Skip to main content
A quick reference for the terms you’ll see throughout Osto and these docs.

Assets & objects

  • Asset — something Osto protects: a domain, an endpoint user, or a server.
  • Domain — a website, web app, or subdomain you protect with Osto.
  • Endpoint User — a person in your organization (and their device) covered by endpoint policies.
  • Secure Server — a host you register so users reach it only through Osto, never directly.
  • Secure Gateway — a single host that brokers access to multiple child servers behind it.
  • Object — a reusable building block referenced by policies: a Domain Category, Application group, Port, or Schedule.
  • Schedule Class — a time window (such as Forever or a set day/time range) that controls when a policy applies.

Web protection

  • Web Application Protection (WAF) — Osto’s protection layer that inspects and filters traffic to your sites.
  • Detect Mode / Prevent Mode — whether a site’s protection only observes and logs (Detect) or actively blocks (Prevent).
  • DDoS Protection — defenses against volumetric, traffic-flooding attacks.
  • Bot Mitigation — detection and blocking of automated/bot traffic.
  • Advanced policy — per-domain controls including URL Protection, Parameter Protection, Data Theft Protection, Cookie Security, and rate/request limits.
  • API Discovery — automatic detection of API endpoints served by your protected domains.

Endpoint protection

  • Device Control — rules for hardware (USB, Bluetooth, Wi-Fi, etc.).
  • App Control — rules for which application categories users can run.
  • Domain Filtering — allow/block rules for the website categories users can reach.
  • Data Leakage Prevention (DLP) — rules that limit how sensitive data can be moved or copied.

Scanning & code security

  • Web Scanner / App Scanner — vulnerability scans for your websites and mobile app builds.
  • SAST — static application security testing: analysis of your source code for vulnerabilities.
  • SCA — software composition analysis: scanning your dependencies for known vulnerabilities.
  • Secret detection — finding hardcoded credentials, keys, or tokens in code.
  • CWE / CVE — industry-standard identifiers for a class of weakness (CWE) or a specific known vulnerability (CVE).
  • KEV — Known Exploited Vulnerabilities; flags issues with active real-world exploitation.
  • Osto Risk Score — Osto’s prioritization score combining severity, exploit likelihood, and known-exploited status.

Posture & compliance

  • Cloud Security Posture — continuous discovery of cloud assets and security findings across AWS, Azure, and GCP.
  • AutoComply — Osto’s compliance automation for frameworks like SOC 2.
  • Framework — a compliance standard (e.g. SOC 2) made up of requirements and controls.
  • Control — a specific safeguard that helps satisfy a framework requirement.
  • Attestation — a formal statement, generated from your organization details, used in compliance reporting.
  • Security Awareness Training — assignable training programs that satisfy “train your people” controls.