Browse by Category

+ added · ✎ updated 7d

⚖ Terms of Use

Security terms

9 terms of 1444 total

🔒 Defending code from the threats that never sleep

Security vulnerabilities do not announce themselves — they wait quietly in code that looks perfectly fine on the surface. This category covers attack vectors, defensive techniques, secure coding practices, and the mental models that help you think like an attacker before one finds you. From SQL injection and XSS to authentication flaws and cryptographic pitfalls, understanding these terms is not optional — it is professional responsibility.

Sort A → Z Recently Added Recently Updated Difficulty Most Viewed Most Rated Most Shared

Level All Beginner Intermediate Advanced

✕ Clear A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Attack where injected HTML elements with controlled `id` or `name` attributes overwrite JavaScript globals or document properties, weaponising script-less HTML injection into code execution.

CWE-79 OWASP A3:2021

1w ago security advanced 6.5

Dependency & Supply Chain Security

Protecting applications from malicious or vulnerable third-party packages — covering transitive dependencies, lock files, SRI hashes, CVE scanning, and supply chain attack vectors.

CWE-1357 OWASP A6:2021

1mo ago security intermediate

Double URL Encoding Bypass PHP 4.0+

Filters operating on URL-decoded input miss double-encoded payloads — %2527 decodes to %27 which decodes to ' — always decode completely before filtering.

2mo ago security advanced

Dependency Confusion Attack PHP 5.0+

An attacker publishes a public package with the same name as a private internal package — package managers may fetch the malicious public version instead of the private one.

2mo ago security advanced

Deserialization Gadget Chains PHP 5.0+

PHP object injection exploits that chain existing class methods (__wakeup, __destruct, __toString) to achieve remote code execution when unserialize() processes attacker-controlled data.

2mo ago security advanced

Denial of Service (DoS) PHP 5.0+

An attacker overwhelms a system with requests or exploits resource-exhaustion bugs to make it unavailable to legitimate users.

CWE-400 OWASP A5:2021

2mo ago security beginner 7.5

Directory Listing Enabled PHP 5.0+

A web server configured to show directory contents exposes file structure and sensitive files to unauthenticated visitors.

CWE-548 OWASP A5:2021

2mo ago security beginner 5.3

DNS Rebinding Attack PHP 5.0+

An attacker tricks a browser into associating their malicious domain with an internal IP, bypassing same-origin policy to reach internal services.

CWE-350 OWASP A1:2021

2mo ago security advanced 8.8

DOM-Based XSS ES5

Malicious script is injected and executed via the browser DOM without any server-side involvement.

CWE-79 OWASP A3:2021

2mo ago security intermediate 6.1

✓ schema.org compliant