Cybersecurity Glossary
Technical definitions maintained by our team. Each entry links to a full guide covering what it is, what it is for and how to apply it.
A
What Is Adware: Types, Risks, Real Cases and How to Remove It
What adware is, types (legitimate, aggressive, malicious, mobile), real cases (Fireball, Lenovo Superfish, ad fraud) and how to remove it in enterprise.
What Is an Exploit: Types, CVE, 0-day and Defence
What an exploit is, types (RCE, LPE, info disclosure, DoS), difference with CVE, real examples (EternalBlue, Log4Shell), 0-day vs N-day and defence.
What Is an IDS: Types, IPS Differences and Snort vs Suricata
What an IDS is, types (NIDS and HIDS), differences with IPS and firewall, Snort vs Suricata vs Zeek and when to use NDR in 2026.
B
What Is a Backdoor: Types, Real Examples and Detection Methods
What a backdoor is in cybersecurity: types (software, hardware, firmware), APT examples, detection with EDR and hardening for enterprises.
What Is a Backup: Types, 3-2-1 Rule and Business Strategy
What a backup is, types (full, incremental, differential), the 3-2-1 rule, differences with disaster recovery and how to verify copies actually work.
What Is a Botnet: Architecture, Real Examples and Defence
What a botnet is, architectures (centralised C2, P2P, Fast Flux, DGA), uses (DDoS, ad fraud, distribution), examples (Mirai, Emotet, Mozi) and defence.
What Is Blue Team: Functions and Red Team Comparison
What the Blue Team is in cybersecurity: functions, tools, MTTD and MTTR metrics, differences with Red Team and Purple Team, and when you need it.
What is Burp Suite: complete guide to web pentesting 2026
What Burp Suite is, main modules (Proxy, Repeater, Intruder, Scanner), Community vs Professional vs Enterprise, extensions and pentesting workflow.
C
What Is a CISO: Functions, Responsibilities and Models
What a CISO is, eight core functions, reporting line, profile and certifications, models (vCISO, in-house, outsourced) and fit with NIS2 and DORA.
What Is a Computer Worm: Types, Examples and Removal
What a computer worm is, differences with virus and trojan, main types, real examples (Morris, ILOVEYOU, Conficker, WannaCry, NotPetya) and defence.
What Is a Cracker: Definition, Differences with a Hacker and Real Types
What a cracker is, how it differs from a hacker, profiles (black hat, gray hat, script kiddie), motivations, techniques and company defence.
What Is a CVE: Common Vulnerabilities Explained
What a CVE is, how CNAs assign it, the difference with CVSS, CWE and EPSS, where it is published (NVD, GHSA, CISA KEV) and how to track it in your stack.
What Is CORS: How It Works and Exploitable Misconfigurations
What CORS is, how Same-Origin Policy and preflight work, Access-Control-* headers, seven exploitable misconfigurations and secure configuration.
What is CSRF: cross-site request forgery, examples and defense
What CSRF (cross-site request forgery) is, how it works, exploit examples, defenses (CSRF tokens, SameSite cookies) and the difference with XSS.
D
E
What Is EDR (Endpoint Detection and Response)
What an EDR is, how it works, what it detects, the difference with antivirus, XDR and MDR, and how it fits with SIEM and SOC in a defensive stack.
What Is Ethical Hacking: Types and Certifications
What ethical hacking is, types of hackers (white/grey/black hat), certifications (OSCP, OSWE, CEH), career path and legal framework in Spain.
I
ISO 27001: What It Is and How to Get Certified
ISO 27001:2022 explained for SMEs and midmarket: ISMS, the 93 Annex A controls, audit and certification step by step. Real cost and timelines.
What Is INCIBE: Functions, Services and Difference with CCN
What INCIBE is, its functions, services for companies (INCIBE-CERT, Line 017, advisories), difference with CCN and CCN-CERT and how to report an incident.
K
What Is a Keylogger: Types, How It Works and How to Protect
What a keylogger is, types (software, hardware, web, acoustic), distribution, detection with EDR and antivirus, and protective measures.
What is the kernel and why it matters in cybersecurity
What the operating system kernel is, ring 0 vs userland, kernel exploits, rootkits and why kernel security is critical for enterprises.
M
What Is a Man in the Middle (MitM) Attack: Types and Defence
What a MitM attack is, the six real vectors (ARP poisoning, DNS spoofing, evil twin, SSL strip, session hijacking, BGP hijack) and how to defend.
What Is Magerit: Risk Analysis Methodology and PILAR
What Magerit is, the 6 elements (assets, threats, safeguards), step-by-step process, PILAR tool and fit with ENS, ISO 27001, NIS2 and DORA.
What Is Maltego: OSINT, Threat Intel and Graph Investigation
What Maltego is, how entities and transforms work, CE/Pro/Enterprise versions, OSINT and Red Team use cases, alternatives and legal aspects.
What Is MDR (Managed Detection and Response)
What MDR is, what a mature MDR service includes, how it differs from SOC, MSSP, EDR and XDR, leading providers and how it maps to NIS2 and DORA.
What Is Mimikatz: Credential Dumping, Techniques and Detection in 2026
What Mimikatz is, credential dumping (sekurlsa, lsadump, kerberos), red team use and EDR/SIEM detection in Active Directory environments.
What Is MITRE ATT&CK: Tactics, Techniques and Use in SOC
What MITRE ATT&CK is, how it's organised in tactics, techniques and sub-techniques, the 14 Enterprise tactics and how SOCs, Red Teams and hunters use it.
O
P
What Is a Penetration Test? A Complete Guide for Businesses
Learn what a penetration test is, the different types, the phases involved, and when your business needs one. A practical guide for CISOs and CTOs.
What Is Penetration Testing: Complete Business Guide
What pentesting is, what it's for, the 5 phases, scope types, OWASP and OSSTMM methodologies and how it fits NIS2, DORA, ENS and ISO 27001.
What Is Pharming: Types, Phishing Differences and Defence
What pharming is, types (local DNS, DNS server, BGP hijacking), differences with phishing, real cases and how to protect with DNSSEC, MFA and EDR.
What Is PKI (Public Key Infrastructure)
What PKI is, components (CA, RA, CRL, OCSP), chain of trust, enterprise use cases, public vs private PKI and compliance with eIDAS, NIS2, ISO 27001.
What Is Prompt Injection: LLM Attacks and How to Defend
What prompt injection is, types (direct, indirect), real examples, OWASP LLM Top 10, mitigations and how to audit LLM-powered applications.
R
What Is a Red Team: Complete Business Guide
What a Red Team is, how it differs from pentesting, Blue Team and Purple Team, exercise phases, when you need one and how to choose a provider.
What Is a Rootkit: Types, How It Works and Detection Methods
What a rootkit is in cybersecurity: types (kernel, bootkit, firmware, hypervisor), evasion techniques, EDR detection and DFIR response.
What Is Ransomware: How It Works, Examples and Defence
What ransomware is: encryption, double extortion, active families (LockBit, BlackCat, Akira), entry vectors, defensive controls and incident response.
S
What is a sniffer: how it works, tools and detection 2026
What is a network sniffer: passive vs active capture, tools (Wireshark, tcpdump, Bettercap), legitimate pentest use and defensive detection.
What Is a SOC (Security Operations Center): How It Works
What a SOC is, how the detection workflow runs, L1/L2/L3 tiers, MTTD and MTTR metrics, internal vs managed models and when an organisation needs one.
What Is SAML 2.0: SSO Flow, OAuth/OIDC and Vulnerabilities
What SAML 2.0 is, SSO flow with IdP and SP, comparison with OAuth 2.0, OIDC and JWT, XML signature wrapping and assertion replay vulnerabilities.
What Is SHA-256: Hash Function, Real Uses and Comparison
What SHA-256 is, how it works as a cryptographic hash function, properties, uses (TLS, Bitcoin, integrity, JWT) and comparison with SHA-1, SHA-3 and BLAKE3.
What Is SIEM: How It Works, SOAR vs XDR and Use Cases
What a SIEM is, how it works, how it differs from SOAR and XDR, real use cases, leading platforms and how it fits NIS2, ENS, ISO 27001 and PCI DSS.
What Is Social Engineering: Types, Cases and Defence
What social engineering is, Cialdini principles, types (phishing, vishing, BEC, pretexting), real cases (Twitter, Uber, MGM) and defence.
What is spoofing: types, examples and prevention techniques
What is spoofing in cybersecurity: types (email, ARP, DNS, IP, caller ID, GPS), detection techniques and defensive controls for business.
What is SSRF: server-side request forgery, cloud exploits and defense
What is SSRF (server-side request forgery): mechanics, attacks against cloud metadata (AWS IMDS, Azure), blind techniques and defense in depth.
T
What Is a Trojan: Types, Real Examples and How to Remove It
What a trojan is: types (RAT, banker, downloader, dropper, info-stealer), real examples (Emotet, Trickbot) and removal steps.
What Is Threat Hunting: Methodology and Tools
What threat hunting is: methodologies (hypothesis, IoC-driven, TTP-driven), MITRE ATT&CK, tools, practical examples and fit with NIS2 and DORA.
W
Watering Hole Attack: What It Is, How It Works and Cases
What a watering hole attack is: definition, how it works, real cases like Council on Foreign Relations and Polish banking, and how to defend.
What Is a WAF (Web Application Firewall)
What a WAF is, detection models (positive, negative, hybrid), deployment types (cloud, appliance, host), common mistakes and PCI DSS / NIS2 mapping.
What Is Wazuh: Open Source SIEM for Companies
What Wazuh is: architecture (agents, manager, indexer, dashboard), detection (FIM, logs, CVE, MITRE), vs Splunk/Sentinel and compliance with NIS2.
Z
Frequently Asked Questions
- What is this glossary?
- An alphabetical index of cybersecurity technical definitions published by the Secra team. Each entry links to a full guide covering the concept, use cases and regulatory mapping.
- How is it updated?
- Entries get reviewed at least annually or when material changes occur (new standard version, relevant associated CVE, new regulatory control). The update date appears in each individual guide.
- Can I suggest a term?
- Yes. If you work in cybersecurity and find a missing entry, reach out via the contact form with the proposed term and a concrete use case.
Need to go deeper than the glossary?
Definitions explain what something is, not how to apply it in your specific environment. If you want to translate theory into operational controls inside your organisation, let's talk.
Talk to an expert