🔐
DevSec
💻 GitHub
  • 👋Welcome
    • DevSec
    • Glossary
    • Contributing
    • Discussions
  • 📖Resources
    • Articles
    • Books
    • Communities
    • Institutions
    • Conferences
    • Sites
    • Podcasts
    • Training
    • Other
  • ⚒️Tools
    • Static Analysis
    • Dynamic Analysis
    • Vulnerabilities Analysis
    • Dependency Management
    • Supply Chain
    • Secrets
      • Secrets Management
      • Secrets Scanning
    • Infrastructure as Code (IaC)
    • Other
  • 🔧Generic Development
    • Security Basics
    • Containers
    • Git & other VCS
    • Cryptography
  • ☁️Web Development
    • Generic
    • APIs
  • ☁️Cloud
    • Cloud native
    • Kubernetes
  • 😈On the other side
    • Red team
Powered by GitBook
On this page

Was this helpful?

Edit on GitHub
  1. Welcome

Glossary

Find here some terms you may not heard of...

PreviousDevSecNextContributing

Last updated 2 years ago

Was this helpful?

  • DevOps: "DevOps" combines development and operations to unite people, process and technology in all software lifecycle .

  • GitOps: "GitOps" uses Git repositories as a single source of truth to deliver infrastructure as code .

  • DevSecOps: "DevSecOps" stands for development, security, and operations. It's an approach to culture, automation, and platform design that integrates security as a shared responsibility throughout the entire IT lifecycle .

  • SasS: short for "Software as a Service".

  • SAST: short for "Static Application Security Testing". Analysing source code to identify vulnerabilities.

  • DAST: short for "Dynamic Application Security Testing". Analysing the application from the outside using the available outputs and inputs (a black-box approach).

  • IAST: short for "Interactive Application Security Testing". Combine static and dynamic techniques to improve testing .

  • SDLC: short for "Software Development Lifecycle". Is the cost-effective and time-efficient process that development teams use to design and build high-quality software .

  • SCA: short for "Software Composition Analysis". Analysing dependencies in a codebase to manage exposure to security and/or license compliance issues.

  • SRE: short for "Site Reliability Engineering".

  • K8s: short-way to write "Kubernetes".

  • IaC: short for "Infrastructure as Code", using DevOps methodology and versioning with a descriptive model to define and deploy infrastructure .

  • SBOM: short for "Software Bill Of Materials", is a nested inventory that make up software components. They include critical information about the libraries, tools, and processes used to develop, build, and deploy a sofware artifact .

  • AIO: short for "All In One".

  • CVE: short for "Common Vulnerabilities and Exposures", is a list of publicly disclosed computer security flaws .

  • VM: short for "Virtual Machine".

  • AWS: short for "Amazon Web Services".

  • GCP: short for "Google Cloud Platform".

  • GH: short for "GitHub".

  • GHAS: short for "GitHub Advanced Security".

  • CSPM: short for "Cloud Security Posture Management".

  • IDS: short for "Intrusion Detection System".

  • IPS: short for "Intrusion Protection System".

  • SOC: short for "System and Organization Controls".

  • CERT: short for "Computer Emergency Response (or readiness) Team".

  • CSIRT: short for "Computer Security Incident Response Team".

  • CIRT: short for "Computer Incident Response Team" or (less frequently) "Cybersecurity Incident Response Team".

  • SOAR: short for "Security Orchestration, Automation and Response".

  • SIEM: short for "Security Information and Event Management".

  • SIM: short for "Security Information Management".

  • SEM: short for "Security Event Management".

  • DFIR: short for "Digital Forensics and Incident Response".

  • SCAP: short for "Security Content Automation Protocol".

  • CSP: short for "Content Security Policy".

  • OSS: short for "Open Source Software".

  • XSS: short for "Cross-Site Scripting".

  • RSS: short for "Really Simple Syndication", a XML format to distribute content in the web.

  • REST: acronym for "REpresentational State Transfer", an architectural style for distributed hypermedia systems.

  • E2E: short for "End to End".

  • SSL: short for "Secure Sockets Layer", to protect connections.

  • TLS: short for "Transport Layer Security", transport protocol.

  • JWT: short for "JSON Web Token".

  • OTP: short for "One Time Password".

  • OATH: short for "Open Authentication".

  • X509: standard defining the format of public key credentials.

  • UFW: short for "Uncomplicated Firewall", a Linux firewall.

  • DSL: short for "Domain-specific language".

  • CI: short for "Continuous Integration".

  • CD: short for "Continuous Delivery".

  • HW: short for "Hardware".

  • OCI: short for "Oracle Cloud Infrastructure" or "Open Container Initiative".

  • MDR: short for "Managed Detection and Response".

  • MSS: short for "Managed Security Services".

  • CIS: short for "Cyber Intelligence Services" (also the abbreviation for the "Center of Internet Security").

  • RTS: short for "Red Team Services".

  • GRC: short for "Governance, Risk and Compliance".

  • CTI: short for "Cybersecurity Technology Integration".

👋
[source]
[source]
[source]
[source]
[source]
[source]
[source]
[source]