Security terms
Defending code from the threats that never sleep
Security vulnerabilities do not announce themselves — they wait quietly in code that looks perfectly fine on the surface. This category covers attack vectors, defensive techniques, secure coding practices, and the mental models that help you think like an attacker before one finds you. From SQL injection and XSS to authentication flaws and cryptographic pitfalls, understanding these terms is not optional — it is professional responsibility.
Brute-Force Protection
Defences against automated credential-guessing attacks — rate limiting login attempts, account lockout, CAPTCHA, and multi-factor authentication to make guessing passwords computationally infeasible.
CWE-307 OWASP A7:2021
4w ago
security intermediate
Business Logic Abuse
Exploiting flaws in application workflows rather than technical vulnerabilities — bypassing payment steps, abusing discount codes, manipulating quantity fields, or racing concurrent requests.
2mo ago
security advanced
Broken Access Control PHP 5.0+ Failure to enforce what authenticated users are allowed to do — the #1 OWASP vulnerability, enabling privilege escalation and data exposure.
CWE-284 OWASP A1:2021
2mo ago
security intermediate
8.8
Brute Force Attack PHP 5.0+ Systematically trying every possible password or key until the correct one is found.
CWE-307 OWASP A7:2021
2mo ago
security beginner
7.5
Business Logic Vulnerability
Flaws in application workflow allow attackers to abuse legitimate features in unintended ways.
CWE-840 OWASP A4:2021
2mo ago
security advanced
7.5
bcrypt PHP 5.5+ A deliberately slow password hashing algorithm designed to resist brute-force attacks by tunable computational cost.
CWE-327 OWASP A2:2021
2mo ago
security intermediate