Security Assessment - A "Holistic Big Picture" review of security, though technical security testing, security process review, and security audits.
Server Side Attacks – An attack initiated against a listening service by an attacker.
Client Side Attacks – An attack initiated by the victim/client, often by clicking on a link on the web or in an email.
Host Discovery – Determining which IP addresses in the network have live system. Techniques include ARP scans, passive listening, ICMP Sweeps, IPv6 neighbor discovery and many more.
Port Scanning – Scanning TCP and UDP ports on one or more hosts to determine which are open. Nmap is a common port scanning tool.
Service Fingerprinting – Determining which services are running on specific ports, as opposed to determining the service by the port number, which may be wrong. For example, a user may attempt to “hide” an unauthorized service by placing it on the HTTP port, port 80. Service fingerprinting will figure out what that service is.
OS Fingerprinting – Determining what OS exists at an IP address. Accomplished by sending a variety of packets and examining the replies. Nmap and Xprobe3 are common tools.
Vulnerability Scanners – Tools which scan over the network looking for known vulnerabilities. These go way beyond simple port scans. Examples include Nessus, Qualys, SAINT, and many more.
Penetration Testing – A proactive detective measure whose goals are to find exploitable vulnerabilities before an adversary can. Penetration testers attempt to “break in” within a carefully defined scope.
Fuzzing – Automated stress testing, commonly used to
find potential vulnerabilities.
Get a PDF of The CISSP Acronym Edge: CISSP Study & Review Guide - signup below & I'll send it to you.