Penetration Testing (Pentesting)A simulated cyberattack against a system performed with authorization to evaluate its security and identify exploitable vulnerabilities.
VulnerabilityA weakness in a system's design, implementation, or configuration that could be exploited to compromise security.
ExploitA piece of code, technique, or sequence of commands that takes advantage of a vulnerability to cause unintended behavior in a system.
SQL InjectionAn attack technique that inserts malicious SQL code into application queries through user input fields, potentially accessing, modifying, or deleting database contents.
Cross-Site Scripting (XSS)A vulnerability where attackers inject malicious scripts into web pages viewed by other users, potentially stealing session cookies or redirecting users.
Buffer OverflowA vulnerability where a program writes data beyond the allocated memory buffer, potentially allowing an attacker to execute arbitrary code or crash the system.
CTF (Capture The Flag)A cybersecurity competition where participants solve security challenges to find hidden 'flags' (secret strings), used for training and skill assessment.
OWASP Top 10The Open Web Application Security Project's list of the ten most critical web application security risks, updated regularly as a standard awareness document.
Port ScanningThe process of probing a server's ports to identify open services and potential entry points, commonly performed using tools like Nmap.
Social EngineeringManipulating people into revealing confidential information or performing actions that compromise security, often the first step in a real-world attack.
Bug BountyA program where organizations offer monetary rewards to individuals who discover and responsibly report security vulnerabilities.
Zero-Day VulnerabilityA security flaw unknown to the software vendor and for which no patch exists, making it extremely valuable and dangerous.
NmapNetwork Mapper -- a free, open-source tool for network discovery and security auditing, one of the most essential tools for ethical hackers.
MetasploitAn open-source penetration testing framework that provides tools for developing and executing exploit code against target systems.
Hash CrackingThe process of recovering plaintext passwords from their cryptographic hash values, using techniques like dictionary attacks, brute force, or rainbow tables.
Privilege EscalationGaining higher-level access permissions than originally granted, a critical step in many attack scenarios.
Reverse EngineeringAnalyzing software or hardware to understand its internal workings, often used to discover vulnerabilities in compiled programs.
Responsible DisclosureThe practice of privately reporting discovered vulnerabilities to the affected vendor, giving them time to create a patch before public disclosure.