DevOps Glossary

Security Information and Event Management; provides real-time analysis of security alerts.

Infrastructure and configuration supporting a Security Information and Event Management system for comprehensive security monitoring.

Software products providing security information and event management capabilities.

Software used for collecting, analyzing, and reporting on log data for security purposes.

Log data specifically collected, analyzed, and managed within a Security Information and Event Management system for security monitoring.

Contract between a service provider and customer defining expected service levels.

Security Orchestration, Automation and Response; platforms that enable organizations to collect security data and perform security operations.

Security Operations Center; centralized unit dealing with security issues on an organizational and technical level.

Code injection technique used to attack data-driven applications by inserting malicious SQL statements into application queries.

Abbreviation for SQL Injection, a code injection technique used to attack data-driven applications by inserting malicious SQL statements.

Digital document that authenticates a website's identity and enables encrypted connections between servers and browsers, ensuring secure data transmission.

Series of certificates needed to verify the authenticity of a website's SSL certificate.

Date when an SSL certificate is no longer valid and needs to be renewed to maintain secure connections.

Process by which a client and server establish a secure encrypted connection, crucial for secure data transmission over the internet.

Python-based, open-source configuration management software and remote execution engine.

Subset of regression testing to verify that code changes don't impact critical functionalities.

Ability of a system, network, or process to handle a growing amount of work or its potential to be enlarged.

Set of organization and workflow patterns for implementing agile practices at enterprise scale.

German term for "Shadow IT"; IT systems deployed outside of the organization's formal IT department.

Facility used to filter malicious traffic from a network, often used in DDoS mitigation.

Agile framework for project management emphasizing iterative progress, team collaboration, and flexibility.

Practice of integrating security processes with IT operations, aiming to reduce vulnerabilities and improve overall system security.

Software Development Life Cycle that integrates security at every stage of the development process.

Use of data collection, aggregation, and analysis tools for security monitoring and threat detection.

Individuals within development teams who act as the first point of contact for security-related matters.