Security terms

3 terms of 1444 total

🔒 Defending code from the threats that never sleep

Security vulnerabilities do not announce themselves — they wait quietly in code that looks perfectly fine on the surface. This category covers attack vectors, defensive techniques, secure coding practices, and the mental models that help you think like an attacker before one finds you. From SQL injection and XSS to authentication flaws and cryptographic pitfalls, understanding these terms is not optional — it is professional responsibility.

Sort A → Z Recently Added Recently Updated Difficulty Most Viewed Most Rated Most Shared

Level All Beginner Intermediate Advanced

✕ Clear A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

extract() Security Risk PHP 4.0+

extract() creates variables from an array in the current scope — using it on user input ($_POST, $_GET) allows attackers to overwrite any local variable.

2mo ago security intermediate

Email Header Injection PHP 5.0+

Injecting extra headers or recipients into mail() calls via unvalidated user input, enabling spam relay and phishing.

CWE-93 OWASP A3:2021

2mo ago security intermediate 6.5

Eval Injection PHP 5.0+

User input passed to eval() executes as PHP code, giving attackers full server-side code execution.

CWE-95 OWASP A3:2021

2mo ago security intermediate 9.8