Security terms

History

Software security emerged as a formal discipline in the 1970s–80s as computing systems became interconnected and targets for malicious actors; early work focused on access control, cryptography, and authentication mechanisms. The 2000s saw explosive growth in web-based applications, spurring widespread awareness of injection attacks, cross-site scripting, and broken authentication—codified in frameworks like OWASP's Top 10. The rise of cloud computing, APIs, and microservices in the 2010s shifted the security landscape toward supply chain vulnerabilities, container security, and DevSecOps integration. Today, security is embedded throughout the software development lifecycle rather than bolted on at the end, with threat modeling, secure coding practices, and continuous vulnerability scanning now standard in mature organizations. The field continues to evolve in response to emerging attack vectors, regulatory requirements (GDPR, SOC 2), and the increasing sophistication of adversaries.

Key concepts

• Authentication
• Authorisation
• Cross-Site Scripting (XSS)
• Cross-Site Request Forgery (CSRF)
• Insecure Direct Object Reference (IDOR)
• Broken Access Control
• HTTPS & TLS

Best references

• 
  OWASP Top 10 ↗ The definitive industry standard for the ten most critical web application security risks. Essential for understanding attack vectors like XSS, CSRF, broken authentication, and injection flaws covered throughout this category.
• 
  CWE/SANS Top 25 Most Dangerous Software Weaknesses ↗ Authoritative enumeration of the most impactful software weaknesses from a root-cause perspective. Directly maps to many terms in this category including deserialization, injection, and access control flaws.
• 
  CVSS v3.1 Specification ↗ The standard framework for assessing vulnerability severity. Essential reference for understanding how security issues are quantified and prioritized in the industry.
• 
  RFC 5234 & RFC 7230-7235 (HTTP/1.1 & Security Headers) ↗ Canonical specifications for HTTP protocol semantics and security header definitions. Authoritative source for understanding HSTS, CSP, CORS, and cookie security attributes.
• 
  NIST Cybersecurity Framework ↗ Government-backed guidance on risk management and security controls. Provides structured context for defensive security practices and the organizational principles behind vulnerability prevention.