Engineering Glossary

Security Information and Event Management; provides real-time analysis of security alerts.

Infrastructure and configuration supporting a Security Information and Event Management system for comprehensive security monitoring.

Software products providing security information and event management capabilities.

Software used for collecting, analyzing, and reporting on log data for security purposes.

Log data specifically collected, analyzed, and managed within a Security Information and Event Management system for security monitoring.

Contract between a service provider and customer defining expected service levels.

Security Orchestration, Automation and Response; platforms that enable organizations to collect security data and perform security operations.

Security Operations Center; centralized unit dealing with security issues on an organizational and technical level.

Code injection technique used to attack data-driven applications by inserting malicious SQL statements into application queries.

Abbreviation for SQL Injection, a code injection technique used to attack data-driven applications by inserting malicious SQL statements.

Digital document that authenticates a website's identity and enables encrypted connections between servers and browsers, ensuring secure data transmission.

Series of certificates needed to verify the authenticity of a website's SSL certificate.

Date when an SSL certificate is no longer valid and needs to be renewed to maintain secure connections.

Process by which a client and server establish a secure encrypted connection, crucial for secure data transmission over the internet.

Python-based, open-source configuration management software and remote execution engine.

Subset of regression testing to verify that code changes don't impact critical functionalities.

Ability of a system, network, or process to handle a growing amount of work or its potential to be enlarged.

Set of organization and workflow patterns for implementing agile practices at enterprise scale.

German term for "Shadow IT"; IT systems deployed outside of the organization's formal IT department.

Facility used to filter malicious traffic from a network, often used in DDoS mitigation.

Agile framework for project management emphasizing iterative progress, team collaboration, and flexibility.

Practice of integrating security processes with IT operations, aiming to reduce vulnerabilities and improve overall system security.

Software Development Life Cycle that integrates security at every stage of the development process.

Use of data collection, aggregation, and analysis tools for security monitoring and threat detection.

Individuals within development teams who act as the first point of contact for security-related matters.

System providing real-time analysis of security alerts generated by applications and network hardware.

Evidence-based knowledge about existing or emerging threats to assets, crucial for effective cybersecurity strategies.

Improper configuration of security controls, often leading to vulnerabilities and potential security breaches.

Practice of gaining insight into the security posture of systems through the collection and analysis of security-relevant data.

Centralized unit dealing with security issues on an organizational and technical level.

Overall security status of an organization's systems, networks, and data, reflecting its ability to protect from cyber threats.

Process of addressing and fixing identified security vulnerabilities or weaknesses in systems, applications, or networks.

Practice of building and operating security controls as code to ensure consistent and repeatable security processes.

German for "self-healing systems"; systems that can detect and recover from failures automatically.

Popular open-source tool for automating web browsers, primarily used for testing web applications across various platforms.

Systems capable of detecting and recovering from failures without human intervention.

Capability allowing users to deploy applications or services independently, without IT intervention.

Lightweight, cloud-native continuous integration and delivery platform designed for speed and simplicity in software development workflows.

Security vulnerability where an application does not adequately protect sensitive information from unauthorized access.

Open-source monitoring framework designed to empower organizations with flexible and scalable monitoring for their infrastructure and applications.

Tool used in network security for analyzing and manipulating network protocols, often employed in penetration testing and vulnerability assessment.

Decentralized solution for cluster membership, failure detection, and orchestration, designed for service discovery and orchestration.

Process of reviewing and analyzing a server for availability, operations, performance, security and other operations-related processes.

Cloud computing execution model where the cloud provider manages server infrastructure.

Cloud computing model where the cloud provider manages server infrastructure, allowing developers to focus solely on code.

Open-source tool for building and deploying serverless applications across various cloud providers, simplifying serverless development.

Process of observing and managing the performance, availability, and cost of serverless applications and functions.

Contract between a service provider and the end user defining the expected level of service.

Quantitative measure of the level of service provided, used to evaluate whether a Service Level Objective is being met.

Quantitative measures of the level of service provided, used to evaluate whether Service Level Objectives are being met.

Target value or range of values for a service level that is measured by one or more Service Level Indicators.

Infrastructure layer for facilitating service-to-service communications between microservices.

Measure of a service's ability to perform its intended function consistently and without failure.

Practice of simulating the behavior of system components to enable continuous testing.

Undocumented or unofficial APIs within an organization that may pose security risks or lead to inefficiencies if not properly managed.

Unofficial or unapproved continuous delivery practices within an organization, potentially bypassing established processes.

IT systems and solutions built and used inside organizations without explicit approval.

Cloud security framework that delineates security obligations of a cloud provider and its users.

Practice of moving testing, quality, and performance evaluation earlier in the development process.

Practice of extending testing and quality assurance into production environments.

Practice of integrating security earlier in the software development lifecycle, improving overall application security.

Practice of performing testing earlier in the software development lifecycle to catch and fix issues sooner.

Approach that extends testing into production environments, allowing for real-world validation and continuous improvement.

Cloud monitoring and observability platform for infrastructure, microservices, and applications, enabling real-time analytics.

Approach where security is treated as a separate concern, not integrated with development and operations.

Suite of tools created by Netflix to test the resiliency of its AWS infrastructure.

Development practice where all work is done on a single branch in version control.

IT professional who combines software and systems engineering to create scalable and reliable software systems.

Discipline that incorporates aspects of software engineering and applies them to infrastructure and operations problems.

Tool for automating the setup and teardown of temporary environments, useful for testing and development purposes.

Explore the pinnacle of system reliability: "six nines" uptime. Discover what 99.9999% availability means, its rarity, and the extreme measures required to achieve this DevOps feat.

System administration tool designed for automating repetitive tasks across multiple servers, improving efficiency and consistency in IT operations.

Preliminary testing to reveal simple failures severe enough to reject a prospective software release.

Capture of the state of a system at a particular point in time, often used for backups.

Open-source network intrusion detection and prevention system, capable of real-time traffic analysis and packet logging on IP networks.

Testing to determine system performance over an extended period of continuous use.

Model of software delivery where software is licensed on a subscription basis and centrally hosted.

Process of making software available and ready for use in a specific environment, including installation and configuration.

Structured process for planning, creating, testing, deploying, and maintaining software applications.

Entire process of software development from inception to retirement, including planning, development, testing, deployment, and maintenance.

Set of software subsystems or components needed to create a complete platform for developing and running applications.

Model of software delivery where software is licensed on a subscription basis and centrally hosted.

Management of changes to documents, programs, and other information stored as computer files.

Code that is hard to read, understand, or maintain due to its complex and tangled structure.

Testing to determine how a system behaves under a sudden large increase in load.

Time-boxed iteration in Agile methodologies, typically 1-4 weeks long, during which a potentially shippable product increment is created.

Open-source automation platform that connects all your apps, services, and workflows, enabling auto-remediation and security responses.

Pre-production environment that closely mimics the production environment, used for final testing before deployment.

Established procedures to be followed in carrying out a given operation or situation.

Process of analyzing source code to identify security vulnerabilities without executing the program.

Webpage displaying the current state of system's services and any known issues, crucial for transparent communication.

Individual task or action within a larger process or workflow, often used in the context of CI/CD pipelines or automation scripts.

Technique for gradually migrating a legacy system by replacing pieces of functionality with new applications and services.

Team organized around the flow of work, capable of delivering value directly to customers or users.

Process of optimizing and simplifying the software release cycle to increase efficiency and reduce time-to-market.

Practice of implementing a consistent, predetermined message format for application logs.

Pieces of code used to stand in for some other programming functionality, often used in testing to simulate complex objects or processes.

Sophisticated text editor for code, markup, and prose, known for its speed, cross-platform support, and powerful features.

Cloud-native, machine data analytics platform that helps organizations gain real-time insights from logs, metrics, and other machine data.

Lightweight server provisioning tool that simplifies the process of setting up and configuring servers using simple YAML files.