Security Concepts Glossary

Authentication vs Authorization — Explained with Examples

Authentication (AuthN) verifies who a user is, while authorization (AuthZ) determines what resources that user can access.

RBAC — Explained with Examples

RBAC (Role-Based Access Control) is a security model that assigns permissions to roles, and users to roles, simplifying access management for large systems.

Zero Trust — Explained with Examples

Zero Trust is a security framework based on 'never trust, always verify,' requiring continuous validation of every access request regardless of origin.

SSO — Explained with Examples

SSO (Single Sign-On) is an authentication method that allows users to log in once and access multiple applications without re-entering credentials.

SAML — Explained with Examples

SAML (Security Assertion Markup Language) is an XML-based open standard for exchanging authentication and authorization data between identity and service providers.

LDAP — Explained with Examples

LDAP (Lightweight Directory Access Protocol) is a protocol for accessing and maintaining distributed directory information services over an IP network.

Encryption vs Hashing — Explained with Examples

Encryption transforms data into ciphertext using a key and is reversible, while hashing produces a fixed-length fingerprint that cannot be reversed.

TLS/SSL — Explained with Examples

TLS/SSL is a cryptographic protocol that encrypts data transmitted between clients and servers, ensuring privacy, integrity, and authentication over networks.

HTTPS — Explained with Examples

HTTPS (HTTP Secure) is HTTP encrypted over TLS/SSL, protecting data between browser and server from eavesdropping, tampering, and impersonation.

PKI — Explained with Examples

PKI (Public Key Infrastructure) is a system of certificates, keys, and policies that enables secure digital communication through identity verification.

WAF — Explained with Examples

A WAF (Web Application Firewall) filters, monitors, and blocks HTTP traffic to and from web applications, protecting against common web exploits.

IDS/IPS — Explained with Examples

IDS (Intrusion Detection System) monitors network traffic for threats, while IPS (Intrusion Prevention System) actively blocks detected threats in real time.

SQL Injection — Explained with Examples

SQL injection is a code injection technique that exploits vulnerable SQL queries by inserting malicious SQL statements into user input fields.

XSS — Explained with Examples

XSS (Cross-Site Scripting) is a security vulnerability where attackers inject malicious client-side scripts into web pages viewed by other users.

OWASP — Explained with Examples

OWASP (Open Web Application Security Project) is a nonprofit foundation that publishes the Top 10 — the most critical security risks to web applications.