15 Security Acronyms developers should know

Each professional field has its terms, language, and short terms that could get befuddling in case you’re not knowledgeable in them, and can similarly make your conversation somewhat unbalanced since you may not stream with these terms. 

Abbreviations are pronounceable words shaped from the primary letter (or initial not many letters) of each word in an expression or title. Normal model FYI – For Your Information. 

Designer abbreviations are not overly complicated, they’re for the most part a Google search away, however at that point, you don’t need to continue to enter in wording into a web search tool in a genuine discussion. In this article, I’ve illustrated 15 abbreviations you ought to have carved some place at the rear of your psyche.

  1. SAST

Static Application Security Testing (SAST) is one of the first security testing strategies. It is a way of distinguishing potential security hazards by checking out the source code of an application, not by running it. Consider SAST a robotized code survey done by an apparatus rather than a human master.

  1. DAST

Dynamic Application Security Testing (DAST) attempts to distinguish hazards by testing a running application. Thus, DAST (additionally called dynamic examination) is more similar to a genuine aggressor. It can’t see the source code; rather it endeavors to mimic the activities of an assault by tossing surprising or wrong activities at an application.

  1. OWASP

The Open Web Application Security Project, or OWASP, is a non-benefit bunch zeroed in on security of programming. OWASP is known for their numerous local area driven tasks that are pointed toward giving instruction and direction on the most proficient method to deliver safer programming. OWASP develops a huge local area of volunteers who propose, create and deal with these ventures and instructive materials to help the more extensive security and programming advancement local area.

  1. SCA

The Cloud Security Alliance is the world’s driving association for characterizing best practices in cloud online protection. It additionally gives a cloud security supplier confirmation program, in addition to other things.

  1. XSS

Cross-webpage prearranging (XSS) is a typical and risky sort of attack that plagues practically all web applications, be it more seasoned or current ones.

  1. CSRF

Cross-web page Request Forgery (CSRF/XSRF), otherwise called Sea Surf or Session Riding is a web security weakness that fools an internet browser into executing an undesirable activity. An attacker can mishandle the trust that a web application has for the affected person’s browser.

  1. CSP

Content Security Policy, or CSP, is a web application countermeasure that is intended to forestall XSS assaults. It permits application engineers to utilize a HTTP Header to educate the program to just load and execute scripts from explicit sources.

  1. SSRF

Server-Side Request Forgery (SSRF) assaults permit an aggressor to make solicitations to any spaces through a weak server. Assailants accomplish this by causing the server to interface back to itself, to an interior assistance or asset, or to its own cloud supplier.

  1. DOS

Denial of Service(DoS) attacks endeavors to disturb ordinary traffic of a designated server, administration or organization to make a help, for example, a site unusable by “flooding” it with malicious traffic

  1. RASP

Runtime Application Self-Protection, or RASP, alludes to a cautious method incorporated into an application that permits the application to recognize assaults and respond to them immediately. Scratch is frequently executed through outsider instruments. Scratch devices generally insert themselves in the application and screen approaching solicitations as well as the application’s conduct to spot and forestall attacks.

  1. SQLi

SQL injections address a code infusion strategy used to assault applications and the information they hold. They as a rule happen when client input is needed, for instance, username, however the client gives a SQL explanation all things considered.

  1. APT

Advanced Persistent Threat. A digital attack that persistently utilizes progressed procedures to lead digital reconnaissance or wrongdoing.


Completely Automated Public Turing Test to Tell Computers and Humans Apart. A reaction test utilized in registering, particularly on sites, to affirm that a client is human rather than a bot.

  1. CVE

It is a list of entries—each containing a recognizable proof number, a portrayal, and something like one public reference—for openly known network protection weaknesses. CVE Entries are utilized in various network safety items and administrations from around the world.

  1. DLP

A data security methodology to ensure corporate information. DLP is a bunch of devices and cycles used to guarantee that touchy information isn’t lost, abused, or got to by unapproved clients, either inside or outside of an association.

Leave a Reply