Glossary

A

• AI, Artificial Intelligence

  A broad term that refers to computers being able to carry out “smart” tasks. See ML, machine...

• API Gateway

  An application programming interface (API) gateway is a tool for API management.

• API Runtime Security

  API Runtime Security provides protection to APIs during their normal running and handling of API...

• API Security

  API Security involves the implementation of security best practices for Application Programming...

• API, Application Programming Interface

  A software intermediary that allows two applications to talk to each other. Whenever you send an...

• Application Layer, Layer 7

  Human-computer interaction layer, where applications can access network services. See OSI model,...

• Application Security

  Security that protects applications and application-level APIs from threats such as authentication...

• Attack Vector

  Website attack vectors are methods or pathways hackers use to gain illegal access.

D

• DAST

  Dynamic Application Security Testing (DAST) is a program which interacts with a running application...

• Data Link Layer, Layer 2

  Defines the format of data on the network. See OSI model, Open Systems Interconnection model.

• Data Security

  Data security encompasses every effort a company makes to keep the data it possess free from risk...

• DevOps

  A set of practices that combines software development (Dev) and IT operations (Ops). Often...

• DevSecOps

  A set of practices that combines Security (Sec) with DevOps. Like DevOps, often organized as a team...

E

• Endpoint

  Any device that’s connected to a system (servers, phones, user computers, IoT).

G

• GraphQL

  An open-source data query and manipulation language for APIs, and a runtime for fulfilling queries...

• gRPC

  An open source remote procedure call (RPC) system that uses HTTP/2 for transport that provides...

• Guid, Globally Unique Identifier

  An implementation of the universally unique ID (see UUID) that is computed by Windows and Windows...

I

• IAM, Identity and Access Management

  Web service that helps you securely control access to AWS resources.

• IoT (Internet of Things)

  Everything connected to the Internet that is not a computer. Some include mobile devices like...

J

• JSON, JavaScript Object Notation

  A lightweight data-interchange format. JSON is often used within APIs.

L

• Load Balancers

  A device that distributes network or application traffic across a number of servers. Load balancers...

M

• Misconfiguration

  APIs that have issues, such as unsecure default configurations, incomplete or ad-hoc...

• ML, Machine Learning

  The idea that, given access to a set of data, computers can learn for themselves.

N

• Network Layer, Layer 3

  Decides which physical path the data will take. See OSI model, Open Systems Interconnection model.

O

• OpenAPI

  The OpenAPI Specification (OAS), a technical specification that describes REST APIs.

• OSI model, Open Systems Interconnection model

  A model that standardizes communication of a computing system to provide interoperability using...

• Out of Band

  Something that runs outside the data flow. 

• OWASP API Security Top 10

  The Open Web Application Security Project creates a top 10 security threats for various categories...

P

• Physical Layer, Layer 1

  Transmits raw bit stream over physical medium. See OSI model, Open Systems Interconnection model.

• PII, Personally Identifiable Information

  Any data that can be used to identify a specific individual, such as birthdate, mailing address,...

• Presentation Layer, Layer 6

  Ensures that data is in a usable format and is where data encryption occurs. See OSI model, Open...

R

• REST, RESTful API, Representational State Transfer

  An architectural style for an API that uses HTTP requests to access and use data. That data can be...

S

• SAST

  Static Application Security Testing (SAST) is a program which reads and reviews the source code of...

• SCA

  Software Composition Analysis (SCA) is a program which reads and reviews the source code of an...

• Session Layer, Layer 5

  Maintains connections and is responsible for controlling ports and sessions. See OSI model, Open...

• SOAP, Simple Object Access Protocol

  A standard communication protocol system that permits processes using different operating systems...

• SSL, Secure Sockets Layer

  Cryptographic protocols designed to provide communications security over a computer network....

T

• TCP, Transmission Control Protocol

  A standard that defines how to establish and maintain a network conversation through which...

• TCP/IP

  A set of communications protocols used in the Internet and similar computer networks. It’s...

• TLS, Transport Layer Security

  Cryptographic protocols designed to provide communications security over a computer network....

• Transport Layer, Layer 4

  Transports data using transmission protocols, including TCP and UDP. See OSI model, Open Systems...

U

• UDP, User Datagram Protocol

  One of the core members of the Internet protocol suite, which also includes TCP/IP. With UDP,...

V

• VM, Virtual Machine

  A virtual computer.

W

• Web Application Firewall

  A web application firewall (WAF) guards web applications from a range of application-layer attacks...

• WebSocket API

  An advanced technology that makes it possible to open a two-way interactive communication session...

• Wildcard SSL Certificate

  An SSL certificate that helps server administrators save hundreds or even thousands of dollars on...

X

• XML, Extensible Markup Language

  An SSL certificate that helps server administrators save hundreds or even thousands of dollars on...