Security

/ˈaɪ-æm/

n. “Who are you, and what are you allowed to do?”

IAM, short for Identity and Access Management, is the discipline and infrastructure that decides who can access a system, what they can access, and under which conditions. It sits quietly underneath modern computing, enforcing rules that most users never see — until something breaks, a permission is denied, or an audit comes knocking.

/ˈkɛr-bə-rɒs/

n. “Prove who you are without shouting your password.”

Kerberos is a network authentication protocol designed to securely verify the identity of users and services over insecure networks. Named after the three-headed dog from Greek mythology that guards the underworld, it ensures that the right entities are talking to each other without exposing sensitive credentials in transit.

/ˈkæp.tʃə/

n. “Prove you are human… or at least persistent.”

CAPTCHA, short for Completely Automated Public Turing test to tell Computers and Humans Apart, is a system designed to distinguish humans from bots. It is the bouncer at the digital door, asking users to perform tasks that are easy for humans but challenging for automated scripts.

/ˌɛs-kjuː-ˈɛl ɪn-ˈdʒɛk-ʃən/

n. “When input becomes instruction.”

SQL Injection is a class of security vulnerability that occurs when untrusted input is treated as executable database logic. Instead of being handled strictly as data, user-supplied input is interpreted by the database as part of a structured query, allowing an attacker to alter the intent, behavior, or outcome of that query.

/kɔːrz/

n. “You may speak… but only from where I recognize you.”

CORS, short for Cross-Origin Resource Sharing, is a browser-enforced security model that controls how web pages are allowed to request resources from origins other than their own. It exists because the web learned, the hard way, that letting any site freely read responses from any other site was a catastrophically bad idea.

/ˌsiː-ɛs-ˈpiː/

n. “Trust nothing by default. Especially the browser.”

CSP, short for Content Security Policy, is a defensive security mechanism built into modern browsers to reduce the damage caused by malicious or unintended content execution. It does not fix broken code. It does not sanitize input. What it does instead is draw very explicit boundaries around what a web page is allowed to load, execute, embed, or communicate with — and then enforces those boundaries with extreme prejudice.

/ˈnæ-t/

n. “Your private world, masquerading on the public internet.”

NAT, short for Network Address Translation, is a method used by routers and firewalls to map private, internal IP addresses to public IP addresses, enabling multiple devices on a local network to share a single public-facing IP. It hides internal network structure from the outside world while allowing outbound and inbound traffic to flow securely.

/ˌɛks-ɛs-ˈɛs/

n. “Sneaky scripts slipping where they shouldn’t.”

XSS, short for Cross-Site Scripting, is a class of web security vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users. Unlike server-side attacks, XSS exploits the trust a user has in a website, executing code in their browser without their consent or knowledge.

/ˈdʌbəljuː-ˈeɪ-ɛf/

n. “A gatekeeper that filters the bad, lets the good pass, and occasionally throws tantrums.”

WAF, short for Web Application Firewall, is a specialized security system designed to monitor, filter, and block HTTP traffic to and from a web application. Unlike traditional network firewalls that focus on ports and protocols, a WAF operates at the application layer, understanding web-specific threats like SQL injection, cross-site scripting (XSS), and other attacks targeting the logic of web applications.

/ˈɛn-ɛs-siː-θriː/

n. “Proof of nothing — without revealing the map.”

NSEC3 is a record type in DNSSEC designed to provide authenticated denial of existence while mitigating the privacy concern inherent in the original NSEC records. Unlike NSEC, which directly reveals the next valid domain name in a zone, NSEC3 hashes domain names so that the zone structure cannot be trivially enumerated, making it more resistant to zone-walking attacks.