Glossary

A penetration test is a type of security test that simulates a hacker breaking into a network or system to evaluate the strength of a company’s security controls.

The principle of least functionality is a strategy that limits an application’s functionality to only the essential capabilities, restricting or prohibiting the use of other functions, services, or ports that aren’t integral to the business’s use of the system.

The principle of least privilege is a strategy that limits the access and capabilities of a user to the minimum necessary to perform their job duties. If a threat actor tricks a user into revealing their credentials, they cannot access higher-level functionality or data than the victim’s privileges allow.

Public key infrastructure (PKI) is a set of processes, hardware and software components, and other elements involved in managing digital certificates and public-key encryption. SSL certificates, for instance, are managed by PKI. These certificates assure website visitors that they’re sending information to the intended recipient. Several problems associated with PKI can create vulnerabilities, such as weak encryption methods, lengthy certificate lifespans, and compromised certificates or certificates issued to the wrong party.