Penetration Testing — All The Terms You Need To Know
Cybersecurity has its fair share of jargon. This article will help you understand some of the common terms you will come across as a security engineer.
Published in
10 min readSep 7, 2020
- Authentication — Authentication is the process of checking if a user is allowed to gain access to a system. This is commonly achieved by using username/passwords, ssh keys, etc.
- Authorization — Authorization is the process of checking if the authenticated user has permission to perform an action. For example, after logging into Facebook, you are authorized to update your profile and settings, but not anyone else’s.
- Audit — Generally, audit means “inspection”. In Cybersecurity, an audit is to conduct a complete inspection of an organization’s network to find vulnerabilities. Also called “penetration testing”, cybersecurity professionals attack their own systems (or other’s systems with permission) in order to figure out how vulnerable their devices are.
- Access Control List — A list that contains users and their level of access to a system. Users are usually grouped into “Roles” and permissions are combined into “policies”. So you can either assign a user into a role (with pre-defined permissions) or assign a policy to a user.
