Skip to content

Security Glossary

Security Glossary

The FireCompass Security Glossary

Plain-language definitions of the attack techniques, testing methods, and program frameworks security teams reference most, reviewed against source frameworks like OWASP, MITRE ATT&CK, NIST, and Gartner.

What This Glossary Covers

This glossary defines the concepts that come up most often when building or evaluating a web application and API security program: the attack techniques attackers actually use, the testing methods that catch them, and the frameworks security teams use to structure the work. Every entry is reviewed against its primary source and updated whenever that source changes.

Attack Techniques

Lateral Movement

What lateral movement is, the MITRE ATT&CK techniques behind it, and why testing one system at a time never catches it.

Read the definition →

Credential Stuffing

What credential stuffing is, how the attack chain works, and the defenses that actually reduce risk.

Read the definition →

Testing & Standards

OWASP Top 10

A category-by-category breakdown of the current OWASP Top 10, what changed from the 2021 edition, and how security teams test for each one.

Read the definition →

Business Logic Testing

What business logic testing covers, why it passes every automated scan, and how it gets tested in practice.

Read the definition →

Program & Reporting

Exposure Management

Why exposure management goes beyond vulnerability scanning, how it relates to CTEM, and how security teams put it into practice.

Read the definition →

Vulnerability Management

What vulnerability management actually covers, how the lifecycle works, and where it stops short of proving real risk.

Read the definition →

Penetration Testing Report Example

The standard structure of a pentest report, an example findings table, and what separates an actionable report from a PDF nobody reads.

Read the definition →

Featured across 30+ analyst reports, including the Gartner Hype Cycle. Advised by Bruce Schneier.

See Where Your Application Actually Stands

Get a pentest that tests every technique in this glossary against your real environment, with proof of exploit for every finding, not a severity score.

Free AI Pen Test

Jump to a Category
  1. Attack Techniques
  2. Testing & Standards
  3. Program & Reporting
FireCompass

Hackers Won’t Wait. Will You Test Before They Do?

Free AI Pen Test