Cybersecurity Glossary

OAuth (Open Authorisation) is an open standard protocol that allows users to grant authorized access to their resources, such as personal information or social media accounts, to third-party applications or services without sharing their credentials (e.g., username and password). OAuth enables secure and controlled Authorisation, authentication, and access delegation across different systems or platforms. It provides a framework for users to grant temporary access tokens to authorized applications while maintaining control over their personal information and minimizing the risk of unauthorised access.

An OAuth token is a credential or access token issued by an OAuth Authorisation server to an application after a user has granted permission for the application to access specific resources or perform certain actions on their behalf. OAuth tokens are used by applications to authenticate and authorize their interactions with other systems or APIs without requiring the user's credentials for each request. OAuth tokens have a limited lifespan and can be revoked by the user, providing control and security over third-party access to user resources.

An open port refers to a network communication endpoint or service that is actively listening and ready to accept incoming connections. Ports are identified by numeric values and are associated with specific network protocols or services. An open port indicates that a particular service or application is running and accessible on a specific network address. Open ports can be potential entry points for unauthorised access or exploitation if they are not properly secured or if the associated services have vulnerabilities.

An open redirect is a vulnerability that allows an attacker to redirect users from one website or web application to an untrusted or malicious website. Open redirects are often caused by improper validation or sanitization of user-supplied input in redirect URLs. Attackers can craft malicious URLs that exploit open redirect vulnerabilities to trick users into visiting phishing sites, downloading malware, or disclosing sensitive information. Proper input validation and secure coding practices are necessary to mitigate the risk of open redirect vulnerabilities.

Open-source security refers to the measures, practices, and considerations associated with the security of Open-source software. It encompasses activities such as code review, vulnerability assessment, patch management, and secure deployment of Open-source components. Open-source security emphasizes the importance of community-driven collaboration, transparency, and timely response to vulnerabilities or security incidents within Open-source projects. It also highlights the need for organisations to implement proper controls and due diligence when using Open-source software in their environments.

Operating system (OS) hardening is the process of configuring an operating system to reduce its attack surface and strengthen its security posture. OS hardening involves applying security best practices, such as disabling unnecessary services, removing or securing default accounts, applying security patches, configuring access controls, enabling audit logging, and implementing additional security measures provided by the operating system. OS hardening helps protect against common vulnerabilities and provides a more secure foundation for running applications and services.

A phenomenon in ML where a model becomes excessively specialized to the training data, resulting in poor generalization to new, unseen data.

Phenomena that occur during machine learning when a model performs poorly due to either excessive complexity or lack of flexibility. Overfitting happens when a model fits the training data too closely and fails to generalize well to unseen data. Underfitting occurs when a model is too simple to capture the underlying patterns and fails to learn from the training data effectively.