Glossary
Aโ
Authorizedโ
Refers to explicit permission granted to conduct a penetration test (pentest) on an organization's computer systems, networks, or applications. This formal approval defines the testing scope, rules of engagement, and objectives, ensuring lawful and secure simulation of attacks to identify vulnerabilities, assess defenses, and improve security.
Bโ
Cโ
Cyberattackโ
A deliberate and malicious attempt to breach, disrupt, or compromise the security of computer systems, networks, or applications, often with the intent to steal sensitive information, extort money, or cause harm. Cyberattacks can take various forms, including malware, phishing, ransomware, denial-of-service (DoS), and advanced persistent threats (APTs), targeting individuals, organizations, or critical infrastructure.
Dโ
Data-Exfiltrationโ
The unauthorized transfer or removal of sensitive data from a computer system, network, or application, often by an attacker or malicious insider. Data exfiltration can occur through various means, including hacking, malware, phishing, or physical theft, compromising confidentiality, integrity, and availability of sensitive information.
Eโ
Fโ
Gโ
Hโ
Iโ
Jโ
Kโ
Lโ
Mโ
Nโ
Oโ
Pโ
Qโ
Rโ
Sโ
Scopeโ
The explicitly defined boundaries and objectives of security testing, outlining what systems, networks, applications, or data are to be tested, and what testing methods and techniques are permitted. The scope ensures that security testing is focused, efficient, and lawful, minimizing potential disruptions and risks to the organization's assets.
