Browse by Category

+ added · ✎ updated 7d

⚖ Terms of Use

Security terms

10 terms of 1444 total

🔒 Defending code from the threats that never sleep

Security vulnerabilities do not announce themselves — they wait quietly in code that looks perfectly fine on the surface. This category covers attack vectors, defensive techniques, secure coding practices, and the mental models that help you think like an attacker before one finds you. From SQL injection and XSS to authentication flaws and cryptographic pitfalls, understanding these terms is not optional — it is professional responsibility.

Sort A → Z Recently Added Recently Updated Difficulty Most Viewed Most Rated Most Shared

Level All Beginner Intermediate Advanced

✕ Clear A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Authentication PHP 7.0+

The process of verifying that a user is who they claim to be — typically by validating credentials (password, token, certificate) and establishing a session or issuing a signed token for subsequent requests.

2mo ago security intermediate

Authorisation PHP 7.0+

The process of determining what an authenticated user is permitted to do — checking permissions, roles, or policies before allowing access to a resource or action.

2mo ago security intermediate

Diagram: API Abuse Prevention

API Abuse Prevention PHP 5.0+

Techniques to detect and block bots, scrapers, credential stuffing, and automated abuse — beyond basic rate limiting to behavioural and intelligence-based controls.

2mo ago security advanced

API Key Lifecycle Management

Generating, distributing, rotating, and revoking API keys securely — covering scoping, expiry, audit logging, and emergency revocation procedures.

2mo ago security intermediate

Diagram: Account Enumeration

Account Enumeration PHP 5.0+

Differing application responses to valid vs. invalid usernames allow attackers to build a list of registered accounts.

CWE-203 OWASP A2:2021

2mo ago security intermediate 5.3

Diagram: Account Takeover (ATO)

Account Takeover (ATO) PHP 5.0+

An attacker gains full control of a user account through credential stuffing, phishing, session hijacking, or abusing password-reset flows.

CWE-287 OWASP A7:2021

2mo ago security intermediate 9.8

API Key Exposure

API keys committed to version control, logged, or exposed in client-side code can be harvested and abused by attackers.

CWE-312 OWASP A2:2021

2mo ago security beginner 9.1

Diagram: Arbitrary File Upload

Arbitrary File Upload PHP 5.0+

Accepting file uploads without validating type, extension, and content can allow PHP shell uploads and RCE.

CWE-434 OWASP A4:2021

2mo ago security intermediate 9.8

Diagram: Argon2 Password Hashing

Argon2 Password Hashing PHP 7.2+

The Password Hashing Competition winner (2015) — a memory-hard algorithm that resists GPU and ASIC brute-force attacks better than bcrypt.

2mo ago security intermediate

Diagram: Attack Chain / Cyber Kill Chain

Attack Chain / Cyber Kill Chain

A sequential model of cyberattack stages from reconnaissance to exfiltration — used to identify optimal detection and disruption points.

2mo ago security advanced

✓ schema.org compliant