisions.

Penetration Test (Pentest or Pen Test): A simulated cyberattack used to evaluate the security of a system or application.

General Cybersecurity Terms

Vulnerability: A weakness in a system that can be exploited to gain unauthorized access or cause harm.

Exploit: A method or piece of code that takes advantage of a vulnerability to cause unintended behavior.

Threat Actor: An individual or group that poses a potential danger to systems by exploiting vulnerabilities.

Attack Surface: The total sum of the different points where an unauthorized user can try to enter or extract data.

Zero-Day: A vulnerability that is unknown to those who should be interested in its mitigation (e.g., the vendor), and is often exploited before a fix is available.

Penetration Testing Terms

Penetration Test (Pentest): A simulated cyberattack used to evaluate the security of a system or application.

Black Box Testing: Testing with no prior knowledge of the system being tested.

White Box Testing: Testing with full knowledge of the system, including source code and architecture.

Gray Box Testing: A mix of black and white box testing—partial knowledge is provided.

Red Team: A group simulating a real-world attack to test an organization's detection and response capabilities.

Blue Team: The defenders—focused on detection, response, and protection.

Purple Team: A collaborative team combining red and blue team roles to improve defenses through shared insights..

Application Security Terms

OWASP Top 10: A list of the most critical security risks to web applications, maintained by the Open Web Application Security Project.

SQL Injection (SQLi): A code injection technique that might destroy your database.

Cross-Site Scripting (XSS): A vulnerability that allows attackers to inject malicious scripts into content from otherwise trusted websites.

Authentication vs. Authorization: Authentication verifies who you are; authorization determines what you can access.

Input Validation: The practice of checking and sanitizing user inputs to prevent malicious data from affecting the application.

Still have questions?

Reach out to us. We're happy to explain in plain English.