IDORSSRFAUTH BYPASSJWT FORGERYRACE CONDITIONXXEBROKEN OBJECT-LEVEL AUTHPRIVILEGE ESCALATIONMASS ASSIGNMENTGRAPHQL INTROSPECTION ABUSEIDORSSRFAUTH BYPASSJWT FORGERYRACE CONDITIONXXEBROKEN OBJECT-LEVEL AUTHPRIVILEGE ESCALATIONMASS ASSIGNMENTGRAPHQL INTROSPECTION ABUSE
Impactr Logoimpactr
FeaturesHow it worksEvidencePricingLearnCompare
  1. Home
  2. Glossary

glossary

The cybersecurity glossary, defined clearly.

Plain-language definitions of the application-security and offensive-security concepts teams actually use - each cross-linked to related terms, standards, and the vulnerabilities they concern.

Testing methods

DAST

Dynamic Application Security Testing

Tests a running application from the outside, like an attacker, without access to source code.

SAST

Static Application Security Testing

Analyzes source code or bytecode for vulnerabilities without running the application.

IAST

Interactive Application Security Testing

Instruments a running application to observe code behavior during tests.

RASP

Runtime Application Self-Protection

Runtime instrumentation that detects and blocks attacks against a live application.

SCA

Software Composition Analysis

Identifies open-source dependencies and their known vulnerabilities and licenses.

Penetration Testing

A simulated attack against a system to find and demonstrate exploitable vulnerabilities.

VAPT

Vulnerability Assessment and Penetration Testing

A combined approach: broad vulnerability assessment plus deeper penetration testing.

Vulnerability Assessment

Systematic identification and prioritization of vulnerabilities across a target.

Autonomous Penetration Testing

AI agents that investigate, chain, and exploit vulnerabilities without human intervention.

Continuous Penetration Testing

Ongoing, automated penetration testing that runs as the application changes.

Security platforms

WAF

Web Application Firewall

Filters and monitors HTTP traffic to block common web attacks at the network edge.

ASM

Attack Surface Management

Continuous discovery, inventory, and monitoring of an organization's attack surface.

ASPM

Application Security Posture Management

Aggregates and correlates application security findings to manage overall posture.

CNAPP

Cloud-Native Application Protection Platform

A consolidated platform combining cloud posture, workload, entitlement, and more.

CSPM

Cloud Security Posture Management

Detects misconfigurations and compliance gaps across cloud environments.

CWPP

Cloud Workload Protection Platform

Secures workloads - VMs, containers, and serverless - across their lifecycle.

CIEM

Cloud Infrastructure Entitlement Management

Manages and least-privileges identities and permissions in cloud environments.

CAASM

Cyber Asset Attack Surface Management

Builds a unified asset inventory by integrating with existing tools via APIs.

Frameworks & standards

Attack Surface

The full set of points where an attacker could attempt to enter or extract data.

Attack Chain

A sequence of steps an attacker links together to move from entry to impact.

OWASP

Open Worldwide Application Security Project

A nonprofit community producing free application-security resources and standards.

CVE

Common Vulnerabilities and Exposures

A public catalog of identifiers for specific known vulnerabilities.

CWE

Common Weakness Enumeration

A categorized list of software and hardware weakness types.

CAPEC

Common Attack Pattern Enumeration and Classification

A catalog of common attack patterns used to exploit weaknesses.

MITRE ATT&CK

A knowledge base of real-world adversary tactics and techniques.

CVSS

Common Vulnerability Scoring System

A standard for scoring the severity of vulnerabilities from 0 to 10.

Practices

Red Team

Offensive security group that emulates real adversaries to test detection and response.

Blue Team

Defensive security group responsible for detection, response, and hardening.

Purple Team

A collaborative exercise where red and blue teams work together to improve defenses.

Bug Bounty

A program that rewards independent researchers for responsibly reporting vulnerabilities.

DevSecOps

Integrates security into every stage of the software development lifecycle.

Shift Left

Moving security testing earlier in the development lifecycle.

Secure SDLC

Secure Software Development Lifecycle

Embedding security activities into each phase of software development.

Threat Modeling

Systematically identifying threats and weaknesses in a system's design.

Zero Trust

A model that trusts no request by default and verifies every access explicitly.

Impactr Logoimpactr

Built by hackers, for the code you ship. Autonomous AI penetration testing for modern web apps and APIs.

© 2026 Impactr

Product

FeaturesCoverageUse casesEvidencePricingWaitlist

Resources

VulnerabilitiesGuidesComparisonsGlossaryCWE databaseBy industryBy languageHTTP status codesSecurity headers

Company

ContactTwitterLinkedInGitHub