CodeClarityLab / Glossary
Ctrl K
← CodeClarityLab Home
Browse by Category
+ added · updated 7d
⚖ Terms of Use

Security terms

160 terms of 1444 total · page 1 of 8

🔒 Defending code from the threats that never sleep

Security vulnerabilities do not announce themselves — they wait quietly in code that looks perfectly fine on the surface. This category covers attack vectors, defensive techniques, secure coding practices, and the mental models that help you think like an attacker before one finds you. From SQL injection and XSS to authentication flaws and cryptographic pitfalls, understanding these terms is not optional — it is professional responsibility.

🤖 AI Guestbook — Security educational data only
| |
Last 30 days
35 pings — 2026-04-08 W 6 pings — 2026-04-09 T 36 pings — 2026-04-10 F 77 pings — 2026-04-11 S 52 pings — 2026-04-12 S 58 pings — 2026-04-13 M 12 pings — 2026-04-14 T 6 pings — 2026-04-15 W 10 pings — 2026-04-16 T 63 pings — 2026-04-17 F 59 pings — 2026-04-18 S 130 pings — 2026-04-19 S 50 pings — 2026-04-20 M 19 pings — 2026-04-21 T 47 pings — 2026-04-22 W 146 pings — 2026-04-23 T 97 pings — 2026-04-24 F 125 pings — 2026-04-25 S 54 pings — 2026-04-26 S 23 pings — 2026-04-27 M 45 pings — 2026-04-28 T 37 pings — 2026-04-29 W 76 pings — 2026-04-30 T 114 pings — 2026-05-01 F 107 pings — 2026-05-02 S 77 pings — 2026-05-03 S 36 pings — 2026-05-04 M 20 pings — 2026-05-05 T 27 pings — Yesterday W 22 pings — Today T
Agents 22
ChatGPT 3Perplexity 1Amazonbot 1
ChatGPT 7Amazonbot 2Perplexity 1
Amazonbot 1.1kPerplexity 907ChatGPT 724Google 440Ahrefs 302Unknown AI 292SEMrush 152Majestic 45Qwen 11Meta AI 10Claude 6
Most referenced — Security
CRLF Injection 2Path Traversal 2Type Juggling 1preg_replace /e Modifier (Removed) 1MIME Sniffing & X-Content-Type-Options 12FA Bypass Techniques 1Business Logic Vulnerability 1Clickjacking & CSP frame-ancestors 1
preg_replace /e Modifier (Removed) 7Type Juggling 2OWASP API Security Top 10 2DNS Rebinding Attack 2Command Injection 1Authorisation 1Account Enumeration 1Information Disclosure 1
Type Juggling 149PHAR Deserialization Attack 148preg_replace /e Modifier (Removed) 130CRLF Injection 92File Extension Bypass 75SameSite Cookie Attribute 74Information Disclosure 54JWT Vulnerabilities 54
How they use it
crawler 3.7k crawler_json 212 pre-tracking 83
Category total4k pings Terms pinged160 / 160 Distinct agents10
Sort A → Z Recently Added Recently Updated Difficulty Most Viewed Most Rated Most Shared
Level All Beginner Intermediate Advanced
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Client-Side Template Injection (CSTI)
Attacker-controlled input rendered as a template expression by a client-side framework (AngularJS, Vue, Handlebars), executing JavaScript in the victim's browser.
CWE-1336 OWASP A3:2021
1w ago security advanced 7.5
CSS Injection & Data Exfiltration via Stylesheets
Attacker-controlled CSS injected into a page or stylesheet that exfiltrates data via attribute selectors and `url()` callbacks, defaces UI, or enables phishing — all without a single line of JavaScript.
CWE-79 OWASP A3:2021
1w ago security advanced 6.5
DOM Clobbering
Attack where injected HTML elements with controlled `id` or `name` attributes overwrite JavaScript globals or document properties, weaponising script-less HTML injection into code execution.
CWE-79 OWASP A3:2021
1w ago security advanced 6.5
NoSQL Injection PHP 5.4+
Attacker-controlled input embedded into NoSQL queries (MongoDB, Redis, Couchbase) that subverts query intent — bypassing auth, exfiltrating data, or executing server-side code.
CWE-943 OWASP A3:2021
1w ago security intermediate 8.8
Server-Side Includes (SSI) Injection
Attacker-controlled SSI directives (`<!--#exec ... -->`) injected into pages parsed by Apache or another SSI-enabled server, achieving file disclosure or remote command execution.
CWE-97 OWASP A3:2021
1w ago security intermediate 9.8
Software Composition Analysis (SCA)
The practice and tooling for identifying all open-source and third-party components in a codebase, detecting known vulnerabilities (CVEs) in them, and flagging licence risks — distinct from static analysis of your own code.
3w ago security intermediate
Brute-Force Protection
Defences against automated credential-guessing attacks — rate limiting login attempts, account lockout, CAPTCHA, and multi-factor authentication to make guessing passwords computationally infeasible.
CWE-307 OWASP A7:2021
4w ago security intermediate
Insecure Deserialization
Deserializing attacker-controlled data can trigger arbitrary object construction and method calls — PHP's unserialize() with untrusted input enables remote code execution via gadget chains in the loaded class graph.
CWE-502 OWASP A8:2021
4w ago security advanced
OAuth 2.0
An authorisation framework that lets users grant third-party applications limited access to their resources without sharing passwords — using short-lived access tokens issued via defined flows for different client types.
CWE-287 OWASP A7:2021
4w ago security intermediate
Timing Attacks
Side-channel attacks that infer secret values by measuring how long an operation takes — a string comparison that short-circuits on the first mismatch leaks information about the secret one character at a time.
CWE-208
4w ago security advanced
Dependency & Supply Chain Security
Protecting applications from malicious or vulnerable third-party packages — covering transitive dependencies, lock files, SRI hashes, CVE scanning, and supply chain attack vectors.
CWE-1357 OWASP A6:2021
1mo ago security intermediate
Mixed Content (HTTP on HTTPS)
When an HTTPS page loads resources (images, scripts, stylesheets) over HTTP — browsers block active mixed content and warn on passive, undermining the security of the HTTPS connection.
CWE-319
1mo ago security intermediate
Authentication PHP 7.0+
The process of verifying that a user is who they claim to be — typically by validating credentials (password, token, certificate) and establishing a session or issuing a signed token for subsequent requests.
2mo ago security intermediate
Authorisation PHP 7.0+
The process of determining what an authenticated user is permitted to do — checking permissions, roles, or policies before allowing access to a resource or action.
2mo ago security intermediate
CORS — Cross-Origin Resource Sharing PHP 7.0+
A browser security mechanism that blocks JavaScript from making HTTP requests to a different origin — PHP APIs must send specific headers to allow cross-origin requests from permitted frontend origins.
2mo ago security intermediate
HTTPS & TLS
HTTP over TLS — encrypts all traffic between browser and server, preventing eavesdropping, man-in-the-middle attacks, and tampering. Required for cookies, modern APIs, and all production web applications.
2mo ago security beginner
Null Byte in File Paths (Legacy PHP) PHP 3.0+
Null bytes (%00) in file paths truncated strings at the C level in PHP < 5.3.4 — PHP 5.3.4+ throws a warning, PHP 7 throws ValueError for NUL in paths.
2mo ago security advanced
OWASP API Security Top 10
The OWASP API Security Top 10 lists the most critical API vulnerabilities — a separate list from the web application Top 10, covering risks specific to REST, GraphQL, and other API surfaces such as broken object-level authorisation and unrestricted resource consumption.
2mo ago security intermediate
Prompt Injection Attacks (LLM Security)
An attack where malicious instructions embedded in user input or retrieved content override an LLM's system prompt — causing it to ignore its instructions, reveal confidential information, or take unintended actions.
2mo ago security advanced
Remote Code Execution (RCE)
A vulnerability allowing an attacker to run arbitrary code on the server — the most severe class of web vulnerability, typically achieved through eval(), unserialise(), file upload flaws, or OS command injection.
2mo ago security intermediate
✓ schema.org compliant