The FireCompass Security Glossary
Plain-language definitions of the attack techniques, testing methods, and program frameworks security teams reference most, reviewed against source frameworks like OWASP, MITRE ATT&CK, NIST, and Gartner.
What This Glossary Covers
This glossary defines the concepts that come up most often when building or evaluating a web application and API security program: the attack techniques attackers actually use, the testing methods that catch them, and the frameworks security teams use to structure the work. Every entry is reviewed against its primary source and updated whenever that source changes.
Lateral Movement
What lateral movement is, the MITRE ATT&CK techniques behind it, and why testing one system at a time never catches it.
Credential Stuffing
What credential stuffing is, how the attack chain works, and the defenses that actually reduce risk.
OWASP Top 10
A category-by-category breakdown of the current OWASP Top 10, what changed from the 2021 edition, and how security teams test for each one.
Business Logic Testing
What business logic testing covers, why it passes every automated scan, and how it gets tested in practice.
Exposure Management
Why exposure management goes beyond vulnerability scanning, how it relates to CTEM, and how security teams put it into practice.
Vulnerability Management
What vulnerability management actually covers, how the lifecycle works, and where it stops short of proving real risk.
Penetration Testing Report Example
The standard structure of a pentest report, an example findings table, and what separates an actionable report from a PDF nobody reads.
See Where Your Application Actually Stands
Get a pentest that tests every technique in this glossary against your real environment, with proof of exploit for every finding, not a severity score.