Practice the pronunciation of security acronyms including CSRF, XSS, SAST, DAST, and CVE.
0 / 5 completed
1 / 5
How is 'CSRF' pronounced?
CSRF (Cross-Site Request Forgery) is most often pronounced /ˈsiːsɜːf/ — 'SEE-surf' (a popular spoken nickname), though many also spell it out as 'SEE ESS AR EFF'. The 'sea surf' pronunciation: 'SEE' = /siː/ + 'surf' = /sɜːf/ (the /ɜː/ vowel as in 'surf', 'bird'). Both forms are widely accepted. CSRF is an attack that tricks an authenticated user's browser into submitting unwanted requests to a web application: \'Add an anti-SEE-surf token to every state-changing form\'.
2 / 5
How is 'XSS' pronounced?
XSS (Cross-Site Scripting) is pronounced /ɛks ɛs ɛs/ — 'EKS ESS ESS', spelling out the three letters. X = /ɛks/, S = /ɛs/, S = /ɛs/. Note: although the first letter is written X, it stands for 'Cross' (to avoid confusion with CSS); it is still said as the letter 'EKS', not 'cross'. Non-native speakers sometimes try to say it as a word. XSS is a vulnerability where attackers inject malicious scripts into web pages viewed by other users: \'Escape all user input to prevent EKS ESS ESS\'.
3 / 5
How is 'SAST' pronounced?
SAST (Static Application Security Testing) is pronounced /sæst/ — 'SAST', rhyming with 'fast' and 'cast'. Single syllable: SAST. The short /æ/ as in 'last', followed by /st/. It is spoken as a word, not spelled out. Non-native speakers may use a long 'a' or add a vowel. SAST analyses source code or binaries for security vulnerabilities without executing the program, typically in CI pipelines: \'The pipeline runs a SAST scan on every pull request\'.
4 / 5
How is 'DAST' pronounced?
DAST (Dynamic Application Security Testing) is pronounced /dæst/ — 'DAST', rhyming with 'mast' and 'last'. Single syllable: DAST. The short /æ/ as in 'cast', followed by /st/. Like SAST, it is spoken as a word. Non-native speakers may use a long 'a'. DAST tests a running application from the outside (black-box), probing for vulnerabilities such as injection and misconfiguration: \'After deployment to staging, a DAST scan probes the live endpoints\'.
5 / 5
How is 'CVE' pronounced?
CVE (Common Vulnerabilities and Exposures) is pronounced /siː viː iː/ — 'SEE VEE EE', spelling out the three letters. C = /siː/, V = /viː/, E = /iː/. Three letters spoken individually: SEE-VEE-EE. It is never said as a word. CVE is a public catalogue of disclosed cybersecurity vulnerabilities, each assigned a unique identifier such as CVE-2024-12345: \'The scanner flagged a critical SEE VEE EE in the dependency\'.