Dynamic Application Security Testing can find security vulnerabilities and weaknesses in a running application, typically web apps. It does that by employing fault injection techniques on an app, such as feeding malicious data to the software, to identify common security vulnerabilities, such as SQL injection and cross-site scripting (XSS). DAST can also cast a spotlight on runtime problems that can’t be identified by static analysis for example, authentication and server configuration issues, as well as flaws visible only when a known user logs in.
The General Data Protection Regulation (Regulation (EU) 2016/679, abbreviated GDPR) is a European Union regulation on Information privacy in the European Union (EU) and the European Economic Area (EEA). The GDPR is an important component of EU privacy law and human rights law, in particular Article 8(1) of the Charter of Fundamental Rights of the European Union. It also governs the transfer of personal data outside the EU and EEA. The GDPR's goals are to enhance individuals' control and rights over their personal information and to simplify the regulations for international business. It supersedes the Data Protection Directive 95/46/EC and, among other things, simplifies the terminology.
GitOps is a DevOps practice that uses Git repositories to manage infrastructure and application code deployments. It's an evolution of Infrastructure as Code (IaC) that uses Git pull requests to verify and automatically deploy system infrastructure modifications. GitOps can help organizations: Improve efficiency and security, Improve the developer experience, Reduce costs, Speed up deployments, and Maintain consistency across all infrastructure.
Greater New Hampshire Linux User Groups = an association of User Groups in and around the state of New Hampshire, USA of people interested in Linux technology and/or those who created it in the first place; and continue to this day.
The Health Insurance Portability and Accountability Act is a 1996 federal statute that created standards for protecting patient health information. All healthcare organizations must follow cybersecurity practices and run risk assessments to comply with HIPAA.
I Am Not A Lawyer (but I'll play one on the Internet ;-)) Because this acronym can be interpreted as crude, Heather Meeker suggests an alternative 'disclaimer' in online discussions: "If this were legal advice, it would have come with an invoice."
Interactive Application Security Testing. A technique employing an agent inside a running application capable of testing all libraries, frameworks, API endpoints and protocols for security vulnerabilities.
International Standard Book Number = 10-digit or 13-digit codes used by the publishing industry to uniquely identify individual book titles and editions. Some 10-digit ISBNs may end with an "X" instead of a digit.
ISO/IEC 27001 is an international standard to manage information security. The standard was originally published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in 2005, revised in 2013, and again most recently in 2022. There are also numerous recognized national variants of the standard. It details requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS) – the aim of which is to help organizations make the information assets they hold more secure. Organizations that meet the standard's requirements can choose to be certified by an accredited certification body following successful completion of an audit. The effectiveness of the ISO/IEC 27001 certification process and the overall standard has been addressed in a large-scale study conducted in 2020.
kompose is a tool to help users who are familiar with docker-compose move to Kubernetes. kompose takes a Compose Specification file and translates it into Kubernetes resources.
is a userspace interface for the Linux kernel containment features. Through a powerful API and simple tools, it lets Linux users easily create and manage system or application containers.
NIST Cybersecurity Framework is a set of guidelines for mitigating organizational cybersecurity risks, published by NIST based on existing standards, guidelines, and practices. The framework "provides a high level taxonomy of cybersecurity outcomes and a methodology to assess and manage those outcomes", in addition to guidance on the protection of privacy and civil liberties in a cybersecurity context. It has been translated to many languages, and is used by several governments and a wide range of businesses and organizations.
The Payment Card Industry Data Security Standard was created in 2006 to ensure that all companies that accept, process, store, or transmit credit card information operate securely. The framework is primarily intended to keep cardholder information safe. All companies handling this information must comply with PCI DSS, regardless of size. The framework is administered and enforced by the Payment Card Industry Security Standards Council.
A Pod (as in a pod of whales or pea pod) is a group of one or more containers , with shared storage/network resources, and a specification for how to run the containers. https://kubernetes.io/docs/concepts/workloads/pods/
Plain Old Telephone Service is an acronym to describe the traditional telephone network served by copper wires strung on poles. (nb. There is a lot more infrastructure to POTS than just the poles and wires.)
Run-time Application Security Protection is similar to IAST, but rather than testing for vulnerabilities it acts like a watchdog that responds to live threats (e.g. terminating an attacker's session and alerting).
Static Application Security Testing is to find security vulnerabilities in the application source code earlier in the software development life cycle. Because SAST can be automated in DevOps, it becomes part of SecDevOps
Session Initiation Protocol is a protocol used in VoIP communications allowing users to make voice and video calls, mostly for free. A SIP client is a program that you install on your computer or mobile device.
Cloud Native Computing Foundation https://www.cncf.io/ - a sub-foundation of the Linux Foundation.
Constructive Cost Model is a procedural software cost estimation model developed in the early 80's and then updated around the year 2000.
Cascading Style Sheets = A technology that deals with the presentation of content on the web
Dynamic Application Security Testing can find security vulnerabilities and weaknesses in a running application, typically web apps. It does that by employing fault injection techniques on an app, such as feeding malicious data to the software, to identify common security vulnerabilities, such as SQL injection and cross-site scripting (XSS). DAST can also cast a spotlight on runtime problems that can’t be identified by static analysis for example, authentication and server configuration issues, as well as flaws visible only when a known user logs in.
DomainKeys Identified Mail = An IETF specification that combats SPAM on the Internet
Internet Engineering Task Force = organization to make the Internet work better
unsolicited bulk email
Domain Name System. An Named Host to IP Address lookup system
Internet Protocol. An IP Address is a host or device name in numeric form.
Dynamic Page Lists = Like a Cuisinart food processor, it allows you to slice and dice the contents of your wiki.
Digital Restrictions Management = Electronic methods to control what you can and can't do.
Free Open Source Software. An attempt to communicate the 'freedom' aspect of free software de-emphasizing the price connotation of 'free'.
Free / Libre Open Source Software = Another attempt to de-emphasize the price connotation of 'free' and instead recognize that free means liberty.
Free Software Foundation. fsf.org
F*cked Up Beyond All Recognition
Filesystem in User Space
Google Apps For Your Domain (now called Google Workspace)
The General Data Protection Regulation (Regulation (EU) 2016/679, abbreviated GDPR) is a European Union regulation on Information privacy in the European Union (EU) and the European Economic Area (EEA). The GDPR is an important component of EU privacy law and human rights law, in particular Article 8(1) of the Charter of Fundamental Rights of the European Union. It also governs the transfer of personal data outside the EU and EEA. The GDPR's goals are to enhance individuals' control and rights over their personal information and to simplify the regulations for international business. It supersedes the Data Protection Directive 95/46/EC and, among other things, simplifies the terminology.
GitOps is a DevOps practice that uses Git repositories to manage infrastructure and application code deployments. It's an evolution of Infrastructure as Code (IaC) that uses Git pull requests to verify and automatically deploy system infrastructure modifications. GitOps can help organizations: Improve efficiency and security, Improve the developer experience, Reduce costs, Speed up deployments, and Maintain consistency across all infrastructure.
Greater New Hampshire Linux User Groups = an association of User Groups in and around the state of New Hampshire, USA of people interested in Linux technology and/or those who created it in the first place; and continue to this day.
Gnu's Not Unix, because Unix is proprietary software while Gnu is software that respects your freedom.
General Public License = A sane copyright license
HipHop Virtual Machine = a PHP interpreter created at Facebook as an alternative to the Zend Engine interpreter. http://hhvm.com/
PHP is the HyperText Preprocessor = the most popular programming language for the web
The Health Insurance Portability and Accountability Act is a 1996 federal statute that created standards for protecting patient health information. All healthcare organizations must follow cybersecurity practices and run risk assessments to comply with HIPAA.
HyperText Markup Language = structured text that uses logical links (hyperlinks) between nodes containing text.
HyperText Transfer Protocol = the foundation of data communication for the World Wide Web. See HTML
HTTP Secure = HTTP using SSL or the newer TLS
Secure Sockets Layer = secure (encrypted) underpinning for HTTP
Transport Layer Security
I Am Not A Lawyer (but I'll play one on the Internet ;-)) Because this acronym can be interpreted as crude, Heather Meeker suggests an alternative 'disclaimer' in online discussions: "If this were legal advice, it would have come with an invoice."
Interactive Application Security Testing. A technique employing an agent inside a running application capable of testing all libraries, frameworks, API endpoints and protocols for security vulnerabilities.
Internet Protocol version 4
Internet Protocal version 6
Intellectual Property Rights = A crazy idea that nonetheless is pervasive in the global legal system. See Also: GPL
In Real Life = A TLA used when 'virtual' was a thing. Now the virtual has permeated 'meat space' and so the two are not so distinct.
Three-Letter Acronym
International Standard Book Number = 10-digit or 13-digit codes used by the publishing industry to uniquely identify individual book titles and editions. Some 10-digit ISBNs may end with an "X" instead of a digit.
ISO/IEC 27001 is an international standard to manage information security. The standard was originally published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in 2005, revised in 2013, and again most recently in 2022. There are also numerous recognized national variants of the standard. It details requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS) – the aim of which is to help organizations make the information assets they hold more secure. Organizations that meet the standard's requirements can choose to be certified by an accredited certification body following successful completion of an audit. The effectiveness of the ISO/IEC 27001 certification process and the overall standard has been addressed in a large-scale study conducted in 2020.
JavaScript = A computer language.
JavaScript Object Notation = A data representation format in JavaScript
KDE Input/Output slaves
kompose is a tool to help users who are familiar with docker-compose move to Kubernetes. kompose takes a Compose Specification file and translates it into Kubernetes resources.
(Kyoob' cuddle) a command line tool for communicating with a Kubernetes cluster's control plane, using the Kubernetes API.
Kubernetes native configuration management built into kubectl as apply -k.
Linux User Group = a general term whereas a specific LUG will often have a geographic focus
is a userspace interface for the Linux kernel containment features. Through a powerful API and simple tools, it lets Linux users easily create and manage system or application containers.
is a next generation system container manager. It offers a user experience similar to virtual machines but using Linux containers instead.
(the US) National Institute of Standards and Technology
NIST Cybersecurity Framework is a set of guidelines for mitigating organizational cybersecurity risks, published by NIST based on existing standards, guidelines, and practices. The framework "provides a high level taxonomy of cybersecurity outcomes and a methodology to assess and manage those outcomes", in addition to guidance on the protection of privacy and civil liberties in a cybersecurity context. It has been translated to many languages, and is used by several governments and a wide range of businesses and organizations.
Node Packaged Modules = a package manager for the Nodejs system
Not Safe For Work
Organization for the Advancement of Structured Information Standards = a global standards organization
Object Oriented Programming = hard to define. See OOP.
The Payment Card Industry Data Security Standard was created in 2006 to ensure that all companies that accept, process, store, or transmit credit card information operate securely. The framework is primarily intended to keep cardholder information safe. All companies handling this information must comply with PCI DSS, regardless of size. The framework is administered and enforced by the Payment Card Industry Security Standards Council.
attempt to acquire sensitive information such as passwords or credit card details by masquerading as a trusted party.
A Pod (as in a pod of whales or pea pod) is a group of one or more containers , with shared storage/network resources, and a specification for how to run the containers. https://kubernetes.io/docs/concepts/workloads/pods/
A Pod (as in a pod of whales or pea pod) is a group of one or more containers , with shared storage/network resources, and a specification for how to run the containers. https://kubernetes.io/docs/concepts/workloads/pods/
Plain Old Telephone Service is an acronym to describe the traditional telephone network served by copper wires strung on poles. (nb. There is a lot more infrastructure to POTS than just the poles and wires.)
Picture Of The Day
Picture Of The Year
Protocol Relative URL. Starts with '//' instead of 'HTTP(S)://'
Protocol Relative URL. Starts with '//' instead of 'HTTP(S)://'
Uniform Resource Locator = an address of a web page or other component, including the protocol.
PHP Standard Recommendation 1
PHP Standard Recommendation 2
Run-time Application Security Protection is similar to IAST, but rather than testing for vulnerabilities it acts like a watchdog that responds to live threats (e.g. terminating an attacker's session and alerting).
Regular Expression = a search and replace syntax that allows for powerful pattern matching
Really Simple Syndication = a syntax for sharing data across the web.
Static Application Security Testing is to find security vulnerabilities in the application source code earlier in the software development life cycle. Because SAST can be automated in DevOps, it becomes part of SecDevOps
Given a version number MAJOR.MINOR.PATCH, increment the:
MAJOR version when you make incompatible API changes
MINOR version when you add functionality in a backward compatible manner
PATCH version when you make backward compatible bug fixes
Additional labels for pre-release and build metadata are available as extensions to the MAJOR.MINOR.PATCH format.
Search Engine Optimization
Session Initiation Protocol is a protocol used in VoIP communications allowing users to make voice and video calls, mostly for free. A SIP client is a program that you install on your computer or mobile device.
Voice over Internet Protocol, or commonly "Voice over IP", is the Internet alternative to POTS.
Systems and Organization Controls (SOC) 2 is a set of compliance criteria developed by the American Institute of Certified Public Accountants (AICPA).