Glossary

Product Engineering Glossary

Technical terms explained in plain language. Built for founders, product managers, and anyone working with engineering teams.

A B C D F G H I L M O P R S T V W Z

A

AI Code Generation

Using large language models to automatically produce source code from natural language descriptions, examples, or partial implementations.

API

Application Programming Interface — a contract that defines how different software systems communicate with each other.

Authentication vs Authorization

Authentication verifies who you are (identity). Authorization determines what you're allowed to do (permissions). Confusing the two is a common source of security vulnerabilities.

B

Blue-Green Deployment

A deployment strategy that maintains two identical production environments, allowing instant rollback by switching traffic between them.

C

Caching

Storing frequently accessed data in a fast temporary layer so your application doesn't repeatedly compute or fetch the same information.

CDN

A Content Delivery Network — a globally distributed network of servers that delivers web content to users from the nearest geographic location.

CI/CD

Continuous Integration and Continuous Deployment — automated pipelines that test, build, and deploy code changes reliably and repeatedly.

Code Review

Systematic examination of source code by developers other than the author to identify bugs, security issues, and architectural problems.

Containerization

Packaging an application with all its dependencies into a standardized unit (container) that runs consistently across any environment.

CORS

Cross-Origin Resource Sharing — a browser security mechanism that controls which domains can make requests to your API.

Cursor / AI IDE

AI-powered integrated development environments that embed large language models directly into the coding workflow for real-time code generation and editing.

D

Database Indexing

Creating optimized data structures in your database that dramatically speed up queries by allowing the database to find rows without scanning every record.

Database Migration

A version-controlled change to your database schema — adding tables, modifying columns, or transforming data — applied consistently across all environments.

F

Feature Flag

A configuration toggle that enables or disables a feature in production without deploying new code.

G

GraphQL

A query language for APIs that lets clients request exactly the data they need in a single request, rather than making multiple REST calls.

H

Hallucination (AI)

When an AI model generates confident but incorrect output — fabricated APIs, non-existent libraries, or plausible-looking code that doesn't actually work.

HIPAA

The Health Insurance Portability and Accountability Act — U.S. federal law that sets standards for protecting sensitive patient health information.

Horizontal Scaling

Adding more servers to handle increased load, as opposed to vertical scaling which means upgrading a single server.

I

IDOR

Insecure Direct Object Reference — a vulnerability where changing an ID in a URL or request exposes another user's data.

Incident Response

A structured process for detecting, investigating, and recovering from security breaches or production outages.

Infrastructure as Code

Managing and provisioning cloud infrastructure through machine-readable configuration files rather than manual console clicks.

ISO 27001

An international standard for information security management systems (ISMS) that demonstrates an organization's commitment to data protection.

L

Load Testing

Simulating realistic user traffic against your application to identify performance bottlenecks and failure points before real users hit them.

M

Microservices

An architecture pattern where an application is built as a collection of small, independent services that communicate over APIs.

Monitoring & Observability

The tools and practices that let you understand what your application is doing in production — from error rates to response times to resource usage.

MVP

Minimum Viable Product — the simplest version of a product that can be released to validate a business hypothesis with real users.

O

OWASP Top 10

The ten most critical web application security risks, maintained by the Open Web Application Security Project as an industry-standard awareness document.

P

Penetration Testing

Authorized simulated attacks on a system to identify security vulnerabilities before real attackers find them.

Prompt Engineering

The practice of crafting precise instructions for AI models to produce desired outputs, whether code, text, or other artifacts.

R

Rate Limiting

Restricting how many requests a user or IP address can make to your application within a given time window.

Refactoring

Restructuring existing code without changing its external behavior to improve readability, maintainability, and performance.

S

Session Management

The process of securely creating, maintaining, and invalidating user sessions to track authenticated users across multiple requests.

SOC 2

A compliance framework that verifies an organization handles customer data securely, based on five trust service criteria.

SQL Injection

An attack where malicious SQL code is inserted into application inputs to manipulate or extract data from the database.

T

Technical Debt

The accumulated cost of shortcuts, quick fixes, and deferred engineering decisions that make future development slower and riskier.

V

Vibecoding

Building software by describing what you want to an AI coding tool and iterating on the output, without writing code manually.

W

WebSocket

A communication protocol that enables persistent, two-way data exchange between a client and server over a single connection.

Z

Zero-Day Vulnerability

A software security flaw that is unknown to the vendor and has no available patch, giving attackers an advantage before a fix can be deployed.

Need help with the engineering side?

We speak both founder and engineer. Book a call and we'll translate.