Technology glossary
Terms from project management, Agile, web, life sciences, and security. Click on the headers in white to sort the terms alphabetically!| Category | Acronym | Term | Definition |
|---|---|---|---|
| Problem solving | Key drivers | Leading factors affecting performance for a company or business. | |
| Problem solving | Second-Order Effects | Every action has a consequence, and each consequence has another consequence, known as a second-order effect. Changing some aspect of a complex system always introduces Second-Order Effects, some of which may go against original intent of the change. | |
| Problem solving | Impact network | A technique to identify higher-level (second-order, third-order, fourth-order) effects. Designed to generate potential impacts of key events on future developments by identifying the possible effects of a given specific event. | |
| Security | PKI | Public Key Infrastructure | The system by which public keys are distributed and authenticated. PKI is primarily concerned with the distribution, authentication and revocation of digital certificates. |
| Security |
|
A certificate used to cryptographically link ownership of a public key with the entity that owns it. Digital certificates include the public key being certified, identifying information about the entity that owns the public key, metadata relating to the digital certificate and a digital signature of the public key created by the issuer of the certificate. | |
| Security | OATH | Initiative for Open Authentication | An industry-wide collaboration to use open standards for promoting the adoption of strong authentication. Has HOTP as its cornerstorne. |
| Security | BYOC | Bring Your Own Cloud |
Risks of BYOC:
|
| Software | Algorithm | A set of instructions that produces an output. The order of instructions matters. | |
| Software | Protocol | In computer science, a set of rules that determines how a system works. A set of rules governing the exchange or transmission of data between devices. The order of the rules might not matter. | |
| Security | Microsoft Cloud App Security | A Cloud Access Security Broker. The rebranded Microsoft version of Adallom. | |
| Security | Adallom | A Cloud Access Security Broker. A cloud security company that secures enterprise software-as-a-service (SaaS) application usage, audits user activity, and protects employees and digital assets from threats in real time. After the company was bought out by Microsoft, the product was rebranded as Microsoft Cloud App Security. | |
| Security | CASB | Cloud Access Security Broker | On-premises or cloud-based software that sits between cloud service users and cloud applications, and monitors all activity and enforces security policies. Examples:
|
| Security | Multi-mode Cloud Access Security Broker | Security is the prevention of high-risk events, while management is the monitoring and mitigation of high-risk events. A multi-mode CASB such as Netskope offers both. | |
| Security | Netskope | A Cloud Access Security Broker. Helps companies protect data and protect against threats in cloud applications, cloud infrastructure, and the web. Offers both management and security and is therefore a multi-mode CASB. | |
| Security | Authentication factors |
| |
| Security | Digital signature | A mathematical scheme for verifying the authenticity of digital messages or documents. A valid digital signature means that the message was created by a known sender (authentication), and that the message was not altered in transit (integrity). It employs asymmetric cryptography. Digital signatures are often used to implement electronic signatures, which have legal significance in the U.S. | |
| Security | SSH | Secure SHell | Cryptographic protocol. The primary method of securing remote terminals over an internet. |
| Security | OpenPGP | The most widely used email encryption protocol. Defined by the OpenPGP Working Group of the Internet Engineering Task Force (IETF) as a Proposed Standard. | |
| Security | S/MIME | Secure/Multipurpose Internet Mail Extensions | Email encryption protocol. |
| Security | IPSec | Internet Protocol Security | Cryptographic protocol. Provides encryption and/or authentication at the IP packet level. |
| Security | IETF | Internet Engineering Task Force | The premier Internet standards body, developing open standards through open processes. A large open international community of network designers, operators, vendors, and researchers concerned with the evolution of the Internet architecture and the smooth operation of the Internet. |
| Security | MAC | Message authentication code | A short piece of information used to confirm that the message came from the stated sender (authentication) and has not been changed (integrity). Sometimes known as a tag. |
| Security | Integrity | A key element of security in which there is proof that the contents of a message have not changed since it was sent. | |
| Security | Nonrepudiation | A key element of security in which the sender of a message cannot deny sending the message. | |
| Security | Challenge-response authentication | A family of protocols in which one party presents a question (challenge) and another party must provide a valid answer (response) to be authenticated. The simplest example of a challenge–response protocol is password authentication. | |
| Security | Encryption | The process by which unencrypted data, often referred to as plaintext, is encrypted using an encryption algorithm and an encryption key. | |
| Security |
|
A type of encryption that uses the same private key for both encryption and decryption. | |
| Security |
|
A type of encryption which uses two different but mathematically linked keys. Whatever is encrypted with a public key may only be decrypted by its corresponding private key and vice versa. | |
| Security | Public key | A large numerical value that is used to encrypt data and is most often provided by a trusted authority through a publicly accessible repository. In public-key encryption schemes, the encryption key is published for anyone to use and encrypt messages. However, only the receiving party has access to the decryption key that enables messages to be read. | |
| Security |
|
A large numerical value that is mathematically linked to the public key. Is created as part of public key cryptography during asymmetric-key encryption and used to decrypt and transform a message to a readable format. | |
| Security | Block cipher | A type of algorithm which encrypts data one fixed-size block at a time, unlike stream ciphers, which encrypt data bit by bit. | |
| Security | FPE | Format-Preserving Encryption | A class of algorithms in which the input and encrypted data are in the same format. For example, a credit card number composed of 16 digits will be encrypted as another 16-digit number. |
| Security | RSA | Rivest, Shamir, and Adelman | A commonly used encryption algorithm developed by
RSA Security
that uses public-key cryptography to share data over an insecure
network. Anyone can access the public key, but
the private key must be confidential.
You need both keys, one to encrypt the data
and the other to decrypt it.
RSA is secure because it factors large integers that are the product of two large prime numbers. Additionally the large key size increases the security. Most RSA keys are 1024-bits and 2048-bits long. The government and the IT industry recommend using 2048-bit keys only. Longer key size means it’s slower than other encryption methods. RSA is used for SSH authentication, for SSL encryption, and for protecting sensitive data in various browsers. Propriety algorithms patented by RSA Security:
|
| Security | 3DES | Triple Data Encryption Standard |
Commonly used symmetric block cipher encryption algorithm.
One of the successors of DES.
Since it encrypts data three times, this method is much slower than others.
Because it uses shorter block lengths, it is easier to decrypt and leak data.
In 1997, the National Institute of Standards and Technology (NIST) opened a contest for cryptographers to come up with algorithms to substitute the so-far popular standard (DES) because of the increasing concerns about vulnerabilities, with increases in processing power and its vulnerability to brute-force attacks due to the limited choice of encryption keys. Triple DES is used for online payments, by apps in the Microsoft Office package, and by Mozilla’s Firefox and Thunderbird. Many financial institutions use 3DES despite it slowly being phased out. |
| Security | AES | Advanced Encryption Standard |
Commonly used encryption algorithm.
A format-preserving symmetric block cipher encryption algorithm
used by the US Government to protect classified information.
Based on the Rijndael cipher.
Largely considered impervious to all attacks with the exception of brute force.
In 1997, the National Institute of Standards and Technology (NIST) opened a contest for cryptographers to come up with algorithms to substitute the popular standard DES. The goal was to develop a Federal Information Processing Standard (FIPS) specifying an encryption algorithm capable of protecting sensitive government information well into the 21st century. |
| Security | FIPS | Federal Information Processing Standard | Publicly announced standards developed by the United States federal government for use in computer systems by non-military government agencies and government contractors. The U.S. government has developed various FIPS specifications to standardize a number of topics including encryption standards, such as the Data Encryption Standard and the Advanced Encryption Standard. |
| Security | Twofish | Commonly used encryption algorithm based on Blowfish. Open source symmetric block cipher. Designed by Bruce Schneier. One of the fastest. Freely available (not patented). | |
| Security | Blowfish | Predecessor to Twofish. Commonly used encryption algorithm. Symmetric block cipher designed to replace DES. An alternative to the DES and RSA encryption methods. Designed in 1993 by Bruce Schneier as a general-purpose algorithm. One of the fastest. Freely available (not patented). Found in e-commerce and password management tools. | |
| Security | IDEA | International Data Encryption Algorithm | Commonly used encryption algorithm. Used in PGP Version 2. |
| Security | SHA 1 | Secure Hash Algorithm 1 | Commonly used encryption algorithm. A cryptographic hash algorithm similar to MD5. Its vulnerabilities are well known and NIST banned using SHA 1 by federal agencies in 2010. Still fairly widely used to validate credit card transactions, electronic documents, email PGP/GPG signatures, open-source software repositories, backups and software updates. |
| Security | MD5 | Message-Digest Algorithm | Commonly used hash function used to create digital signatures. Originally designed to be a cryptographic hash function, but suffers from extensive vulnerabilities. |
| Security | SHA 2 | Secure Hash Algorithm 2 | Commonly used encryption algorithm. A cryptographic hash algorithm used in Bitcoin. |
| Security | HMAC | Hash-based Message Authentication Code | Commonly used encryption algorithm. A cryptographic hash algorithm similar to MD5 and SHA 1. The main difference between HOTP (HMAC-based One Time Password) and TOTP (Time-based One-Time Password) is that the HOTP passwords can be valid for an unknown amount of time, while the TOTP passwords keep on changing and are only valid for a short window in time. TOTP is therefore considered to be a more secure One-Time Password solution. |
| Security | Cryptographic hash function | A class of hash functions suitable for use in cryptography. A mathematical algorithm that maps data of arbitrary size to a bit string of a fixed size (a hash). It is designed to be a one-way function, i.e. a function which is infeasible to invert. | |
| Security | Hash function | Any function that can be used to map data of arbitrary size onto data of a fixed size. The hash function takes a larger file as input, processes it, and returns a smaller output that contains a unique fingerprint of the file. The value returned by a hash function is called a hash value, hash code, digest, signature, or simply hash. If one bit of the original data changes, the hash/digest/signature changes. Hashing isn't an encryption method. Hashes are a one-way function for providing authentication. | |
| Security | SHA-3 | Secure Hash Algorithm 3 | A subset of the broader cryptographic primitive family Keccak, based on a novel approach called sponge construction. |
| Security | Keccak | A cryptographic primitive family based on a novel approach called sponge construction. Used in SHA-3. | |
| Security |
|
A class of algorithms that takes an input bit stream of any length and produces an output bit stream of any desired length. | |
| Security | NIST | National Institute of Standards and Technology | A physical sciences laboratory, and a non-regulatory agency of the United States Department of Commerce. Its mission is to promote innovation and industrial competitiveness. NIST hash function competition was an open competition to develop a new hash function called SHA-3 to complement the older SHA-1 and SHA-2. Winner was Keccak. |
| Security | Email spoofing | The creation of email messages with a forged sender address. | |
| Security | Phishing | The fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising as a trustworthy entity in an electronic communication. Typically carried out by email spoofing or instant messaging, it often directs users to enter personal information at a fake website, the look and feel of which are identical to the legitimate site. | |
| Security | Cryptoviral extortion | A technique in which the ransomware encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. | |
| Security | Ransomware | A type of malicious software from cryptovirology that threatens to publish the victim's data or perpetually block access to it unless a ransom is paid. | |
| Security | Adware | Software that generates revenue for its developer by automatically generating online advertisements in the user interface of the software or on a screen presented to the user during the installation process | |
| Security | Computer worm | A standalone malware computer program that replicates itself in order to spread to other computers. Often, it uses a computer network to spread itself, relying on security failures on the target computer to access it. Worms almost always cause at least some harm to the network, even if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer. | |
| Security | Computer virus | A type of malicious software that, when executed, replicates itself by modifying other computer programs and inserting its own code. | |
| Security |
|
Any malicious computer program which misleads users of its true intent. Trojans are generally spread by some form of social engineering, for example where a user is duped into executing an e-mail attachment disguised to appear not suspicious. Many modern trojans act as a backdoor, contacting a controller which can then have unauthorized access to the affected computer. Ransomware attacks are often carried out using a Trojan. Unlike computer viruses and worms, Trojans generally do not attempt to inject themselves into other files. | |
| Security | Dictionary attack | A form of brute force attack for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by trying hundreds or sometimes millions of likely possibilities, such as words in a dictionary. | |
| Security | Brute force | A trial and error method used by application programs to decode encrypted data through exhaustive effort rather than employing intellectual strategies. An infallible though time-consuming approach. | |
| Security | Honey encryption | Any time an incorrect password or encryption key is guessed, the system responds by delivering fake data to the intruder. | |
| Security | MITM | Man-in-the-middle attack | An attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other. One example of a MITM attack is active eavesdropping, in which the attacker makes independent connections with the victims and relays messages between them to make them believe they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. |
| Security | Replay attack | A form of network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed. A version of MITM. | |
| Security | DDOS | Distributed Denial-of-Service Attack | A malicious attempt to disrupt normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic. |
| Security |
|
A countermeasure to mitigate a DDoS attack in which network traffic is routed into a black hole and is lost. | |
| Security | IP Spoofing | The creation of Internet Protocol (IP) packets with a modified source address in order to hide the identity of the sender, impersonate another computer system, or both. | |
| Security | Botnet | A group of computers which have been infected by malware and have come under the control of a malicious actor. | |
| Security | SSO | Single Sign On | A session and user authentication service that permits a user to use one set of login credentials to access multiple applications. With SSO, a user logs in once, and gains access to all systems without being prompted to log in again at each of them. SSO allows a single authentication credential to access multiple or different systems within a single organization. |
| Security | RSO | Reduced Sign On | A term used to reflect the fact that single sign-on is impractical in addressing the need for different levels of secure access in the enterprise, and as such more than one authentication server may be necessary. |
| Security | LDAP | Lightweight Directory Access Protocol | A common way of doing SSO. An application protocol for querying and modifying items in directory service providers like AD, which supports a form of LDAP. |
| Security | CLDAP | Connectionless LDAP | A variant of LDAP that uses the User Datagram Protocol (UDP) for transport. |
| Network | UDP | User Datagram Protocol | A connectionless transport protocol which does not validate source addresses. Used across the Internet for especially time-sensitive transmissions such as video playback or DNS lookups. |
| Web | DNS | Domain Name System | The path through which Internet devices are able to lookup specific web servers in order to access Internet content. Its function is to translate between easy to remember names and hard to remember addresses of website servers. |
| Network | TCP | Transmission Control Protocol | A connected protocol used in conjunction with Internet Protocol (IP) to maintain a connection between the sender and the target and to ensure packet order. Requires a handshake to connect with the target system. |
| Security | Directory Service | A customizable information store from which users can locate resources and services distributed throughout the network. The database that forms a directory service is not designed for transactional data. | |
| Security | AD | Active Directory | A Microsoft product that manages permissions and access to networked resources. Based on LDAP plus Kerberos. Most authN and authZ services you'll encounter will be AD-based, typically using LDAP and/or ADFS. AD is a directory services database, and LDAP is one of the protocols you can use to talk to it. |
| Security | SWT | Simple Web Token | Protected by HMAC. Keys required for a token to be functional: Issuer, Audience, and ExpiresOn. Using OAuth 2.0, SWT can be sent in the HTTP authentication header (bearer scheme). The issuer and the relying party share a secret symmetric 256-bit key. |
| Security | SAML2 | Security Assertion Markup Language | A common way of doing SSO and an authentication/authorization protocol. Uses SAML Assertion as the token. SAML SSO works by transferring the user's identity from one place (a SAML authority i.e. the identity provider) to another (a SAML consumer i.e. the service provider) through an exchange of digitally signed XML documents. |
| Security | OAuth | Open Authentication | A common way of doing SSO and an authorization protocol that uses Access Tokens or JSON Web Tokens (JWT) as the token. Allows you to approve one application interacting with another on your behalf without giving away your password. The simplest example of OAuth is one website allowing you to login with another website’s login. A more complex example of OAuth is a Facebook app asking if it can have access to your photos. |
| Security | ADFS | Active Directory Federation Services | A common, AD-based way of doing SSO on Windows. Microsoft developed ADFS to extend enterprise identity beyond the firewall. It provides single sign-on access to servers that are off-premises. |
| Security | IdP | Identity Provider | General terms used in most SSO options. The Identity Provider authenticates the user and provides an authentication token to the service provider. |
| Security | Authentication token | Information that verifies the authenticity of the user. | |
| Security | SP | Service Provider | General terms used in most SSO options. A service provider is a federation partner that provides services to the user. |
| Security | Access Token | Access token used by OAuth or OpenID Connect authentication protocols. | |
| Security | JWT | JSON Web Token | A JSON-based open standard for creating access tokens. Used by the OAuth and OpenID Connect protocols. A JSON object defined as a safe way to represent a set of information between two parties. The token is composed of a header, a payload, and a signature. JWT is a type of token, and OAuth is a protocol that describes how to dispense tokens. JWT uses two mechanisms to secure the information: JSON Web Signature (JWS) and JSON Web Encryption (JWE). |
| Security | JWS | JSON Web Signature | The mechanism to sign the JWT information. |
| Security | JWE | JSON Web Encryption | The mechanism to encrypt the JWT information. |
| Security | CORS | Cross-Origin Resource Sharing | A mechanism that uses additional HTTP headers to tell a browser to let a web application running at one origin (domain) have permission to access selected resources from a server at a different origin. A web application executes a cross-origin HTTP request when it requests a resource that has a different origin (domain, protocol, and port) than its own origin. |
| Security | GUID | Globally Unique Identifier | A term used by Microsoft for a number that is programming generated to create a unique identity for an entity such as a Word document. There are a number of reported incidents in which the author of a document could be traced by the GUID in the document, even in circumstances where the author had taken exceptional care to maintain their anonymity. |
| Security | RSA Security | Computer and network security company named after its co-founders, Rivest, Shamir, and Adleman. | |
| Security | RSA BSAFE | A validated cryptography library offered by RSA Security. | |
| Security | OpenSSL | Open Secure Sockets Layer | A general purpose cryptography library for applications that prevent eavesdropping or need to identify the party at the other end. It provides an open source implementation of the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols and is widely used in Internet web servers, serving a majority of all web sites. |
| Security | SSL | Secure Sockets Layer | Deprecated predecessor to Transport Layer Security (TLS). |
| Security | TLS | Transport Layer Security | Cryptographic protocol designed to provide communications security over a computer network. Primary method for protecting HTTP (web) transactions. Aims to provide privacy and data integrity between two or more communicating computer applications. Widely used in applications such as web browsing, email, instant messaging, and voice over IP (VoIP). TLS supports pre-shared keys, secure remote passwords, elliptical-curve keys and Kerberos whereas SSL does not. |
| Security | PSK | Pre-shared keys | A shared secret which was previously shared between the two parties using some secure channel before it needs to be used. |
| Security | SRP | Secure remote password protocol | An augmented password-authenticated key agreement (PAKE) protocol. |
| Security | PAKE | Password-authenticated key agreement |
An interactive method for parties to establish cryptographic keys
based on the other party's knowledge of a password.
One party (the client or user) demonstrates to another
party (the server) that they know the password,
without sending the password itself.
The password never leaves the client and is unknown to the server.
An eavesdropper or man in the middle cannot obtain enough information to be able to brute force guess a password without further interactions with the parties for each few guesses. This means that strong security can be obtained using weak passwords. |
| Security | ECC | Elliptical-curve cryptography | An approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. ECC requires smaller keys compared to non-EC cryptography (based on plain Galois fields) to provide equivalent security. |
| Network | VoIP | Voice over IP | A methodology and group of technologies for the delivery of voice communications and multimedia sessions over Internet Protocol (IP) networks, such as the Internet. |
| Network |
|
The provisioning of communications services (voice, fax, SMS, voice-messaging) over the public Internet, rather than via the public switched telephone network (PSTN). | |
| Network | PSTN | Public switched telephone network | The aggregate of the world's circuit-switched telephone networks that are operated by national, regional, or local telephony operators, providing infrastructure and services for public telecommunication. |
| Network | IP | Internet Protocol | IP has the task of delivering packets from the source host to the destination host solely based on the IP addresses in the packet headers. |
| Security | OIDC | OpenID Connect | An open standard and decentralized authentication protocol that uses JSON Web Tokens (JWT) or Access Tokens. Allows users to login to multiple unrelated websites without having to have a separate identity and password for each. Technologies: REST, JSON. |
| Security | FIM | Federated Identity mgmt |
Provides single access to multiple systems across different enterprises.
Users from company A can authenticate to an application on company B
using their company A credentials.
For example, a user can login to one of the federated applications
using either their Facebook credentials OR Google credentials
given that the IdP accepts both.
User credentials are no longer stored or validated by the service provider.
Instead, the identity provider validates the user and notifies
the service provider that the user is who they say they are.
It uses one of several technologies to do this:
|
| Security | WIF | Windows Identity Foundation | A Microsoft software framework for building identity-aware applications. It provides APIs for building ASP.NET or WCF based security token services as well as tools for building claims-aware and federation capable applications. |
| Security | WCF | Windows Communication Foundation | A framework for building service-oriented application software. |
| Security | WS-F | Web Services Federation | An Identity Federation specification developed by a group of companies. Part of the larger Web Services Security framework, it defines mechanisms for allowing different security realms to broker information on identities, identity attributes and authentication. |
| Security | WS-Security | Web Services Security | An extension to SOAP to apply security to Web services. It is a member of the Web service specifications and was published by OASIS. |
| Security | OASIS | The Organization for the Advancement of Structured Information Standards | A global nonprofit consortium that works on the development, convergence, and adoption of open standards for security, Internet of Things, energy, content technologies, emergency management, and other areas. |
| Security | FIDO | Fast Identity Online | 2-factor system. A set of technology-agnostic security specifications for strong authentication. Supports the Universal Authentication Framework (UAF) and the Universal Second Factor (U2F) protocols |
| Security | FIDO2 | Fast Identity Online | The passwordless evolution of FIDO U2F. |
| Security | Passwordless authentication |
A type of authentication where
users can log in with a magic link,
fingerprint, or token that is delivered
via email or text message.
Magic link via email: The user enters their email address. A unique token or code is then created and stored. An email with a URL that contains the unique token will be generated and sent to the user. When the link is clicked by the user, your server verifies that the unique token is valid and exchanges it for a long-lived token, which is stored in your database and sent back to the client to be stored typically as a browser cookie. A onetime code via e-mail: The user enters their email address and an email is sent to the user with a unique onetime code. Once the user enters this code into your application, your app validates that the code is correct, a session is initiated and the user is logged in. A one-time code via SMS: The user enters a valid phone number, then a unique onetime code is sent to the phone number. Once the user enters this code into your application, your app validates that the code is correct and that the phone number exists and belongs to a user, a session is initiated, and the user logged in. Fingerprint: The user places their finger on a mobile device. A unique key pair is generated on the device and a new user is created on the server that maps to the key. |
|
| Security | CTAP | Client to Authenticator Protocol | The part of FIDO that defines the interface to the hardware tokens. |
| Security | WebAuthn | An extensible web authentication API developed within W3C which supports both existing FIDO U2F and upcoming FIDO2 credentials. | |
| Web | W3C | World Wide Web Consortium | An international community where member organizations, a full-time staff, and the public work together to develop Web standards. |
| Security | SMS | Short Message Service | 2-factor system. Better than a password, but not too hard to intercept or pretext/port numbers. SMS is the most widely used type of text messaging. With an SMS, you can send a message of up to 160 characters to another device. Longer messages are normally split up into multiple messages. |
| Network | SS7 | Signalling System 7 | The system/protocols for phone calling |
| Security | authN | Authentication | Who you are. Authentication ensures that the individual or entity is who or what they claim to be, but says nothing about their access rights. A key element of security in which the origin of a message can be verified. |
| Security | authZ | Authorization | What you can do. The process of giving individuals access to system objects based on their identity. |
| Security | Push authN | Push Authentication | Push authN systems like Duo Security or Apple's default on iPhones are better than SMS. Users verify their identity by responding to a push notification that is sent to their mobile devices. The authentication is protected by utilizing a One Time Password in the response message back, thereby protecting against replay attacks. |
| Security | TOTP | Time-based One-Time Password | A time-based one-time password (TOTP) is a temporary passcode, generated by an algorithm, for use in authenticating access to computer systems. In two-factor authentication, a user must enter a traditional, static password and a TOTP to gain access. A TOTP can be generated as a soft token on a phone. Red Hat's FreeOTP is the best soft token. |
| Security | HOTP | HMAC-based One-Time Password | A one-time password (OTP) algorithm based on hash-based message authentication codes (HMAC). It is a cornerstone of the Initiative for Open Authentication (OATH). A HOTP can be generated as a soft token on a phone. Red Hat's FreeOTP is the best soft token. |
| Security | U2F | Universal 2nd Factor | An open authentication standard that strengthens and simplifies two-factor authentication (2FA) using specialized Universal Serial Bus (USB) devices. FIDO U2F tokens enable users to quickly and securely access any website or online service that supports the FIDO U2F protocol using a single device. To authenticate, a user simply inserts a universal serial bus (USB) token into any port. Then, the user presses the U2F token button and enters his or her password or PIN. |
| Security | UAF | Universal Authentication Framework | A protocol allowing online services to offer password-less and multi-factor security. |
| Security | 2FA |
|
A security process in which the user provides two different authentication factors to verify themselves to better protect both the user's credentials and the resources the user can access. |
| Security | MFA | Multi-factor authentication | A security system that requires more than one method of authentication from independent categories of credentials to verify the user's identity for a login or other transaction. |
| Security |
|
A type of two-factor authentication security device that may be used to authorize the use of computer services. Software tokens are stored on a general-purpose electronic device such as a desktop computer, laptop, PDA, or mobile phone and can be duplicated. | |
| Security |
|
A physical device used to gain access to an electronically restricted resource and often used in two-factor authentication. | |
| Security | Disconnected token | Type of security token which uses a built-in screen to display the generated authentication data, which the user enters manually themselves via a keyboard or keypad. | |
| Security | Connected token | Type of security token which must be physically connected to the computer with which the user is authenticating. The most common types of connected tokens are smart cards and USB tokens, such as FIDO U2F tokens. | |
| Security | Contactless token | Type of security token which forms a logical but not physical connection to the client computer. Can use near-field communication (NFC), radio-frequency identification (RFID), or Bluetooth. | |
| Security | Contactless smart cards | Type of smart card which does not require physical contact between a card and reader. They are becoming more popular for payment and ticketing. Typical uses include mass transit and motorway tolls. | |
| Security | Contactless payment systems | Credit cards, debit cards, key fobs, smart cards, smartphones or other devices that use radio-frequency identification (RFID) or near field communication (NFC) for making secure payments. Examples of contactless payment systems that use NFC: Samsung Pay, Apple Pay, Google Pay, Fitbit Pay, Merpay. | |
| Security | Apple Pay | Contactless payment system that uses near field communication (NFC). | |
| Security | Google Pay | Contactless payment system that uses near field communication (NFC). | |
| Security | NFC | Near-field communication | A set of communication protocols that enable two electronic devices, one of which is usually a smartphone, to establish communication by bringing them within 4 cm of each other. NFC devices are used in contactless payment systems, allowing mobile payment to replace or supplement smartcards. |
| Security | RFID | Radio-frequency identification | A wireless technology standard which uses electromagnetic fields to automatically identify and track tags attached to objects. |
| Security | Bluetooth | A wireless technology standard for exchanging data between fixed and mobile devices over short distances using short-wavelength UHF radio waves. | |
| Security |
|
Type of connected security token, typically a plastic credit card sized card with an embedded integrated circuit. | |
| Security | Kerberos | A cryptographic protocol for single sign on and authenticating users against a central authentication and key distribution center (KDC). It works by giving authenticated users tickets granting them access to various services on the network. A computer network authentication protocol for authenticating service requests between trusted hosts across an untrusted network, such as the internet. It uses tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. It is the default authorization technology used by Microsoft Windows, and is built in to all major operating systems. Kerberos can use a variety of cipher algorithms to protect data. The three parts of the protocol are the client, the server, and the Key Distribution Center (KDC) | |
| Security | KDC | Key Distribution Center | Kerberos' trusted third-party authentication service. |
| Security | Kerberos-based | A common method for SSO. Initial sign-on prompts the user for credentials, and gets a Kerberos ticket-granting ticket (TGT). | |
| Security | TGT | Ticket-Granting Ticket | A small, encrypted identification file with a limited validity period used in the Kerberos authentiction protocol. |
| Security | HTTPS | HyperText Transfer Protocol Secure | When you send sensitive information over an HTTPS connection, no one can eavesdrop on it in transit. HTTPS is what makes secure online banking and shopping possible. |
| Security | UMRA | User Management Resource Administrator | Identity & Access mgmt |
| Web | WCAG | Web Content Accessibility Guidelines |
A standard and checklist for
making Web content more accessible to people with disabilities,
as well as for mobile phones.
Examples:
|
| Web | 4 core principles of web accessibility |
Websites must be:
| |
| Web | ADA | Americans with Disabilities Act | A civil rights law that prohibits discrimination against individuals with disabilities in all areas of public life, passed in 1990 |
| Architecture | MTPOD | Maximum Tolerable Period of Disruption | The maximum amount of time that key products can be unavailable after an event that causes disruption to operations. |
| Problem solving | SMART |
|
Year-end goals should be SMART. The problem definition in the 7 steps of McKinsey's problem-solving technique should be SMART. |
| Problem solving | MECE | Mutually Exclusive, Collectively Exhaustive | An issue tree, used in the 7 steps of McKinsey's problem-solving technique, should be MECE. Criteria for reporting on application health should be MECE. |
| Problem solving | Back-of-the-envelope analysis | A quick and dirty way to come up with answers by making simplified assumptions. Similar to back-of-the-napkin. | |
| Problem solving | Back-of-the-napkin analysis | A quick and dirty way to come up with answers by making simplified assumptions. Alternatively, used in the business world to describe sketching out a quick, rough idea of a business or product. Similar to back-of-the-envelope. | |
| Problem solving | McKinsey's 7 steps of problem solving |
| |
| Problem solving |
|
A problem solving tool that breaks a problem into discrete chunks. It is a graphical breakdown of a question that dissects it into its different components vertically, progresses into details as it reads to the right, is mutually exclusive/collectively exhaustive (MECE), and consistently answers a "why" or "how" question. | |
| Problem solving | 5 Whys | An iterative interrogative technique and problem-solving tool used to explore the cause-and-effect relationships underlying a particular problem. | |
| Problem solving |
|
A visualization tool for categorizing the potential causes of a problem in order to identify its root causes. Particularly useful in a group setting and for situations in which little quantitative data is available for analysis. | |
| Problem solving | 80/20 |
|
The principle that for many events, roughly 80% of the effects come from 20% of the causes |
| Software | Forming, storming, norming, and performing | Psychologist Bruce Tuckman coined the phrase in his 1965 article, "Developmental Sequence in Small Groups," to describe the path that most teams follow on their way to high performance. | |
| Agile | Sprint goal | A short, one- or two-sentence description of what the team plans to achieve during the sprint. It is written collaboratively by the team and the product owner. Example: Release a valuable increment to the customer within one sprint | |
| Agile | Interdependencies |
How to address interdependencies in Scrum:
| |
| Agile | Fix version | In Jira, the version where you plan on releasing a feature or bugfix to customers. This field is used for release planning, monitoring progress and velocity, and is used widely in reporting. | |
| Agile | Sprint Planning Meeting |
| |
| Agile | INVEST |
| Criteria for writing good user stories. If the story fails to meet one of these criteria, the team may want to reword it. |
| Agile | Story mapping | The process of ordering user stories along two independent dimensions. The horizontal axis represents user activities over time. The vertical axis represents decreasing necessity of stories. The first horizontal row maps out a minimum viable product or walking skeleton, a barebones but usable version of the product. Working through the rows fleshes out the product with additional functionality. | |
| Agile | MVP | Minimum viable product | A version of a new product which allows a team to collect the maximum amount of validated learning about customers with the least development effort. A concept from Lean Startup that stresses the impact of learning in new product development. |
| Agile | MMF | Minimum Marketable Feature | A small, self-contained feature that delivers significant value to the user with the least development effort. |
| Agile | Phased delivery |
How to use phased delivery to increase project value:
| |
| Agile | Collective Code Ownership | The explicit convention that every team member is encouraged to make changes to any code file as necessary: either to complete a development task, to repair a defect, or even to improve the code's overall structure. | |
| Problem solving | DMAIC |
|
5 steps in the Six Sigma problem-solving methodology |
| Software | SDLC | Software Development Lifecycle | SDLC is mostly concerned with the process of writing software
|
| DevOps | DevOps | Development and Operations | DevOps bridges the gap between software creation and its use, with particular focus on the steps to get software built and deployed. Plan, code, build, test, release, deploy, operate, monitor. |
| DevOps | ALM | Application Lifecycle mgmt | ALM is the broad, encompassing idea that includes both SDLC and DevOps. ALM is everything from birth to death of a product. In addition, activities like portfolio management and the service desk are part of ALM but not of SDLC or DevOps. |
| DevOps | CM | Configuration Management | The process of systematically handling changes to a system in a way that it maintains integrity over time. Puppet, Ansible, Chef and Salt are popular CM tools. |
| DevOps | CI | Continuous Integration |
The process of automating the build and testing of code every time a team member commits changes to version control. Tools used to do so:
|
| DevOps | CD | Continuous Delivery | The practice of keeping your codebase deployable at any point,
and deployment to Production is manual.
Application should:
|
| DevOps | CD | Continuous Deployment | The process of releasing any code that passes the automated testing phase into the production (or staging) environment automatically. |
| Agile | BDD | Behavior Driven Development | A software development process in which acceptance tests drive the design of a product. Focuses on feature behaviors, i.e. how a feature operates within a well-defined scenario of inputs, actions, and outcomes. Behavior specs become the requirements, the acceptance criteria, and the acceptance tests. Also known as Acceptance Test Driven Development (ATDD) or Specification by Example (SBE). |
| Agile | GWT | Given-When-Then | A way of writing acceptance criteria. GWT translates well into automated tests. The most common Behavior Driven Development (BDD) test frameworks are Cucumber derivatives that write specs in the "Given-When-Then" Gherkin language. |
| Agile | Gherkin | A business readable, domain specific Language that lets you describe software's behaviour without detailing how that behaviour is implemented. | |
| Software | TDD | Test Driven Development | Failing tests are initially created, after which the actual software code created, which aims to pass the newly-generated tests |
| Business | FTS | Follow the Sun | A type of global knowledge workflow designed to reduce the time to market, in which the knowledge product in one timezone is handed off at the end of their work day to the next production site that is several time zones west to continue that work |
| Business | GDSE | Globally Distributed Software Engineering | Global software teams distributed across time zones |
| Agile | ATDD | Acceptance Test Driven Development | An approach in which acceptance tests help drive the design of a product. Also known as Behavior Driven Development (BDD) or Specification by Example (SBE). |
| Agile | SBE | Specification by Example | SBE requires business stakeholders to provide realistic scenarios for how the software will be used and those examples are used to determine the scope of the project. Also known as Behavior Driven Development (BDD) or Acceptance Test Driven Development (ATDD). |
| Software |
|
Adding manpower to a late software project makes it later. From a book on software engineering and project management by Fred Brooks first published in 1975 | |
| Agile | SAFe | Scaled Agile Framework | Scaled Agile Framework is a development methodology for scaling Agile in an enterprise, developed by Scaled Agile. |
| Software | FSM | Finite State Machine | A machine which can be in exactly one of a finite number of states at any given time. Stateful. Example: a turnstile can be either locked or unlocked in response to the input of a coin or a push. |
| Agile | XP | Extreme Programming | Similar to other Agile Methods of development, Extreme Programming aims to provide iterative and frequent small releases throughout the project |
| Agile | RAD | Rapid Application Development | A method of software development which heavily emphasizes rapid prototyping and iterative delivery. |
| Software | CRM | Customer Relationship Management | A technology for managing a company's relationships and interactions with customers/potential customers. |
| Architecture | IaaS | Infrastructure as a service | The most basic level of the cloud computing service models. Offers virtual and physical machines, servers, storage options, load balancers, and networks. |
| Architecture | PaaS | Platform as a service | One level up from IaaS. Offers operating systems, databases, web servers, and development tools. |
| Architecture | Client-server model | A distributed architectural style that separates the system into two applications. service providers (servers) and service requestors (clients). Uses a request-response messaging pattern. | |
| Architecture | ERP | Enterprise Resource Planning | Systems used by organizations to manage day-to-day business activities, such as accounting, procurement, project management and manufacturing. A key principle is the central collection of data for wide distribution. |
| Architecture | DDD | Domain Driven Design | Also known as Events First Domain Driven Design. Model the system by mapping the events first. Divide all your microservices into groups focused on one business function. |
| Architecture | Microservice characteristics |
| |
| Architecture | Compensating transactions | A way of maintaining data integrity over distributed services. Before the message is passed on, a microservice will put some information into the message about how to reverse the transaction that just happened. | |
| Architecture | Messages in microservices |
Messages in microservices start at one end and terminate at the other.
A microservice would get a JSON, modify it some way, then pass it on.
| |
| Architecture | Microservice pros and cons |
Advantages:
| |
| Architecture | Monolithic architecture pros and cons |
Advantages:
| |
| Architecture | 10 best practices in REST API design |
| |
| Architecture | API Gateway | Programming that sits in front of an application programming interface (API) and acts as a single point of entry for a defined group of microservices. In addition to accommodating direct requests, gateways can be used to invoke multiple back-end services and aggregate the results. | |
| Architecture | REST | Representational State Transfer |
An architectural style in which data and functionality are considered resources and are accessed using Uniform Resource Identifiers (URIs).
Works by making a call from a client to a server and getting
a response back (typically in JSON) over the HTTP protocol.
REST can use four different HTTP verbs (GET, POST, PUT, and DELETE) to perform tasks. Six architectural constraints:
|
| Web | HTTP verbs |
| |
| Web | GET | An HTTP verb to retrieve data. It is expected to be idempotent (repeating the query does not have any side effects) and can only send limited amounts of parameter data to the server. GET requests include all required data in the URL. | |
| Web | POST | An HTTP verb that supplies additional data from the client (browser) to the server in the message body. Forms in HTML can use either GET or POST by specifying method="POST" or method="GET" (default) in the <form> element. | |
| Web | Session | The main difference between a session and a cookie is that session data is stored on the server, whereas cookies store data in the visitor's browser. Sessions are more secure than cookies as they are stored on the server. Cookies can be turned off from the browser. | |
| Web | URI | Uniform Resource Identifier | Used in RESTful architecture to represent data and functionality. Nouns are better than verb. |
| Web | URL | Uniform Resource Locator | The address of a World Wide Web page. |
| Web | Application state | Information about where you are in the interaction used during a session with an application. | |
| Web | Resource state | The kind of permanent data a server stores which lasts beyond a single session of interactions. | |
| Web | Stateful | The server or program keeps track of the state of interaction, usually by setting values in a storage field designed for that purpose. Examples: finite state machine (FSM), File Transfer Protocol (FTP) | |
| Web | Stateless |
HTTP (the transport protocol between the server and the client)
is "stateless" because it remembers nothing between requests.
HTTP requests are independent and may occur in any order.
Important properties brought about by statelessness:
| |
| Web |
| Helps the website keep track of your visits and activity. Authentication cookies track whether a user is logged in and under what name. Session cookies are used only when a person is actively navigating a website, and disappear once you leave the site. Tracking cookies may be used to create long-term records of multiple visits to the same site. Supercookies can be a potential security concern, and many browsers offer a way to block them. A zombie cookie recreates itself after being deleted. | |
| Database | CRUD |
|
Database actions |
| Web | SOAP | Simple Object Access Protocol | An XML based protocol for accessing Web Services. |
| Architecture | API | Application Programming Interface | A set of clearly defined methods of communication between various software components. APIs enable Web-service “mashups,” in which developers use mix and match APIs from Google or Facebook or Twitter to create entirely new apps and services. |
| Web | AJAX | Asynchronous JavaScript And XML | AJAX can update a web page without reloading the page and send data to a web server in the background. |
| Software | OOP | Object Oriented Programming | Divides the responsibilities of an application or system into objects, each containing the data and the behavior relevant to the object. |
| Problem solving | RCA | Root Cause Analysis |
A method of problem solving used for identifying the root causes of
problems. RCA is based on four principles:
|
| Problem solving | Average | Average = (sum of items) / (number of items) | |
| Problem solving | Weighted Average | Weighted Average = ((average * weight number) + (average * weight number)) / sum of weight numbers | |
| Problem solving | Root cause | A factor which if removed will prevent the final undesirable outcome from happening again. | |
| Problem solving | Causal factor | A factor that affects an event's outcome, but is not a root cause. | |
| Agile | AUP | Agile Unified Process | Agile software development framework |
| Business | ACP | Application Continuity Planning | Instructions for what to do in case of disaster such as the entire server farm going down. |
| Database | ACID |
|
A set of properties of database transactions to guarantee validity even in the event of errors, power failures, etc. |
| Database | Atomicity | A transaction must be all or nothing. | |
| Database | Consistency | All data integrity constraints are satisfied. Data is in a consistent state when a transaction starts and when it ends. | |
| Database | Isolation | One of the goals of isolation is to allow multiple transactions to occur at the same time without impacting the execution of each. | |
| Database | Durability | Transactions that have committed will survive permanently. | |
| Business | ITG | IT Governance | Processes that ensure the effective and efficient use of IT in enabling an organization to achieve its goals. |
| Project mgmt | RACI |
|
A system to describe the participation by various roles in completing tasks or deliverables for a project or business process. Also known as:
|
| Project mgmt | PMBOK | Project management Body of Knowledge | The collection of processes, best practices, terminologies, and guidelines that are accepted as standards within the project management industry. Developed by the Project Management Institute. |
| Project mgmt | WBS | Work Breakdown Structure | Visually defines the scope into manageable chunks that a project team can understand. |
| Project mgmt | PBS | Product Breakdown Structure | A tool for analyzing, documenting and communicating the outcomes of a project, and forms part of the product based planning technique. |
| Web | 12 Factor Apps | A manifesto maintained by platform-as-a-service (PaaS) provider Heroku
describing a methodology for developers to follow
when building modern web-based applications.
There are twelve principles, including:
| |
| QA | Fix-fail errors | Situation when a bug was reported by QA, Dev supposedly fixes it, it goes back to QA for verification, and it's still not fixed. | |
| QA | Time to fix | The amount of time between when something breaks and when it is fixed. | |
| QA | Bug find rate | The number of defects/bugs found by the team during the process of testing. | |
| QA | Defects Deferred Percentage | The percentage of defects deferred by the team for future releases. | |
| QA | Critical Defects Percentage | Measures the percentage of critical defects out of all defects reported in the software. | |
| QA | Critical defect | A show stopper. The functionality cannot be delivered unless that defect is cleared. | |
| QA | Major defect | A major flaw in functionality that does not prevent its release. | |
| QA | Test Coverage | The extent to which the software product’s complete functionality is covered | |
| QA | Escaped defects | The number of defects that reach production. One of the most direct measures of QA success. | |
| QA | Defect leakage | Percentage of defects found in UAT | |
| Web | NPS | Net Promoter Score | Used for assessing customer satisfaction and product performance. How likely is it that you would recommend our company/product/service to a friend or colleague? Calculated by subtracting the percentage of customers who are Detractors (score of 0 to 6) from the percentage of customers who are Promoters (score of 9 to 10). Passives are score 7 to 8. |
| Software | NFR | Non-functional requirements | Example: tech debt. Best practice is to address these alongside functional requirements. |
| QA | Functional testing |
Testing the application against the business requirements. Seven types:
| |
| QA | Performance testing |
Non-functional testing used to determine performance of a piece of software.
| |
| Security | 6 basic principles of security |
| |
| Security | Availability | A key element of security which guarantees that systems, applications and data are available to users when they need them. The most common attack that impacts availability is denial-of-service. The attacker interrupts access to information, system, devices or other network resources. | |
| Security | Security testing |
Non-functional testing used to determine of the information and data
in a system is protected. Goal is to find loopholes and security risks.
| |
| Security | Security posture | The security status of an enterprise’s hardware, software and policies, its capability to manage its defenses and its ability to react as the situation changes | |
| QA | UFT | Unified Functional Testing | A commercial automated web testing tool for functional testing that provides a comprehensive feature set for API, web services, and GUI testing. |
| QA | Selenium | An open source automated web testing tool to perform web application testing across various browsers and platforms like Windows, Mac, and Linux. | |
| QA | Katalon Studio | A free automated web testing tool for web application, mobile, and web services. Built on top of the Selenium and Appium frameworks. | |
| QA | TestComplete | A commercial automated web testing tool for web, mobile, and desktop testing. | |
| QA | JUnit | A unit testing framework for the Java programming language. Important in the development of test-driven development (TDD). One of a family of unit testing frameworks which is collectively known as xUnit. | |
| QA | SonarQube | Offers reports on duplicated code, coding standards, unit tests, code coverage, code complexity, comments, bugs, and security vulnerabilities. | |
| QA | Serenity BDD | An automated acceptance testing tool that also includes code coverage. Open source. | |
| QA | Cucumber | An automated acceptance testing tool that runs behavior-driven development (BDD) style tests. | |
| QA | JBehave | A Java-based framework supporting Behaviour-Driven Development (BDD) with automated acceptance tests. | |
| QA | Opkey | Supports Acceptance Test Driven Development (ATDD) and Behavior driven development (BDD) with automated acceptance tests and build-in Gherkin editor. Integrates with build tools like Jenkins, Bamboo, Maven. | |
| QA | Code coverage | A measure of how many lines, statements, or blocks of code are tested using your suite of automated tests. Most code coverage tools are for unit tests only. | |
| Architecture | Swagger | A suite of API developer tools for teams and individuals, enabling development across the entire API lifecycle, from design and documentation to test and deployment. By reading your API's structure, it can automatically build interactive API documentation. | |
| DevOps | Azure Devops | The source control tool from Microsoft that used to be called VSTS | |
| DevOps | VSTS | Visual Studio Team Services | The source control tool from Microsoft that is now called Azure Devops |
| DevOps |
| Develop your features and bug fixes in feature branches based off your master branch. | |
| DevOps |
| A Git branching strategy/workflow. All development for a new feature is performed in a dedicated feature branch. This allows multiple developers the ability to iterate on a feature without modifying master. | |
| DevOps | Centralized branching strategy | A Git branching strategy/workflow. All changes are committed directly to master. No other branches are necessary for this workflow. | |
| DevOps | Gitflow | A Git branching strategy/workflow. Builds upon the Feature Branch workflow. However instead of just a master branch, you create additional branches with very specific purposes. Create version tags off of master to mark a release. | |
| DevOps | Microsoft's branching guidance | A Git branching strategy/workflow similar to Gitflow. The biggest difference is the lack of merging. Similar to the Feature Branch workflow, create feature branches off of master. When it’s time for a release, create a new release branch for that version. Any fixes to a release should be cherry picked to all of the other relevant branches that need the fix. No need for tagging versions. | |
| DevOps | Fork & merge | A branching strategy/workflow. Rather than everyone working off the same centralized repo, every developer gets their own server-side repo to work on. Typically used in the open source community like projects on GitHub. | |
| DevOps | Pull request | A request to merge that triggers code review. Create a pull request, code review happens, someone accepts it, merge up. | |
| Software | SCOM | Systems Center Operations Manager | A central component of the Microsoft System Center suite used to monitor the health and performance of everything from servers to individual applications. |
| DevOps | DevSecOps | Development, Security, Operations | The philosophy of integrating security practices within the DevOps process |
| QA | RTM | Requirements Traceability Matrix | A document that maps user requirements with test cases |
| Security | SAST | Static Analysis Security Testing | Alongside detecting violations in coding best practices, static code analyzers detect security vulnerabilities in code that you own and in (possibly insecure) libraries that you import |
| Security | DAST | Dynamic Analysis Security Testing | Examines an application from the outside in its running state, much like what an attacker would |
| Architecture |
| Use Swagger Codegen to generate a server stub for your API, then implement the server logic. Design interface; test interface; build the back end. | |
| Architecture | ESB | Enterprise Service Bus | An architecture and set of rules and principles for integrating numerous applications together over a bus-like infrastructure. |
| Architecture | MVC | Model-View-Controller | An architectural pattern commonly used for developing user interfaces that divides an application into three interconnected parts. Model is the application's data structure. View can be any representation of information, such as a chart or diagram. Controller accepts input and converts it to commands for the model or view. |
| Architecture | APIM | API Management | API management platforms like AWS, Azure, IBM. |
| Architecture | HATEOAS | Hypermedia as the engine of application state | An architectural style that lets the client dynamically navigate to the appropriate resource by traversing hypermedia links in the response contents. Having accessed an initial URI for the REST application, a REST client should be able to use server-provided links to discover all the available actions and resources it needs. |
| Architecture | Hypermedia | The concept of sending a representation of a resource along with the controls (such as links) that lead to next steps. Instrumental to statelessness. | |
| Architecture | WSDL | Web Services Description Language | An XML-based interface definition language that is used for describing the functionality offered by a web service; often used with SOAP |
| Architecture | XML | eXtensible Markup Language | A metalanguage which allows users to define their own customized markup languages, especially in order to display documents on the Internet. A markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. |
| Architecture | JSON | JavaScript Object Notation | A syntax for storing and exchanging structured data in key-value pairs
over a network connection. It is used primarily to transmit data between a server and web application, serving as an alternative to XML.
Example:
var jason = {
"age" : "24",
"hometown" : "Missoula, MT",
"gender" : "male"
};
|
| Web | HTML | Hypertext Markup Language | A standardized system for tagging text files to achieve font, color, graphic, and hyperlink effects on World Wide Web pages |
| Web | HTTP | Hypertext Transfer Protocol | An application protocol for distributed, collaborative, hypermedia information systems. Designed under the constraints of the REST architectural style; stateless. |
| Network | FTP | File Transfer Protocol | A standard network protocol used for the transfer of computer files between a client and server on a computer network built. Uses client-server model architecture. Stateful. |
| Architecture | OAS | OpenAPI Specification | A programming language-agnostic specification for REST APIs, which allows both humans and computers to discover and understand the capabilities of a service. Originally known as the Swagger Specification. |
| Architecture | RAML | RESTful API Modeling Language | A YAML-based specification for describing REST APIs. |
| Architecture | SaaS | Software as a Service | A method of software delivery that allows data to be accessed from any device with an Internet connection and web browser. |
| Software | ITSM | IT Service mgmt | IT Service Management. Example: ServiceNow |
| Database | JDBC | Java Database Connectivity | A standard Java API for database-independent connectivity between the Java programming language and a wide range of databases |
| Architecture | CORBA | Common Object Request Broker Architecture | A standard developed by the Object Management Group (OMG) to provide interoperability among distributed objects |
| Architecture | OMG | Object Management Group | A non-profit consortium created in 1989 to promote the theory and practice of object technology for the development for distributed operating systems |
| Architecture | AWS | Amazon Web Services | Platform for cloud computing |
| Architecture | VPC | Amazon Virtual Private Cloud | Lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. |
| Architecture | EC2 | Elastic Compute Cloud | A platform for running applications on the Amazon Web Services (AWS) infrastructure. An EC2 instance is a virtual server in Amazon's Elastic Compute Cloud (EC2). You can scale servers up or down, or add servers, all from a dashboard. |
| Architecture | S3 | Amazon Simple Storage Service | For storing objects like files, folders, images, documents, songs, etc. It cannot be used to install software, games or operating systems. |
| Architecture | Elasticsearch |
| |
| Architecture | ELK | Elasticsearch, Logstash, Kibana | Designed to allow users to take to data from any source, in any format, and to search, analyze, and visualize that data in real time. |
| Agile | Burndown chart | Shows how much work is remaining to be done in the project | |
| Agile | Burnup chart | Shows how much work has been completed, and the total amount of work. | |
| Agile | Velocity chart | Tracks the amount of work completed from sprint to sprint. This helps determine the team's velocity and estimate the work the team can realistically achieve in future sprints. | |
| Agile | Control chart | Shows the cycle time for your product, version or sprint. This helps you identify whether data from the current process can be used to determine future performance. | |
| Agile | Cycle Time | A measure of the elapsed time when work starts on an item (story, task, bug) until it's ready for delivery. Tells how long in calendar time it takes to complete a task. | |
| Agile | 4 values of the Agile Manifesto |
| |
| Agile | 12 principles of the Agile Manifesto |
| |
| Agile | The Agile Manifesto | Born out of frustration with the lag between business requirements and delivery in the 1990s. A group of seventeen thought leaders met in 2000 and 2001 to develop the Agile Manifesto and the Twelve Principles. | |
| Agile | Agile anti-patterns |
| |
| Agile | 3 core pillars of Scrum |
| |
| Agile | 5 key values of Scrum |
| |
| Agile | 3 roles in a Scrum team |
| |
| Agile | 5 Scrum ceremonies |
| |
| Agile | Daily Scrum |
| |
| Agile | Backlog Refinement Meeting |
| |
| Agile |
| A consensus-based, gamified technique for estimating, mostly used to estimate effort or relative size of development goals in software development. Members of the group make estimates by placing numbered cards face-down to the table, instead of speaking them aloud. Each estimator is holding a deck of Planning Poker cards with values like 0, 1, 2, 3, 5, 8, 13, 20, 40 and 100. The cards are revealed, and the estimates are then discussed The group votes, discusses, then revotes. | |
| Agile | Story points | A method of estimation in Agile. A relative measure of complexity, i.e. how big a feature is compared to other features. Removes the notion of time from the estimate Team productivity is measured separately as Velocity. The team uses a modified Fibonacci sequence: 1, 2, 3, 5, 8, 13. The reason for this is to reflect the inherent uncertainty in estimating larger items. | |
| Agile | Definition of Ready - user story |
| |
| Agile | Sprint Retrospective |
| |
| Agile | Scrum disadvantages |
| |
| Agile | Scrum benefits |
| |
| Agile | DoD | Definition of Done - user story |
A list of criteria which must be met before a user story is considered done.
|
| Agile | DoD | Definition of Done - sprint |
A list of criteria which must be met before a sprint is considered done.
|
| Agile | DoD | Definition of Done - release |
A list of criteria which must be met before a release is considered done.
|
| Web | Alpha Release | The first complete version of a program or application, which is most likely unstable, shown to a selected group, usually internal users. | |
| Web | Beta Release | The last version before wide production release, often tested by users under real-world conditions. | |
| Agile | Dual-Track Scrum | The objective of the discovery track is to validate ideas quickly and efficiently. The objective of the delivery track is to build, test and deploy production-ready code. Ideas are prototyped in the discovery track and the findings are fed into the delivery track. The discovery to delivery process continuously repeats throughout the product's life. | |
| Agile | SoS | Scrum of Scrums | A method of scaling Agile. Nominate one member per team to attend the Scrum of Scrums. |
| Agile | Kanban | A methodology originally developed for manufacturing to reduce waste, Kanban is all about improving speed and quality of delivery by increasing visibility of work in progress and limiting multi-tasking. | |
| Agile | Kanban board | A workflow management and visualization tool, on which Kanban cards are placed and moved around to illustrate the progress of the work. | |
| Project mgmt | Project Kickoff Meeting |
Typical agenda:
| |
| Project mgmt | BRUF | Big Requirements Up Front | The situation in Waterfall where requirements are defined at length before development begins. |
| Project mgmt | Project stages |
| |
| Project mgmt | Waterfall | A methodology in which projects are fully planned then executed through the phases of the SDLC, as opposed to Agile methodology, which divides the project development lifecycle into sprints. All the project development phases are completed once, as opposed to Agile methodology, which is iterative. | |
| Project mgmt | MoSCoW method |
| A prioritization technique used in management, business analysis, project management, and software development to reach a common understanding with stakeholders on the importance they place on the delivery of each requirement. |
| Project mgmt | Smartsheet | A cloud-based spreadsheet-inspired task and project management tool with collaboration and communication features for Agile project management. | |
| Project mgmt | 6 key traits of a good program manager |
| |
| Project mgmt | Resource calendar | A calendar identifying the working days and shifts during which each resource is available. | |
| Project mgmt | Risk register |
A tool used to identify potential risks in a project,
sometimes to fulfill regulatory compliance but mostly to stay
on top of potential issues that can derail intended outcomes.
Includes information about each identified risk:
| |
| Project mgmt |
|
Includes:
| |
| Project mgmt | Project plan |
In IT, any document that displays project activities along a timeline,
such as a Gantt chart.
More broadly, might include:
| |
| Project mgmt | Prioritization matrix | A system to rate each project in terms of criteria. It uses a weighted scale to put a rating on each of the criteria in order to accurately evaluate the priority of each project. | |
| Project mgmt | Assumption | The event has a likelihood between 0% and 100% of occurring. | |
| Project mgmt | Constraints | Limitations that are outside the control of the project team and need to be managed around. | |
| Project mgmt | Crashing | A schedule compression technique used to shorten the schedule duration for the least incremental cost by adding resources. | |
| Project mgmt | Fast tracking | A schedule compression technique in which activities or phases normally done in sequence are performed in parallel for at least a portion of their duration. | |
| Project mgmt | Schedule compression | A technique to shorten the schedule duration without reducing scope. | |
| Project mgmt | Scope | The way you describe the boundaries of the project. Defines what the project will and won't deliver. | |
| Project mgmt | Sponsor | The person who has ultimate authority over the project. | |
| Project mgmt | Risk | Potential external events that will have a negative impact on your project. Refers to the probability the event will occur and its impact on the project. | |
| Project mgmt | Milestone | A scheduling event that indicates the completion of a major deliverable or a set of deliverables. A milestone has no duration or effort. | |
| Project mgmt | Gantt chart | A bar chart that depicts activities as blocks over time. The start and end of the block correspond to the start and end-date of the activity. | |
| Project mgmt | Issue | A major problem that will impede the progress of the project and that can't be resolved by the project manager and project team without outside help. | |
| Project mgmt | Critical path | The sequence of activities that must be completed on time for the entire project to be completed on time. It is the longest duration path through the workplan. | |
| Project mgmt | CPM | Critical path method | A technique used to complete projects on time by focusing on key tasks. By focusing on the tasks that make up the critical path, the project manager maximizes the chances of completing the project on time. |
| Project mgmt | Analogous estimating | A technique for estimating the duration or cost of an activity or a project using historical data from a similar activity or project. | |
| Project mgmt |
| Time, scope, cost. | |
| Project mgmt | Bottom-Up Estimating | A method of estimating project duration or cost by aggregating the estimates of the lower-level components of the work breakdown structure (WBS). | |
| Project mgmt | Scope change management | The management of change to previously approved scope statements and requirements. Scope is defined and approved in the scope section of the project definition (charter) and the more detailed business requirements. Scope change management means you need to manage, control, and document all changes to your project scope. Scope creep is a major indicator that scope management is lacking because the scope changes have increased project costs and could potentially extend the project schedule. | |
| Project mgmt | Workplan (schedule) | A document that tells you how you will complete the project. It describes the activities required, the sequence of the work, who is assigned to the work, an estimate of how much effort is required, when the work is due, and other information of interest to the project manager. | |
| Project mgmt | Steering committee | A group of high-level stakeholders who are responsible for providing guidance on overall strategic direction. | |
| Project mgmt | Stakeholder | Specific people or groups who have a stake in the outcome of the project. Includes internal clients, management, employees, and administrators from within the company. A project can also have external stakeholders, including suppliers, investors, community groups, and government organizations. | |
| Project mgmt | PMO | Project Management Office | A group that defines and maintains project management standards across an organization. It's responsible for keeping best practices and project status and directions in one place, enabling the repetition and execution of the organization’s initiatives. |
| Project mgmt | Servant leadership |
Servant leadership,
coined by Robert K. Greenleaf in an essay first published in 1970,
is a philosophy in which the main goal of the leader is to serve.
A servant-leader shares power, puts the needs of the employees first,
and helps people develop and perform as highly as possible.
10 characteristics of servant leadership:
| |
| Project mgmt | Team engagement |
5 strategies for team engagement:
| |
| Life sciences | URS | User Requirements Specification | Deliverable in a regulated life sciences project. Should contain clear, concise, and testable requirements. |
| Life sciences | Validation plan | Deliverable in a regulated life sciences project. | |
| Life sciences | Validation summary | Deliverable in a regulated life sciences project. | |
| Life sciences | DQ | Design Qualification | Phase of validation in a regulated life sciences project. Shows that a piece of technology – a device, apparatus, machine or system – has a GMP-compliant (Good Manufacturing Practice) design. |
| Life sciences | IQ | Installation Qualification | Phase of validation in a regulated life sciences project. The IQ records the installation of the software, and ensures that the installation follows the correct steps. |
| Life sciences | OQ | Operation Qualification | Phase of validation in a regulated life sciences project. The OQ tests that the solution is working using test data in general. This maps to the requirements in the Functional Specification, and ensures the product meets all the predetermined requirements. |
| Life sciences | PQ | Performance Qualification | Phase of validation in a regulated life sciences project. Tests that the application consistently produces products that meet all requirements under real life conditions. The last test before production. |
| Life sciences | MQ | Maintenance Qualification | Phase of validation in a regulated life sciences project. |
| Life sciences | CQ | Component Qualification | Phase of validation in a regulated life sciences project. |
| Life sciences | GMP | Good Manufacturing Practice | A set of regulations, rules, and guidelines published by all healthcare authorities. A system for ensuring that products are consistently produced and controlled according to quality standards. Example of healthcare authorities include US Food and Drug Administration (FDA) and World Health Organization (WHO). |
| Life sciences | FDA | US Food and Drug Administration | Healthcare authority |
| Life sciences | WHO | World Health Organization | Healthcare authority |
