Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.
Training Camp • Cybersecurity Glossary
A whitelist (allowlist) is a default-deny security model that permits only explicitly approved users, apps, IPs, or domains and blocks everything else by default.
Whitelist Definition: A whitelist (allowlist) is a default-deny security model that permits only explicitly approved users, apps, IPs, or domains and blocks everything else by default.
A whitelist, increasingly called an allowlist, is a security control that explicitly defines the users, applications, devices, IP addresses, or domains permitted to access a resource, and denies everything not on the list. It enforces a default-deny posture: rather than blocking known-bad items, it allows only known-good ones, which is generally far more restrictive and secure than blacklisting.
Whitelisting can be applied at many layers. Application whitelisting permits only approved executables to run, blocking unknown malware by default. Network whitelisting allows traffic only from approved IP ranges or to approved destinations. Email whitelisting trusts specific senders, and access-control lists whitelist particular identities. The control depends on a maintained, authoritative list and a matching mechanism such as file hashes, digital signatures, paths, IPs, or certificates; signature- or hash-based application whitelisting is stronger than path-based, which attackers can sometimes bypass.
For security, whitelisting is one of the most effective defenses against malware and unauthorized access because it stops novel and zero-day threats that signature-based blacklisting misses, an unknown program simply is not allowed to execute. It directly supports least privilege and is recommended in guidance such as NIST SP 800-167 on application allowlisting and the CIS Controls. The trade-offs are operational: the list must be kept current as legitimate software updates and new business needs arise, and overly broad rules (whitelisting an entire folder anyone can write to) can undermine the protection. The terminology is shifting to allowlist/blocklist for clarity and inclusivity.
For example, a hospital configures application whitelisting on clinical workstations so only digitally signed, approved medical and office applications can run, identified by publisher signature and hash. When a phishing email tricks a user into launching a malicious executable, the program is not on the allowlist and the operating system refuses to run it, neutralizing the attack that traditional antivirus might have missed. The security team updates the list through change control whenever a vetted application is added.
Turn knowledge into credentials with our instructor-led cybersecurity boot camps.
View All Courses →