Dictionary
Technical terms and definitions to help you understand cybersecurity and technology concepts
Api
Application Programming Interface - A set of protocols, routines, and tools that allow different software applications to communicate with each other. APIs define the methods and data formats that applications can use to request and exchange information.
Domain-driven-design
A software development approach that focuses on modeling software around the business domain and its logic. DDD emphasizes collaboration between technical and domain experts to create a shared understanding and ubiquitous language.
Encryption
The process of converting readable data into coded form to prevent unauthorized access. Modern encryption uses mathematical algorithms to scramble data so that only those with the correct key can decrypt and read it.
Firewall
A network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. Firewalls act as a barrier between trusted internal networks and untrusted external networks.
Git-bisect
A Git command that uses binary search to help find the commit that introduced a bug. It automatically checks out commits between a known good and bad state, allowing developers to test and identify the problematic change efficiently.
Git-worktree
A Git feature that allows you to check out multiple branches simultaneously by creating additional working directories. Each worktree maintains its own working directory and index, enabling parallel development without constant branch switching.
Infrastructure-as-code
The practice of managing and provisioning computing infrastructure through machine-readable definition files, rather than manual hardware configuration. IaC enables version control, automation, and reproducible deployments of infrastructure.
Jwt
JSON Web Token - A compact, URL-safe token format used to securely transmit information between parties as a JSON object. JWTs are digitally signed and can be verified and trusted, commonly used for authentication and authorization.
Language-server-protocol
A protocol that defines the communication between development tools and language servers. LSP provides features like autocompletion, error highlighting, and go-to-definition across different editors and programming languages.
Linear-history
A Git repository history structure where commits form a straight line without merge commits or branching complexity. Linear history is easier to read, debug, and reason about, making it preferred for many development workflows.
Malware
Malicious software designed to damage, disrupt, or gain unauthorized access to computer systems. This includes viruses, worms, trojans, ransomware, spyware, and other harmful programs.
Microservices
An architectural pattern where applications are built as a collection of small, independent services that communicate over well-defined APIs. Each microservice can be developed, deployed, and scaled independently.
Model-context-protocol
A standardized protocol that enables AI models to securely connect to external data sources and tools. MCP allows models to access real-time information, databases, and services while maintaining security and user control.
Monorepo
A software development strategy where code for multiple projects or components is stored in a single repository. Monorepos enable shared tooling, easier refactoring across projects, and simplified dependency management.
Oauth
Open Authorization - An open standard authorization framework that enables applications to obtain limited access to user accounts on an HTTP service without exposing user passwords. OAuth 2.0 is the current industry standard.
Openapi
A specification for describing REST APIs that allows both humans and computers to understand service capabilities without accessing source code. OpenAPI enables automatic documentation generation, client SDK creation, and API testing tools.
Phishing
A cyber attack method where attackers impersonate legitimate organizations to trick individuals into revealing sensitive information such as passwords, credit card numbers, or personal data through fake emails, websites, or messages.
Rate-limiting
A technique used to control the amount of incoming and outgoing traffic to or from a network or service. It prevents abuse by limiting the number of requests a user can make within a specific time period, protecting against denial-of-service attacks.
Saml
Security Assertion Markup Language - An XML-based standard for exchanging authentication and authorization data between identity providers and service providers. SAML enables single sign-on (SSO) across multiple applications.
Scim
System for Cross-domain Identity Management - A standard for automating the exchange of user identity information between identity domains. SCIM simplifies user provisioning and management across different systems and applications.
Sql-injection
A code injection attack where malicious SQL statements are inserted into application entry points to manipulate database queries. This can lead to unauthorized access to sensitive data, data corruption, or complete database compromise.
Squash-merge
A Git merge strategy that combines all commits from a feature branch into a single commit before merging to the target branch. This creates a cleaner, linear history while preserving the logical grouping of changes.
Test-driven-development
A software development methodology where tests are written before the code that implements the functionality. The TDD cycle follows Red-Green-Refactor: write a failing test, make it pass with minimal code, then refactor for quality.
Two-factor-authentication
A security method that requires users to provide two different authentication factors to verify their identity. Typically combines something you know (password) with something you have (phone, hardware token) or something you are (biometric).
Vpn
Virtual Private Network - A secure connection method that creates an encrypted tunnel between your device and a remote server, hiding your internet activity and location while providing access to resources as if you were on a private network.