5 exercises on pronouncing common security acronyms and terms aloud.
0 / 5 completed
1 / 5
How is "OAuth" (the authorization framework) said aloud?
OAuth is commonly said either as "oh-AUTH" /oʊˈɔːθ/ or as "O-Auth" (the letter O + "auth"). "Auth" /ɔːθ/ has the voiceless TH /θ/ as in "thin." So "authenticate with OAuth," "an OAuth flow." The "O" stands for "Open." Both pronunciations are used; "oh-AUTH" runs them together, "O-Auth" separates the letter. The TH is always voiceless.
2 / 5
How is "JWT" (JSON Web Token) said aloud?
JWT is pronounced either as the acronym "jot" /dʒɒt/ (one syllable) or spelled out "J-W-T" (jay-double-u-tee). "Jot" is widely used informally; "J-W-T" is used formally. So "verify the JWT" can be said either way. In interviews and technical discussions, both are understood. The W is "double-u," making it three parts: "jay-double-u-tee."
3 / 5
How is "CSRF" (Cross-Site Request Forgery) said aloud?
CSRF is almost always spelled out as "C-S-R-F" /siː ɛs ɑːr ɛf/ — "see, ess, ar, eff." Saying the full "cross-site request forgery" is also done when clarity is needed. So "protect against C-S-R-F," "a C-S-R-F token." Do not say "see-surf" or rhyme it with "scarf." Each letter is spoken individually.
4 / 5
How is "XSS" (Cross-Site Scripting) said aloud?
XSS is spelled out as "X-S-S" /ɛks ɛs ɛs/ — "ex, ess, ess" — or described as "cross-site scripting" when full clarity is needed. So "prevent X-S-S attacks," "an X-S-S vulnerability." The three-letter abbreviation is standard in security discussions. Do not say "ziss" or blend the letters.
5 / 5
How is "RBAC" (Role-Based Access Control) said aloud?
RBAC is spelled out as "R-B-A-C" /ɑːr biː eɪ siː/ — "ar, bee, ay, see." So "implement R-B-A-C," "an R-B-A-C policy." Some informally say "ARE-back" treating it as a word, but spelling it out is the standard form in professional contexts. Similarly, "ABAC" (attribute-based) is "A-B-A-C."