CodeClarityLab / Glossary
Ctrl K
← CodeClarityLab Home
Browse by Category
+ added · updated 7d
⚖ Terms of Use

Security terms

26 terms of 1444 total · page 1 of 2

🔒 Defending code from the threats that never sleep

Security vulnerabilities do not announce themselves — they wait quietly in code that looks perfectly fine on the surface. This category covers attack vectors, defensive techniques, secure coding practices, and the mental models that help you think like an attacker before one finds you. From SQL injection and XSS to authentication flaws and cryptographic pitfalls, understanding these terms is not optional — it is professional responsibility.

Sort A → Z Recently Added Recently Updated Difficulty Most Viewed Most Rated Most Shared
Level All Beginner Intermediate Advanced
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
HTTPS & TLS
HTTP over TLS — encrypts all traffic between browser and server, preventing eavesdropping, man-in-the-middle attacks, and tampering. Required for cookies, modern APIs, and all production web applications.
2mo ago security beginner
Hardcoded Credentials PHP 5.0+
Passwords, API keys, or tokens written directly into source code — permanently exposed to anyone with repository access and impossible to rotate without a code change.
2mo ago security beginner
Weak Password Hash PHP 5.5+
Using MD5, SHA-1, or SHA-256 to hash passwords — fast algorithms designed for data integrity, not authentication, crackable in seconds with a GPU.
2mo ago security beginner
API Key Exposure
API keys committed to version control, logged, or exposed in client-side code can be harvested and abused by attackers.
CWE-312 OWASP A2:2021
2mo ago security beginner 9.1
Diagram: Brute Force Attack Brute Force Attack PHP 5.0+
Systematically trying every possible password or key until the correct one is found.
CWE-307 OWASP A7:2021
2mo ago security beginner 7.5
CVSS
Common Vulnerability Scoring System — a 0–10 numeric score representing the severity of a security vulnerability.
2mo ago security beginner
CWE
Common Weakness Enumeration — a community-maintained list of software weakness types with unique numeric IDs.
2mo ago security beginner
Denial of Service (DoS) PHP 5.0+
An attacker overwhelms a system with requests or exploits resource-exhaustion bugs to make it unavailable to legitimate users.
CWE-400 OWASP A5:2021
2mo ago security beginner 7.5
Directory Listing Enabled PHP 5.0+
A web server configured to show directory contents exposes file structure and sensitive files to unauthenticated visitors.
CWE-548 OWASP A5:2021
2mo ago security beginner 5.3
Forced Browsing PHP 5.0+
Accessing resources at predictable URLs that are not linked from the application's UI but lack proper authorisation checks.
CWE-425 OWASP A1:2021
2mo ago security beginner 7.5
Hardcoded Credentials
Secrets, passwords, or API keys embedded directly in source code can be extracted from repositories or compiled binaries.
CWE-798 OWASP A2:2021
2mo ago security beginner 9.8
HTML Injection PHP 5.0+
Unsanitised user input rendered as raw HTML allows attackers to inject arbitrary markup, defacing pages or phishing users.
CWE-80 OWASP A3:2021
2mo ago security beginner 6.1
HTTP Security Headers PHP 5.0+
A set of HTTP response headers that instruct browsers to enforce security policies, reducing XSS, clickjacking, and data leakage risks.
CWE-16 OWASP A5:2021
2mo ago security beginner
HTTP Strict Transport Security (HSTS) PHP 5.0+
A response header that instructs browsers to always connect via HTTPS for a specified duration, preventing protocol downgrade attacks.
CWE-319 OWASP A5:2021
2mo ago security beginner
Information Disclosure PHP 5.0+
Unintentional leakage of sensitive data — stack traces, version numbers, internal paths — aids attackers in crafting targeted exploits.
CWE-200 OWASP A5:2021
2mo ago security beginner 5.3
Insecure Cookie PHP 5.0+
Cookies without HttpOnly, Secure, and SameSite flags are vulnerable to theft via XSS, network interception, and CSRF.
CWE-1004 OWASP A2:2021
2mo ago security beginner 5.4
Open Redirect PHP 5.0+
A redirect destination taken from user input can send victims to attacker-controlled sites, enabling phishing.
CWE-601 OWASP A1:2021
2mo ago security beginner 6.1
OWASP Top 10 PHP 5.0+
The ten most critical web application security risk categories, published by OWASP and updated periodically.
2mo ago security beginner
Parameter Tampering
Modifying HTTP request parameters — query strings, POST fields, cookies, or hidden fields — to manipulate application business logic.
CWE-472 OWASP A1:2021
2mo ago security beginner 8.1
Salted Hashing PHP 5.5+
Prepending or appending a unique random value (salt) to each password before hashing, neutralising precomputed rainbow table attacks.
CWE-759 OWASP A2:2021
2mo ago security beginner
✓ schema.org compliant