Principles of Information Security Management
- Get now
- Learn more
- Discussions
  Jan 27
- Course Description:
1. Security and Risk Management (1 - 2h)

A Strategic Governance and Risk Architecture
Cybersecurity Architecture: Fundamentals of Confidentiality, Integrity, and Availability (12 min)
Risky Business: Strengthening Cybersecurity with Risk Analysis (12 min)
Controls Categories (12 min)
Zero Trust (7 min)
Cyber Risk Management: Essentials for the Practical CISO (1 hr)
2. Asset Security (0.5 - 1h)

Asset Security
Data Security: Protect your critical data (or else) (6 min)
SSD Data destruction (10 min reading)
Google Data Center Security: 6 Layers Deep (2 min)
Data Governance (10 min)
3. Security Architecture and Engineering (3 - 4 hrs)

Security Architecture and Engineering
Cryptography: Crash Course Computer Science (12 min)
The Adventure of Alice and the Encrypted Message (14 min)
Steganography (3 min)
Virtualization Explained (5 min)
Cybersecurity Architecture: Who Are You? Identity and Access Management (30 min)
Cloud security guidance (30 min - reading)
Full SANS Webcast | Decoding the Shared Responsibility Model (49 min)
Buffer Overflows (3 min)
Stack vs Heap Memory - Simple Explanation ( 5 min)
What are hardware security modules (HSM), why we need them and how they work. (7 min)
How Access Control Systems Work | Point Monitor Corporation (6 min)
4 - Communication and Network Security (2 - 3 hrs)

Network Security basics
Understanding the OSI Model (12 min)
Cybersecurity Architecture: Networks (27 min)
Internet Networks & Network Security | Google Cybersecurity Certificate (1 hr)
How does HTTPS work? What's a CA? What's a self-signed Certificate? (11 min)
Kerberos (3 min)
5 - Identity and Access Management (1- 2hr)

Identity and Access Management (12 min)
Cybersecurity Architecture: Who Are You? Identity and Access Management (31 min)
OAuth terminologies and flows explained (24 min)
6. Security Assessment and Testing

Key Terminology
Building a Cybersecurity Framework (8 min)
NIST Cybersecurity Framework 2.0 (5 min)
SOC 1 vs SOC 2 Audits: What’s the Difference? (5 min)
CertMike Explains SOC Audits (8 min)
7 - Security Operations

The Incident Scene & Evidence Collection
Malware (21 min)
Attack Frameworks (8 min)
How Hackers Steal Passwords: 5 Attack Methods Explained (13 min)
Examples: Data resilience, RAID and storage
8- Software Development Security

Software Development Security
Cybersecurity Architecture: Application Security (16 min)
Container Security Explained (6 min)
Threat Modeling in the Age of AI - Susanna Cox (45 min)

Software Development Security

Executive Introduction: The Evolution of Trust in Software Engineering

The domain of Software Development Security has undergone a profound transformation. Historically, software security was a discipline of perimeters and distinct phases—a fortress mentality in which trusted code ran inside a hardened shell, protected by a firewall, and developed using a linear Waterfall methodology. Today, that fortress has dissolved. We have transitioned to an era of distributed computing, ephemeral infrastructure, and automated delivery pipelines, in which code is not merely written but assembled from a complex global supply chain of dependencies.

The challenge is no longer just about securing lines of code; it is about ensuring the entire ecosystem that produces, delivers, and sustains that code. The fundamental concepts of trust—the Trusted Computing Base (TCB) and the Reference Monitor—remain valid principles for this new world. Still, their implementation has shifted from monolithic kernels to distributed service meshes and immutable containers.

1. Foundations of Trusted Systems

To understand how to secure a microservice running in a Kubernetes cluster, one must first understand the theoretical underpinnings of trust established in the early days of secure computing. These concepts are not relics; they are the architectural blueprints for every modern security control.

1.1 The Trusted Computing Base (TCB)

The Trusted Computing Base (TCB) is the absolute foundation of system security. Defined rigorously in the "Orange Book" (DoD 5200.28-STD), the TCB represents the totality of protection mechanisms within a computer system—including hardware, firmware, and software—the combination of which enforces a security policy.

The Criticality of the TCB

The defining characteristic of the TCB is that it is the only part of the system that must be trusted. If any component within the TCB is vulnerable or compromised, the security guarantees of the entire system are nullified. It is the "castle keep" of the digital realm. In classical operating systems, the TCB typically includes the kernel, device drivers, and privileged system utilities.

Modern Implications: The TCB Expansion Problem

In modern cloud-native environments, the TCB has inadvertently expanded, introducing new risks. Consider a containerised application:

Hardware TCB: The CPU, memory, and Trusted Platform Module (TPM).
Hypervisor TCB: In a public cloud, the hypervisor (e.g., KVM, Xen, Hyper-V) manages the separation between tenants.
Host OS Kernel: Because containers share the host kernel, the kernel itself is part of the TCB for every container running on that node. A kernel exploit (like Dirty COW) allows a container escape, violating the isolation of the TCB.
Orchestration Layer: Kubernetes components (kubelet, API server) effectively become part of the TCB because they control the configuration and deployment of the workloads.

Design Principle: TCB Minimisation

A core tenet of secure engineering is TCB minimisation. The smaller the TCB, the easier it is to verify its correctness and the smaller the attack surface. This principle drives the adoption of microkernels and, more recently, technologies such as Unikernels and Distroless container images, which seek to remove everything from the runtime environment except the application and its direct dependencies.

1.2 The Reference Monitor and Security Kernel

While the TCB is the collection of trusted components, the Reference Monitor is the abstract machine concept that defines how trust is enforced. It mediates all access to objects by subjects. The Security Kernel is the tangible implementation (hardware, firmware, software) of this abstract concept.

The Three Axioms of the Reference Monitor

For a system to be secure, the Reference Monitor must satisfy three non-negotiable requirements. We can map these directly to modern Service Mesh architectures (discussed later):

Complete Mediation

The monitor must validate every access request. No access can bypass the check.
The Sidecar Proxy (e.g., Envoy) intercepts all ingress and egress traffic for a microservice. If a developer can bypass the sidecar and talk directly to the app, security is broken.

Isolation / Tamper-Proof

The monitor itself must be protected from modification by the subjects it controls.
The sidecar runs in a separate container context or process space. The application code cannot modify the proxy's configuration or logic.

Verifiability

The monitor must be simple enough to be formally verified or thoroughly tested.
The logic within the proxy is standardised and decoupled from the complex, variable application business logic, allowing for focused security auditing.

1.3 Memory Protection: Hardware-Assisted Security

Software logic is useless if the underlying memory can be corrupted. Modern exploitation relies heavily on manipulating memory management.

Address Space Layout Randomisation (ASLR)

ASLR is a defence-in-depth mechanism that randomises the memory locations of key data areas (stack, heap, libraries).

Mechanism: When an OS loads an application, ASLR randomly offsets the base address. This makes it statistically difficult for an attacker to predict the locations of specific code chunks (gadgets) needed for exploits such as Return-Oriented Programming (ROP).
Entropy Constraints: The effectiveness of ASLR is a function of entropy (randomness). On 32-bit systems, the limited address space allowed attackers to brute-force the offset. On 64-bit systems, the entropy is vastly higher, making brute-forcing nearly impossible without a separate information leak vulnerability.

Data Execution Prevention (DEP) / No-Execute (NX)

DEP prevents code execution in memory segments intended only for data.

Implementation: On modern CPUs, the OS sets the NX (No-Execute) bit to mark pages as non-executable. If an attacker injects shellcode into the stack (a classic buffer overflow), the CPU will refuse to execute instructions in that memory range, crashing the program instead of granting control.
Interdependence: ASLR and DEP work in tandem. ASLR hides the location of valid code, while DEP prevents the execution of injected malicious code.

2. The Evolution of the SDLC: From Waterfall to DevSecOps

The Software Development Life Cycle (SDLC) is the framework that defines the process of software creation. Security's role within this cycle has shifted from a final "gatekeeper" to an integrated, continuous process.

2.1 The Waterfall Model: Security as an Afterthought

In the traditional Waterfall model, development proceeds in linear, sequential phases: Requirements, Design, Implementation, Verification, and Maintenance.

The Security Deficit: Security testing typically occurs only in the Verification phase, immediately before release.
The Cost of Change: Remediation costs increase exponentially as the project progresses. A security flaw found during testing stems from a design error and requires revisiting the entire chain, leading to massive delays and costs. This "lock-in" effect often resulted in security flaws being accepted as risks rather than fixed.

2.2 Agile Development: Iterative Risk

Agile broke the monolith into small, iterative sprints focused on rapid delivery and customer feedback.

The Security Friction: Traditional, heavy-weight security activities (like weeks-long penetration tests) are incompatible with two-week sprints. Security teams became bottlenecks, leading to the friction that birthed DevSecOps.

2.3 DevOps and DevSecOps: Shift Left

DevOps merges development and operations to automate delivery. DevSecOps is the explicit integration of security controls into this automated pipeline.

Shift Left: This philosophy moves security activities to the earliest possible point in the SDLC.
- Design: Threat modelling occurs before code is written.
- Build: Static Application Security Testing (SAST) runs automatically on every code commit.
- Deploy: Infrastructure as Code (IaC) scanning ensures environments are secure before provisioning.
The Pipeline as a Control Point: The CI/CD pipeline becomes the enforcement mechanism. If a security test fails (e.g., a high-severity vulnerability is found in a library), the build fails automatically, preventing the flaw from reaching production.14

3. Database Security: Integrity, Inference, and Polyinstantiation

Databases remain the primary target for attackers. Securing them involves ensuring data integrity and preventing unauthorised deduction of sensitive information.

3.1 ACID Properties and Integrity

Relational database management systems (RDBMS) rely on ACID properties to ensure transaction validity, which is a core component of data integrity 13

Atomicity: Transactions are "all or nothing." If a power failure occurs halfway through a fund transfer, the database rolls back to the initial state, preventing money from being deducted from one account without being added to the other.
Consistency: The database must transition from one valid state to another, obeying all defined rules (constraints, cascades, triggers).
Isolation: Concurrent transactions must be processed independently. One user's uncommitted changes should not be visible to another user (preventing "dirty reads").
Durability: Once committed, data survives system failures.

3.2 The Threat of Inference and Aggregation

In high-security environments, direct access controls are insufficient if users can deduce restricted information from unrestricted data.

Aggregation: The act of collecting many discrete pieces of non-sensitive information and combining them to reveal sensitive information, for example, accessing a public log of individual supply shipments (food, fuel) to determine the classified location of a military base.
Inference: The logical deduction drawn from aggregation. It is the result. If a user can query "Average Salary" but filters for a department with only one employee, they have inferred that employee's salary without direct access.13

3.3 Polyinstantiation: The Solution to Inference

Polyinstantiation ("many instances") is a defence mechanism primarily used in Multilevel Security (MLS) databases.

Mechanism: It allows a table to contain multiple records with the same primary key, distinguished by security classification.
Scenario:
- Secret User sees: Flight 101 -> Destination "Area 51".
- Unclassified User sees: Flight 101 -> Destination "Training Routine".
Benefit: This prevents inference. If the lower-level user were denied access (due to an error message), they would infer that a secret flight exists. By providing a plausible "cover story" record, the system maintains confidentiality without revealing the existence of information.13

4. Object-Oriented Programming (OOP) Security

OOP dominates modern software design. Its principles—Encapsulation, Inheritance, and Polymorphism—map directly to security concepts.

4.1 Encapsulation (Data Hiding)

Encapsulation bundles data (attributes) and methods (behaviour) into a class, restricting direct access to the data.

Security Relevance: This creates a trusted boundary. External code cannot arbitrarily modify an object's internal state; it must ask the object to modify itself via a public method. This allows the object to validate inputs and enforce consistency rules before changing its state.

4.2 Inheritance and Polymorphism

Inheritance: A child class inherits traits from a parent class.
- Risk: If a parent class has a security flaw or an overly permissive method, every child class inherits that vulnerability. The attack surface propagates down the hierarchy.13
Polymorphism: Objects of different types can be treated as instances of a common superclass.
- Risk: Object injection or confusion. If an application expects a User object but accepts a malicious Admin object (because both inherit from Person), an attacker might bypass authorisation checks.

5. Modern Architectures: Microservices and Service Mesh

We have moved from monolithic applications to microservices—collections of small, independent services communicating over a network. This shift solves scalability problems but introduces massive complexity in security.

5.1 Microservices: The Explosion of the Attack Surface

In a monolith, components communicate via in-memory function calls. In microservices, they communicate via APIs (HTTP/gRPC) over a network.15

Security Consequence: The network is no longer trusted. Every service-to-service call is a potential attack vector. The "hard shell, soft centre" perimeter model fails because the traffic is now "East-West" (internal) rather than just "North-South" (ingress/egress).
Authentication Challenges: Authenticating a user at the edge is not enough. That identity must be securely propagated to backend services, preventing the "confused deputy" problem, where a service acts on behalf of a user without verifying their permission context.

5.2 The Service Mesh: Infrastructure-Layer Security

A Service Mesh (e.g., Istio, Linkerd) is a dedicated infrastructure layer for handling service-to-service communication. It decouples security logic from business logic.

The Sidecar Pattern

The architecture relies on the Sidecar Proxy. Each microservice container is paired with a proxy container (e.g., Envoy) in the same pod.

Function: All traffic to and from the microservice flows through the sidecar. The microservice itself is unaware of the network complexity.
Security Benefits:
1. Mutual TLS (mTLS): The sidecars automatically negotiate encrypted, mutually authenticated connections between services. Service A proves its identity to Service B using certificates rotated by the mesh control plane.16
2. Policy Enforcement: The sidecar acts as the Policy Enforcement Point (PEP). It can enforce rules like "The Billing Service accepts calls only from the Checkout Service, never from the Inventory Service".
3. Observability: Security teams gain deep visibility into traffic patterns, enabling detection of anomalies that might indicate a breach.

Ambient Mesh: The Next Evolution

While sidecars offer robust security, they add operational overhead (latency, resource usage). Ambient Mesh architecture moves the proxy out of the pod to the node level (Layer 4 processing) or a shared waypoint proxy (Layer 7 processing).

Security Implication: This significantly reduces the attack surface. In a sidecar model, a compromised application container might attack its own sidecar. In Ambient Mesh, the security infrastructure is fully isolated from the application workload, offering better separation of duties and strictly enforcing mTLS at the node level.

6. Containerization and Kubernetes Security

Containers package code and dependencies into immutable units. Kubernetes (K8s) orchestrates these containers at scale.

6.1 Container Isolation Mechanics

Containers are not Virtual Machines; they share the host kernel. Isolation is achieved via Linux namespaces and cgroups.3

Namespaces: Provide logical isolation. The PID namespace ensures a container sees only its own processes. The Network namespace gives it its own IP stack.
Cgroups: Limit resource usage (CPU/RAM) to prevent Denial of Service.
Security Risk: Because the kernel is shared, a kernel vulnerability affects all containers. To mitigate this, containers should run as unprivileged users (non-root) and utilize security profiles like AppArmor or SELinux.

6.2 Registry Security: The Supply Chain Start

The Container Registry (e.g., Docker Hub, ACR) is the library of images.

Risks: Using "stale" images with unpatched OS vulnerabilities, or pulling malicious images (typosquatting).
Controls:
- Vulnerability Scanning: Images must be scanned for CVEs before they are allowed into the registry and continuously while they sit there.
- Content Trust (Signing): Images should be cryptographically signed. Kubernetes admission controllers can be configured to reject any image that does not have a valid signature from a trusted signer.20

6.3 Kubernetes Security Posture

K8s is secure only if configured correctly.

Pod Security Standards (PSS): Replaced the deprecated PodSecurityPolicies. They define three levels:
- Privileged: Unrestricted (Insecure).
- Baseline: Minimally restrictive, prevents known privilege escalations.
- Restricted: heavily hardened (e.g., requires dropping capabilities, forbids running as root).
Admission Controllers (OPA/Gatekeeper): These act as interceptors for API requests. They can enforce "Policy as Code," such as "Reject any deployment that requests root privileges" or "Reject images from public registries".

7. Serverless Security

Serverless (Function-as-a-Service or FaaS) abstracts the OS entirely. The user provides code; the cloud provider runs it.

7.1 The Attack Surface Shifts

Event Injection: Serverless functions are triggered by events (S3 uploads, DB changes, IoT messages). Attackers can manipulate these event structures to inject malicious payloads. Because input comes from diverse, non-HTTP sources, traditional WAFs often miss these attacks.22
Over-Privileged Functions: In a monolith, one IAM role covers the app. In serverless, an app is 500 functions. Developers often overuse wildcards (e.g., Action: s3:*), granting functions vast permissions. If a single function is compromised via injection, the attacker inherits those broad privileges.22

7.2 Ephemeral Forensics and Cold Starts

Forensics: Functions live for milliseconds. When they die, the container is destroyed. Traditional incident response (disk imaging, memory dumps) is impossible. Security telemetry must be streamed in real-time to an external SIEM.24
Cold vs. Warm Starts: To improve performance, providers reuse containers ("Warm Start"). If a developer writes insecure code that caches sensitive data in the /tmp directory or global variables, that data might persist and be accessible to a subsequent execution, potentially leaking data between users.

8. Software Supply Chain Security: SBOMs and SLSA

The modern application is 10-20% proprietary code and 80-90% open-source libraries. Securing the supply chain is paramount.

8.1 Software Bill of Materials (SBOM)

An SBOM is a formal inventory of all components in a piece of software. It is the "nutrition label" for code.

Formats:
- SPDX (Software Package Data Exchange): An ISO standard (ISO/IEC 5962:2021) from the Linux Foundation. Highly detailed, excellent for legal/licensing compliance.
- CycloneDX: Developed by OWASP. Lightweight and designed specifically for security use cases (vulnerability analysis, component provenance). It is often preferred for agile DevSecOps pipelines.

8.2 Dependency Confusion Attacks

This is a critical supply chain vector.

Mechanism: An organization uses a private, internal package (e.g., my-company-auth). An attacker registers a package with the same name but a higher version number on a public repository (like npm or PyPI).
The Flaw: By default, many package managers blindly install the package with the highest version number, regardless of source. The build pipeline pulls the attacker's malicious public package instead of the private internal one, executing malware inside the company's network.28
Mitigation: Using "scoped" packages (e.g., @mycompany/auth) and configuring package managers to strictly prioritize private registries.29

8.3 SLSA (Supply-chain Levels for Software Artifacts)

SLSA ("salsa") is a framework to prevent tampering and ensure integrity in the build process.

Level 1 (Provenance): The build process is documented. We know how it was built.
Level 2 (Signed Provenance): The build platform cryptographically signs the provenance. This prevents tampering after the build.
Level 3 (Hardened Builds): The build platform is isolated and ephemeral. This prevents cross-build contamination.
Level 4 (Hermetic Builds): The gold standard. The build process is fully isolated from the internet (no fetching dependencies on the fly). It guarantees that Source + Build Instructions = Identical Binary every time.

9. Infrastructure as Code (IaC): Security and Immutability

IaC (Terraform, CloudFormation) manages infrastructure via definition files.

9.1 Immutable Infrastructure

This is a paradigm shift from "mutable" servers that are patched and updated in place.

Definition: Once a server or container is deployed, it is never modified. If a change is needed (patch, update, config change), the old instance is destroyed and a completely new one is built from a verified image.33
Security Benefit: This eliminates Configuration Drift—the accumulation of ad-hoc, undocumented changes that leave systems vulnerable. It also ensures that a compromised server can be instantly replaced with a known-good state, eradicating persistent threats.34

9.2 Securing IaC Templates

Static Analysis: Security scanning must shift left to the IaC templates themselves. Tools scan Terraform code for misconfigurations (e.g., "S3 bucket public access is true") before the infrastructure is ever provisioned.35
Drift Detection: Runtime tools monitor the live environment. If a developer manually changes a security group in the AWS console (violating immutability), the tool detects the drift and can automatically revert it to the state defined in the code.36

10. API Security: The OWASP Top 10 (2023)

APIs are the exposed nerves of modern applications. The 2023 OWASP API Security Top 10 reflects the shift toward authorization failures as the primary risk.

10.1 API1:2023 - Broken Object Level Authorization (BOLA)

The Threat: This is the most critical API vulnerability. It occurs when an API endpoint exposes an object identifier (e.g., /user/123/invoice) and fails to validate that the current user has permission to access that specific object ID.
Attack: An attacker changes the ID to /user/124/invoice. If the server returns the invoice for User 124, BOLA is exploited.37
Mitigation: Authorization checks must be implemented at the object level in the code, not just the function level. Using GUIDs instead of sequential integers makes enumeration harder but does not solve the underlying authorization flaw.37

10.2 API2:2023 - Broken Authentication

The Threat: Flaws in how the API handles identity. This includes allowing weak passwords, failing to validate JWT signatures, or permitting credential stuffing (brute force) without rate limiting.38
JWT Specifics: A common failure is accepting tokens with the "None" algorithm (where the signature is stripped) or failing to verify the signature against the correct secret key.39

10.3 API7:2023 - Server Side Request Forgery (SSRF)

The Threat: An attacker induces the server to make an HTTP request to an arbitrary domain.
Cloud Context: In cloud environments, attackers use SSRF to hit the Instance Metadata Service (IMDS) (e.g., http://169.254.169.254/latest/meta-data/). This allows them to steal the temporary IAM credentials of the server, effectively taking over the cloud account.41
Mitigation: Disable HTTP redirects, allowlist permitted outbound domains, and block access to link-local addresses (like 169.254.x.x) at the network layer.42

11. Advanced Testing Methodologies: IAST and RASP

Testing has evolved beyond simple static and dynamic scans to integrated, real-time analysis.

11.1 Comparison of Methodologies

MethodTypeDescriptionProsConsSAST (Static)White BoxAnalyzes source code at rest for patterns of vulnerability.Finds bugs early (in IDE). 100% code coverage.

High false positives. Cannot see runtime config flaws.14

DAST (Dynamic)Black BoxScans running application from outside (HTTP requests).Finds runtime issues. Low false positives (proof of exploit).

Late in SDLC. Hard to pinpoint line of code. Struggles with SPAs.

IAST (Interactive)Glass BoxAgents instrumented inside the app during testing (QA). Monitors code execution in real-time.

Combines SAST precision with DAST context. Verifies if a data flow actually reaches a vulnerable sink.43

Requires a running environment. Language-specific dependencies.RASP (Runtime Protection)ProtectionAgents inside the app in production. Blocks attacks in real-time.

"Self-protecting" app. Can block SQLi based on query logic, not just signatures.44

Performance overhead. Risk of breaking app if misconfigured.

The Strategic Shift:

IAST is replacing DAST in many CI/CD pipelines because it is faster and provides the exact line of code to fix.45 RASP is being deployed as a last line of defense, particularly for legacy applications that cannot be easily patched or microservices running in hostile environments.46

12. Conclusion

The modern software security landscape is defined by complexity and velocity. The foundational concepts of the TCB and Reference Monitor have not vanished; they have been re-platformed into Service Meshes, Sidecars, and Hypervisors. Security has expanded its scope: it must "Shift Left" into the code (SAST, IaC scanning), "Shift Right" into production (RASP, Runtime Monitoring), and secure the "Middle" (Supply Chain, SBOMs, Container Registries).

Glossary of Terms

ACID (Atomicity, Consistency, Isolation, Durability): Properties of database transactions that guarantee data validity despite errors or failures.
Ambient Mesh: A service mesh architecture that uses a layered proxy approach (L4 secure overlay + L7 waypoints) without injecting sidecar containers into every application pod.
ASLR (Address Space Layout Randomization): A memory protection technique that randomizes the location of the stack, heap, and libraries to prevent memory corruption exploits.
BOLA (Broken Object Level Authorization): The #1 API vulnerability where an attacker accesses unauthorized data objects by manipulating object identifiers (IDs).
CI/CD (Continuous Integration/Continuous Delivery): A method to deliver apps to customers frequently by introducing automation into the stages of app development.
Cold Start: The delay in serverless computing when a function is invoked after inactivity, requiring the provider to spin up a new container instance.
Container Registry: A centralized repository (public or private) for storing and distributing container images (e.g., Docker Hub).
CycloneDX: A lightweight, security-focused SBOM standard developed by OWASP, optimized for vulnerability analysis.
DAST (Dynamic Application Security Testing): A black-box testing method that interacts with a running application to identify security vulnerabilities.
Dependency Confusion: A supply chain attack where a package manager is tricked into pulling a malicious package from a public repository instead of a private internal one.
Hermetic Build: A build process that is fully isolated, ensuring no external network dependencies influence the output, a key goal of SLSA Level 4.
IaC (Infrastructure as Code): Managing and provisioning infrastructure through machine-readable definition files rather than physical hardware configuration.
IAST (Interactive Application Security Testing): A testing methodology using instrumentation agents inside the application to identify vulnerabilities during runtime analysis.
Immutable Infrastructure: A paradigm where servers/containers are never modified after deployment; they are replaced with new instances for any update.
JWT (JSON Web Token): A compact, URL-safe means of representing claims to be transferred between two parties, widely used for stateless authentication.
Microservices: An architecture structuring an application as a collection of loosely coupled, independently deployable services.
Polyinstantiation: Instantiating multiple records with the same key but different security levels to prevent inference attacks in databases or OOP.
RASP (Runtime Application Self-Protection): Security technology running within an application that detects and blocks attacks in real-time.
Reference Monitor: The abstract machine concept that mediates all access to objects by subjects (e.g., enforced by a Security Kernel or Sidecar Proxy).
SAST (Static Application Security Testing): A white-box testing method analyzing source code for vulnerabilities without execution.
SBOM (Software Bill of Materials): A formal record of the supply chain relationships and components used to build software.
Security Kernel: The hardware/software implementation of the Reference Monitor concept (e.g., OS Kernel, Hypervisor).
Service Mesh: An infrastructure layer (using sidecars) that manages service-to-service communication, security (mTLS), and observability.
Sidecar Proxy: A container running alongside an application service to handle network traffic, security policies, and logging (e.g., Envoy).
SLSA (Supply-chain Levels for Software Artifacts): A security framework for ensuring the integrity of software artifacts from source to build.
SPDX (Software Package Data Exchange): An ISO standard format for SBOMs, focused heavily on license compliance and intellectual property.
SSRF (Server-Side Request Forgery): A vulnerability where an attacker forces a server to make requests to internal resources, often used to steal cloud metadata credentials.
TCB (Trusted Computing Base): The totality of protection mechanisms (hardware, firmware, software) responsible for enforcing a security policy.
Typosquatting: A supply chain attack using malicious packages named similarly to popular ones to catch developer typing errors.
Zero Trust: A security model assuming no entity is trusted by default; enforced in microservices via mTLS and strict policy checks.