P
Package Manager: A tool that helps users install, manage, and remove packages or applications
Package: A piece of software that can be combined with other packages to form an application
packaged with Python.
Packet Capture (P-Cap): A file containing data packets intercepted from an interface
Packet Sniffing: The practice of capturing and inspecting data packets across a network
Packet: A piece of a message transmitted over a packet-switching network. One of the key features of a packet is that it contains the destination address in addition to the data. In IP networks, packets are often called datagrams.
Parameter (Python): An object that is included in a function definition for use in that
Parrot: An open-source distribution that is commonly used for security
Parsing: The process of converting data into a more readable format
Passive Packet Sniffing: A type of attack where a malicious actor connects to a network hub and looks at all traffic on the network
Password Attack: An attempt to access password-secured devices, systems,
Password Cracking: Password cracking is the process of attempting to guess passwords, given the password file information.
Password Sniffing: Passive wiretapping, usually on a local area network, to gain knowledge of passwords.
Patch Update: A software and operating system update that addresses security vulnerabilities within a program or product
Patch: A patch is a small update released by a software manufacturer to fix bugs in existing programs.
Patching: Patching is the process of updating software to a different version.
Payload: Payload is the actual application data a packet contains.
Payment Card Industry Data Security Standards (PCI DSS): Any cardholder data
Penetration Test (Pen Test): Penetration testing is used to test the external perimeter security of a network or facility. A simulated attack that helps identify vulnerabilities in systems, networks, websites, applications, and processes.
Penetration: Gaining unauthorized logical access to sensitive data by circumventing a system’s protections.
PEP 8 Style Guide: A resource that provides stylistic guidelines for programmers
Peripheral Devices: Hardware components that are attached and controlled by the computer system
Permissions: The type of access granted for a file or directory
Personal Identifiable Information (PII): The information that permits the identity of an individual to be directly or indirectly inferred.
Phishing Kit: A collection of software tools needed to launch a phishing campaign
Phishing: The use of e-mails that appear to originate from a trusted source to trick a user into entering valid credentials at a fake website. Typically the e-mail and the website look like they are part of a bank the user is doing business with.
Physical Attack: A security incident that affects not only digital but also physical
Physical Social Engineering: An attack in which a threat actor impersonates an
Ping of Death: A type of DoS attack caused when a hacker pings a system by sending it an oversized ICMP packet that is bigger than 64KB
Plaintext: Ordinary readable text before being encrypted into ciphertext or after being decrypted.
Playbook: A manual that provides details about any operational action
Policy: A set of rules that reduce risk and protect information
Port Filtering: A firewall function that blocks or allows certain port numbers to limit unwanted communication.
Port Scan: A port scan is a series of messages sent by someone attempting to break into a computer to learn which computer network services, each associated with a “well-known” port number, the computer provides. Port scanning, a favorite approach of computer cracker, gives the assailant an idea where to probe for weaknesses. Essentially, a port scan consists of sending a message to each port, one at a time. The kind of response received indicates whether the port is used and can therefore be probed for weakness.
Port: A port is nothing more than an integer that uniquely identifies an endpoint of a communication stream. Only one process per machine can listen on the same port number. A software-based location that organizes the sending and receiving of data between devices on a network.
Post-incident Activity: The process of reviewing an incident to identify areas for
Potentially Unwanted Application (PUA): A type of unwanted software that is
Prepare: The first step of the NIST RMF related to activities that are necessary to manage security and privacy risks before a breach occurs
Prepared Statement: A coding technique that executes SQL statements before
Primary key: A column where every row has a unique entry
Principle of Least Privilege: Access and authorization to information only last long enough to complete a task or function.
Privacy Protection: The act of safeguarding personal information from unauthorized
Privacy: The assurance that the confidentiality of, and access to, certain information about an entity is protected.
Private Data: Information that should be kept from the public
Procedures: Step-by-step instructions to perform a specific security task
Process of Attack Simulation and Threat Analysis (PASTA): A popular threat
Programming: A process that can be used to create a specific set of instructions for a
Project (OWASP): A non-profit organization focused on improving software security
Proprietary Information: Proprietary information is that information unique to a company and its ability to compete, such as customer lists, technical data, product costs, and trade secrets.
Protect: A NIST core function used to protect an organization through the implementation of policies, procedures, training, and tools that help mitigate cybersecurity threats
Protected Health Information (PHI): Information that relates to the past, present, or
Protecting and Preserving Evidence: The process of properly working with fragile
Protocol Stacks (OSI): A set of network protocol layers that work together.
Protocol: A formal specification for communicating; an IP address is the special set of rules that end points in a telecommunication connection use when they communicate. Protocols exist at several levels in a telecommunication connection.
Proxy Server: A server that acts as an intermediary between a workstation user and the Internet so that the enterprise can ensure security, administrative control, and caching service. A proxy server is associated with or part of a gateway server that separates the enterprise network from the outside network and a firewall server that protects the enterprise network from outside intrusion.
Public Data: Data that is already accessible to the public and poses a minimal risk to
Public Key Encryption: The popular synonym for “asymmetric cryptography”.
Public Key Infrastructure (PKI): A PKI (public key infrastructure) enables users of a basically unsecured public network such as the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority. The public key infrastructure provides for a digital certificate that can identify an individual or an organization and directory services that can store and, when necessary, revoke the certificates.
Public Key: The publicly-disclosed component of a pair of cryptographic keys used for asymmetric cryptography.
Public-Key Forward Secrecy (PFS): For a key agreement protocol based on asymmetric cryptography, the property that ensures that a session key derived from a set of long-term public and private keys will not be compromised if one of the private keys is compromised in the future.
Python Standard Library: An extensive collection of Python code that often comes
