Term 61
IAST
IAST (Interactive Application Security Testing) is a security testing method that analyzes an application from within while it is running, typically during automated testing or manual QA, to find vulnerabilities in real time.
Acronym study
Terms 61–90 of 135 PT0-002 acronyms and key terms. Each entry includes a plain-English definition and a link to the full 800-word glossary page with exam context and practice questions.
Term 61
IAST (Interactive Application Security Testing) is a security testing method that analyzes an application from within while it is running, typically during automated testing or manual QA, to find vulnerabilities in real time.
Term 62
IDOR (Insecure Direct Object Reference) is a vulnerability where an application exposes internal object references, allowing attackers to access or modify data by manipulating those references.
Term 63
John the Ripper is a free and open-source password cracking tool used by security professionals to test password strength and by attackers to guess credentials.
Term 64
Kerberoasting is an attack where a hacker steals service account password hashes from Active Directory to crack them offline and gain unauthorized access.
Term 65
A kill chain is a step-by-step model that describes the stages of a cyberattack, from initial reconnaissance to the final objective, helping defenders understand and disrupt each phase.
Term 66
Kubernetes security is the practice of protecting containerized applications, the Kubernetes cluster itself, and the underlying infrastructure from unauthorized access, data breaches, and system vulnerabilities.
Term 67
Lateral movement is the technique attackers use to move through a network from one compromised system to another, seeking sensitive data or higher privileges.
Term 68
Legal compliance is the process of ensuring that an organization's IT systems, data handling, and business practices follow all applicable laws, regulations, and industry standards.
Term 69
Liability in IT refers to the legal and financial responsibility an organization or individual bears for data breaches, security failures, or compliance violations arising from inadequate planning and scoping of systems and processes.
Term 70
Maltego is a graphical open-source intelligence tool used for information gathering and reconnaissance, enabling users to map and visualize relationships between entities like people, domains, and networks.
Term 71
A master service agreement is a legal contract between a service provider and a client that sets the general terms and conditions for all future work and projects, so they don't have to be renegotiated each time.
Term 72
Metasploit is a powerful penetration testing framework that helps security professionals find and exploit vulnerabilities in computer systems.
Term 73
Meterpreter is an advanced, dynamically extensible payload that provides an interactive command shell and post-exploitation capabilities within a memory-resident environment during a penetration test.
Term 74
Mimikatz is a powerful open-source tool used by attackers and security professionals to extract plaintext passwords, hashes, PINs, and Kerberos tickets from Windows memory.
Term 75
Mitigation is the process of reducing the severity, impact, or likelihood of a security threat or vulnerability.
Term 76
Nessus is a vulnerability scanner that automatically identifies security weaknesses, missing patches, and misconfigurations in computer systems and networks.
Term 77
Nikto is an open-source web server scanner that tests for potentially dangerous files, outdated server software, and configuration issues.
Term 78
Nmap is a network scanning tool used to discover hosts, services, and operating systems on a computer network.
Term 79
A legally binding contract that prevents one party from sharing confidential information with unauthorized individuals or entities.
Term 80
OpenVAS is an open-source vulnerability scanner that helps IT professionals identify security weaknesses in networks, systems, and applications.
Term 81
OSINT (Open Source Intelligence) is the practice of collecting and analyzing publicly available information from free or commercially available sources to support intelligence gathering, cybersecurity assessments, and penetration testing.
Term 82
Pass-the-hash is a cyberattack where an attacker captures the hash of a user's password and uses it to authenticate to other systems without ever knowing the actual password.
Term 83
Passive reconnaissance is the process of gathering information about a target system or network without directly interacting with it, using publicly available sources and stealthy observation.
Term 84
Patch prioritization is the process of ranking security updates based on risk, impact, and urgency to decide which ones to apply first in an IT environment.
Term 85
Path traversal is a web security vulnerability that allows an attacker to access files and directories stored outside the web server's root folder by manipulating file paths in user-supplied input.
Term 86
In IT and cybersecurity, a payload is the core data or malicious code delivered within a packet, file, or attack that performs the actual intended action.
Term 87
Penetration testing is a simulated cyberattack on a computer system, network, or application to find security weaknesses before real attackers can exploit them.
Term 88
Persistence is the set of techniques attackers use to maintain long-term access to a compromised system even after reboots or credential changes.
Term 89
Phishing is a type of cyber attack where criminals impersonate legitimate organizations or individuals to trick victims into revealing sensitive information such as passwords, credit card numbers, or personal data.
Term 90
Pivoting is a post-exploitation technique where an attacker uses a compromised system as a relay to access other systems on a network that were not directly reachable.