Security testing glossary

Plain-language definitions of application, API, cloud, and AI security testing terms, written by practitioners who run scoped, non-disruptive assessments for B2B SaaS teams.

Use this glossary as a reference when evaluating security testing approaches.

Alphabetical index of security testing terms

Each entry is a concise definition with context on how the term shows up in real security testing, plus links to related concepts for quick cross-reference.

A

Terms starting with A

AI Red Teaming

Adversarial testing for AI-enabled product behavior, tools, retrieval, agents, and workflows.

AI Agent Security

Security risks in agent autonomy, tool access, memory, and privilege boundaries.

API Security Testing

Testing APIs for authentication, authorization, data exposure, and abuse paths.

B

Terms starting with B

Business Logic Testing

Finding workflow abuse, rule bypasses, and design flaws unique to your product.

C

Terms starting with C

Cloud Security Testing

Assessing cloud configurations, IAM posture, and exposure across providers.

I

Terms starting with I

IAM Security

Testing identity and access controls for roles, policies, and privilege boundaries.

K

Terms starting with K

Kubernetes Security

Evaluating cluster configuration, workload isolation, and supply chain risks.

L

Terms starting with L

LLM Security

Risks in model behavior, prompt handling, and integration controls.

M

Terms starting with M

MCP Security

Security of Model Context Protocol tools, servers, and trust boundaries.

P

Terms starting with P

Penetration Testing

Manual, exploit-focused testing of real-world attack paths.

Prompt Injection

Manipulating model instructions to change or leak behavior.

Browse glossary topics by category

Group terms by the kind of testing or system surface you are exploring.

AI and LLM security

Coverage for model behavior, tool access, and prompt-driven risks.

Application and API testing

Definitions focused on application logic, data paths, and API abuse.

Cloud and infrastructure testing

Terms that cover identity, configuration, and workload protection.

Safe next step

Have a question about a term or how it applies?

Share what you are building and the terminology that is unclear. We will point you to the right glossary entries, explain how we test, and outline scope only if you want it.

Ask a question

or read the first pentest guide first

No commitment required
Plain-language answers
You decide the pace