CodeClarityLab / Glossary
Ctrl K
← CodeClarityLab Home
Browse by Category
+ added · updated 7d
⚖ Terms of Use

Security terms

89 terms of 1448 total · page 5 of 5

🔒 Defending code from the threats that never sleep

Security vulnerabilities do not announce themselves — they wait quietly in code that looks perfectly fine on the surface. This category covers attack vectors, defensive techniques, secure coding practices, and the mental models that help you think like an attacker before one finds you. From SQL injection and XSS to authentication flaws and cryptographic pitfalls, understanding these terms is not optional — it is professional responsibility.

Sort A → Z Recently Added Recently Updated Difficulty Most Viewed Most Rated Most Shared
Level All Beginner Intermediate Advanced
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
XPath Injection PHP 5.0+
Unsanitised input manipulates XPath queries against XML documents, enabling data extraction or authentication bypass.
CWE-643 OWASP A3:2021
2mo ago security intermediate 7.5
Zero-Day Vulnerability
A security flaw unknown to the vendor with no available patch — attackers may have exploits in the wild before defenders can respond.
2mo ago security intermediate
Zip Slip PHP 5.0+
A path traversal attack via crafted archive filenames (e.g. ../../evil.php) that escape the extraction directory during unzip.
CWE-22 OWASP A1:2021
2mo ago security intermediate 8.1
Diagram: bcrypt bcrypt PHP 5.5+
A deliberately slow password hashing algorithm designed to resist brute-force attacks by tunable computational cost.
CWE-327 OWASP A2:2021
2mo ago security intermediate
Diagram: Cross-Site Request Forgery (CSRF) Cross-Site Request Forgery (CSRF) PHP 5.0+
A forged request tricks an authenticated user's browser into performing an unintended action on a site they're logged into.
CWE-352 OWASP A1:2021
2mo ago security intermediate 6.5
Diagram: Cross-Site Scripting (XSS) Cross-Site Scripting (XSS) PHP 5.0+
User-supplied content rendered in the browser without escaping, allowing script injection into other users' sessions.
CWE-79 OWASP A3:2021
2mo ago security intermediate 6.1
Diagram: Insecure Direct Object Reference (IDOR) Insecure Direct Object Reference (IDOR) PHP 5.0+
A user accesses another user's data by changing an ID in a URL or request — no authorisation check performed.
CWE-639 OWASP A1:2021
2mo ago security intermediate 7.5
Diagram: Session Fixation Session Fixation PHP 5.0+
An attacker forces a victim to use a known session ID, then hijacks their session after they authenticate.
CWE-384 OWASP A7:2021
2mo ago security intermediate 8.0
Diagram: SQL Injection SQL Injection PHP 5.1+
Unsanitised user input inserted directly into a SQL query, letting attackers read, modify, or delete database data.
CWE-89 OWASP A3:2021
2mo ago security intermediate 9.8
✓ schema.org compliant