Static Application Security Testing (SAST)
Static Application Security Testing (SAST): A method of software testing in which the code is analyzed without executing it, with a focus on identifying potential security vulnerabilities. It is commonly used in software development. Examples include a static analysis tool that scans the code for potential security vulnerabilities or a static analysis tool that checks […]
SOC 2
SOC 2: A set of standards for evaluating the security, availability, processing integrity, confidentiality, and privacy of a service organization’s controls. It is used to assess the internal controls of a service organization. Examples of organizations that may undergo a SOC 2 audit include cloud service providers and managed IT service providers.
SOC 3
SOC 3: A report on the service organization’s controls that is intended for public use and includes a summary of the organization’s controls and the independent auditor’s opinion on the effectiveness of the controls. It is used to provide transparency to customers and stakeholders about the service organization’s controls. Examples of organizations that may issue […]
Social engineering
Social engineering: The use of psychological manipulation and deception to trick individuals into revealing sensitive information or performing actions that compromise the security of a network or system. It is commonly used by hackers to gain access to sensitive data or systems. Examples of social engineering include phishing scams, pretexting, and baiting.
Spear phishing
Spear phishing: A targeted form of phishing where attackers use specific information about the victim to make their emails more convincing. It is used in cyber-attacks to gain sensitive information from individuals or organizations. Examples include using an individual’s name and job title in the email or tailoring the email to match the victim’s company’s […]
Spim (Spam over Instant Messaging)
Spim (Spam over Instant Messaging): Unsolicited messages sent over instant messaging platforms, similar to email spam. These messages may contain advertisements, phishing attempts, or links to malware. The term “spim” is less commonly used today as generalized terms like spam or phishing often encompass this activity.