Glossary

DevOps: "DevOps" combines development and operations to unite people, process and technology in all software lifecycle .

GitOps: "GitOps" uses Git repositories as a single source of truth to deliver infrastructure as code .

DevSecOps: "DevSecOps" stands for development, security, and operations. It's an approach to culture, automation, and platform design that integrates security as a shared responsibility throughout the entire IT lifecycle .

SasS: short for "Software as a Service".

SAST: short for "Static Application Security Testing". Analysing source code to identify vulnerabilities.

DAST: short for "Dynamic Application Security Testing". Analysing the application from the outside using the available outputs and inputs (a black-box approach).

IAST: short for "Interactive Application Security Testing". Combine static and dynamic techniques to improve testing .

SDLC: short for "Software Development Lifecycle". Is the cost-effective and time-efficient process that development teams use to design and build high-quality software .

SCA: short for "Software Composition Analysis". Analysing dependencies in a codebase to manage exposure to security and/or license compliance issues.

SRE: short for "Site Reliability Engineering".

K8s: short-way to write "Kubernetes".

IaC: short for "Infrastructure as Code", using DevOps methodology and versioning with a descriptive model to define and deploy infrastructure .

SBOM: short for "Software Bill Of Materials", is a nested inventory that make up software components. They include critical information about the libraries, tools, and processes used to develop, build, and deploy a sofware artifact .

AIO: short for "All In One".

CVE: short for "Common Vulnerabilities and Exposures", is a list of publicly disclosed computer security flaws .

VM: short for "Virtual Machine".

AWS: short for "Amazon Web Services".

GCP: short for "Google Cloud Platform".

GH: short for "GitHub".

GHAS: short for "GitHub Advanced Security".

CSPM: short for "Cloud Security Posture Management".

IDS: short for "Intrusion Detection System".

IPS: short for "Intrusion Protection System".

SOC: short for "System and Organization Controls".

CERT: short for "Computer Emergency Response (or readiness) Team".

CSIRT: short for "Computer Security Incident Response Team".

CIRT: short for "Computer Incident Response Team" or (less frequently) "Cybersecurity Incident Response Team".

SOAR: short for "Security Orchestration, Automation and Response".

SIEM: short for "Security Information and Event Management".

SIM: short for "Security Information Management".

SEM: short for "Security Event Management".

DFIR: short for "Digital Forensics and Incident Response".

SCAP: short for "Security Content Automation Protocol".

CSP: short for "Content Security Policy".

OSS: short for "Open Source Software".

XSS: short for "Cross-Site Scripting".

RSS: short for "Really Simple Syndication", a XML format to distribute content in the web.

REST: acronym for "REpresentational State Transfer", an architectural style for distributed hypermedia systems.

E2E: short for "End to End".

SSL: short for "Secure Sockets Layer", to protect connections.

TLS: short for "Transport Layer Security", transport protocol.

JWT: short for "JSON Web Token".

OTP: short for "One Time Password".

OATH: short for "Open Authentication".

X509: standard defining the format of public key credentials.

UFW: short for "Uncomplicated Firewall", a Linux firewall.

DSL: short for "Domain-specific language".

CI: short for "Continuous Integration".

CD: short for "Continuous Delivery".

HW: short for "Hardware".

OCI: short for "Oracle Cloud Infrastructure" or "Open Container Initiative".

MDR: short for "Managed Detection and Response".

MSS: short for "Managed Security Services".

CIS: short for "Cyber Intelligence Services" (also the abbreviation for the "Center of Internet Security").

RTS: short for "Red Team Services".

GRC: short for "Governance, Risk and Compliance".

CTI: short for "Cybersecurity Technology Integration".