Browse by Category

+ added · ✎ updated 7d

⚖ Terms of Use

Security terms

13 terms of 1444 total

🔒 Defending code from the threats that never sleep

Security vulnerabilities do not announce themselves — they wait quietly in code that looks perfectly fine on the surface. This category covers attack vectors, defensive techniques, secure coding practices, and the mental models that help you think like an attacker before one finds you. From SQL injection and XSS to authentication flaws and cryptographic pitfalls, understanding these terms is not optional — it is professional responsibility.

Sort A → Z Recently Added Recently Updated Difficulty Most Viewed Most Rated Most Shared

Level All Beginner Intermediate Advanced

✕ Clear A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

HTTP over TLS — encrypts all traffic between browser and server, preventing eavesdropping, man-in-the-middle attacks, and tampering. Required for cookies, modern APIs, and all production web applications.

2mo ago security beginner

Hardcoded Credentials PHP 5.0+

Passwords, API keys, or tokens written directly into source code — permanently exposed to anyone with repository access and impossible to rotate without a code change.

2mo ago security beginner

Hardcoded Credentials

Secrets, passwords, or API keys embedded directly in source code can be extracted from repositories or compiled binaries.

CWE-798 OWASP A2:2021

2mo ago security beginner 9.8

Header Injection PHP 5.0+

User input included in an HTTP response header without stripping newlines enables response splitting and redirect hijacking.

CWE-113 OWASP A3:2021

2mo ago security intermediate 6.1

HMAC (Hash-based Message Authentication Code) PHP 5.1+

A keyed hash that verifies both the integrity and authenticity of a message — only someone with the secret key can produce or verify it.

2mo ago security intermediate

Host Header Injection PHP 5.0+

A manipulated HTTP Host header is used by the application to generate URLs, enabling cache poisoning, password-reset hijacking, or SSRF.

CWE-116 OWASP A3:2021

2mo ago security intermediate 7.5

HTML Injection PHP 5.0+

Unsanitised user input rendered as raw HTML allows attackers to inject arbitrary markup, defacing pages or phishing users.

CWE-80 OWASP A3:2021

2mo ago security beginner 6.1

HTTP Parameter Pollution PHP 5.0+

Submitting duplicate HTTP parameters exploits inconsistencies in how servers and applications parse repeated keys.

CWE-235 OWASP A3:2021

2mo ago security intermediate 6.5

HTTP Request Smuggling

Desynchronising front-end and back-end HTTP parsing via conflicting Content-Length and Transfer-Encoding headers to poison request queues.

CWE-444 OWASP A5:2021

2mo ago security advanced 9.8

HTTP Response Splitting PHP 5.0+

Injecting CRLF sequences into HTTP headers causes the server to emit two separate responses, enabling cache poisoning and XSS.

CWE-113 OWASP A3:2021

2mo ago security advanced 6.1

HTTP Security Headers PHP 5.0+

A set of HTTP response headers that instruct browsers to enforce security policies, reducing XSS, clickjacking, and data leakage risks.

CWE-16 OWASP A5:2021

2mo ago security beginner

HTTP Security Headers Checklist

A set of response headers that instruct browsers to enforce security policies — CSP, HSTS, X-Frame-Options, X-Content-Type-Options, and Permissions-Policy.

2mo ago security intermediate

HTTP Strict Transport Security (HSTS) PHP 5.0+

A response header that instructs browsers to always connect via HTTPS for a specified duration, preventing protocol downgrade attacks.

CWE-319 OWASP A5:2021

2mo ago security beginner

✓ schema.org compliant