Dynamic Application Security Testing can find security vulnerabilities and weaknesses in a running application, typically web apps. It does that by employing fault injection techniques on an app, such as feeding malicious data to the software, to identify common security vulnerabilities, such as SQL injection and cross-site scripting (XSS). DAST can also cast a spotlight on runtime problems that can’t be identified by static analysis for example, authentication and server configuration issues, as well as flaws visible only when a known user logs in.
The General Data Protection Regulation (Regulation (EU) 2016/679, abbreviated GDPR) is a European Union regulation on Information privacy in the European Union (EU) and the European Economic Area (EEA). The GDPR is an important component of EU privacy law and human rights law, in particular Article 8(1) of the Charter of Fundamental Rights of the European Union. It also governs the transfer of personal data outside the EU and EEA. The GDPR's goals are to enhance individuals' control and rights over their personal information and to simplify the regulations for international business. It supersedes the Data Protection Directive 95/46/EC and, among other things, simplifies the terminology.
GitOps is a DevOps practice that uses Git repositories to manage infrastructure and application code deployments. It's an evolution of Infrastructure as Code (IaC) that uses Git pull requests to verify and automatically deploy system infrastructure modifications. GitOps can help organizations: Improve efficiency and security, Improve the developer experience, Reduce costs, Speed up deployments, and Maintain consistency across all infrastructure.
Greater New Hampshire Linux User Groups = an association of User Groups in and around the state of New Hampshire, USA of people interested in Linux technology and/or those who created it in the first place; and continue to this day.
The Health Insurance Portability and Accountability Act is a 1996 federal statute that created standards for protecting patient health information. All healthcare organizations must follow cybersecurity practices and run risk assessments to comply with HIPAA.
I Am Not A Lawyer (but I'll play one on the Internet ;-)) Because this acronym can be interpreted as crude, Heather Meeker suggests an alternative 'disclaimer' in online discussions: "If this were legal advice, it would have come with an invoice."
Interactive Application Security Testing. A technique employing an agent inside a running application capable of testing all libraries, frameworks, API endpoints and protocols for security vulnerabilities.
International Standard Book Number = 10-digit or 13-digit codes used by the publishing industry to uniquely identify individual book titles and editions. Some 10-digit ISBNs may end with an "X" instead of a digit.
ISO/IEC 27001 is an international standard to manage information security. The standard was originally published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in 2005, revised in 2013, and again most recently in 2022. There are also numerous recognized national variants of the standard. It details requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS) – the aim of which is to help organizations make the information assets they hold more secure. Organizations that meet the standard's requirements can choose to be certified by an accredited certification body following successful completion of an audit. The effectiveness of the ISO/IEC 27001 certification process and the overall standard has been addressed in a large-scale study conducted in 2020.
kompose is a tool to help users who are familiar with docker-compose move to Kubernetes. kompose takes a Compose Specification file and translates it into Kubernetes resources.
is a userspace interface for the Linux kernel containment features. Through a powerful API and simple tools, it lets Linux users easily create and manage system or application containers.
NIST Cybersecurity Framework is a set of guidelines for mitigating organizational cybersecurity risks, published by NIST based on existing standards, guidelines, and practices. The framework "provides a high level taxonomy of cybersecurity outcomes and a methodology to assess and manage those outcomes", in addition to guidance on the protection of privacy and civil liberties in a cybersecurity context. It has been translated to many languages, and is used by several governments and a wide range of businesses and organizations.
The Payment Card Industry Data Security Standard was created in 2006 to ensure that all companies that accept, process, store, or transmit credit card information operate securely. The framework is primarily intended to keep cardholder information safe. All companies handling this information must comply with PCI DSS, regardless of size. The framework is administered and enforced by the Payment Card Industry Security Standards Council.
A Pod (as in a pod of whales or pea pod) is a group of one or more containers , with shared storage/network resources, and a specification for how to run the containers. https://kubernetes.io/docs/concepts/workloads/pods/
Plain Old Telephone Service is an acronym to describe the traditional telephone network served by copper wires strung on poles. (nb. There is a lot more infrastructure to POTS than just the poles and wires.)
Run-time Application Security Protection is similar to IAST, but rather than testing for vulnerabilities it acts like a watchdog that responds to live threats (e.g. terminating an attacker's session and alerting).
Static Application Security Testing is to find security vulnerabilities in the application source code earlier in the software development life cycle. Because SAST can be automated in DevOps, it becomes part of SecDevOps
Session Initiation Protocol is a protocol used in VoIP communications allowing users to make voice and video calls, mostly for free. A SIP client is a program that you install on your computer or mobile device.
