CodeClarityLab / Glossary
Ctrl K
← CodeClarityLab Home
Browse by Category
+ added · updated 7d
⚖ Terms of Use

Security terms

9 terms of 1444 total

🔒 Defending code from the threats that never sleep

Security vulnerabilities do not announce themselves — they wait quietly in code that looks perfectly fine on the surface. This category covers attack vectors, defensive techniques, secure coding practices, and the mental models that help you think like an attacker before one finds you. From SQL injection and XSS to authentication flaws and cryptographic pitfalls, understanding these terms is not optional — it is professional responsibility.

Sort A → Z Recently Added Recently Updated Difficulty Most Viewed Most Rated Most Shared
Level All Beginner Intermediate Advanced
✕ Clear A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Insecure Deserialization
Deserializing attacker-controlled data can trigger arbitrary object construction and method calls — PHP's unserialize() with untrusted input enables remote code execution via gadget chains in the loaded class graph.
CWE-502 OWASP A8:2021
4w ago security advanced
Insecure Randomness PHP 7.0+
Using non-cryptographic random functions (rand(), mt_rand(), array_rand()) for security tokens — these are predictable and enable token forgery, session prediction, and CSRF bypass.
2mo ago security intermediate
Information Disclosure PHP 5.0+
Unintentional leakage of sensitive data — stack traces, version numbers, internal paths — aids attackers in crafting targeted exploits.
CWE-200 OWASP A5:2021
2mo ago security beginner 5.3
Insecure Cookie PHP 5.0+
Cookies without HttpOnly, Secure, and SameSite flags are vulnerable to theft via XSS, network interception, and CSRF.
CWE-1004 OWASP A2:2021
2mo ago security beginner 5.4
Insecure Deserialization PHP 5.0+
Untrusted data passed to unserialize() can trigger PHP magic methods and lead to remote code execution.
CWE-502 OWASP A8:2021
2mo ago security advanced 9.8
Insecure Password Reset Flow PHP 5.0+
Weaknesses in the password-reset mechanism allow attackers to take over accounts without knowing the original password.
CWE-640 OWASP A7:2021
2mo ago security intermediate 8.1
Insecure TLS / SSL PHP 5.0+
Use of deprecated SSL/TLS versions or weak cipher suites exposes encrypted traffic to interception or decryption attacks.
CWE-326 OWASP A2:2021
2mo ago security intermediate 7.4
Diagram: Insecure Direct Object Reference (IDOR) Insecure Direct Object Reference (IDOR) PHP 5.0+
A user accesses another user's data by changing an ID in a URL or request — no authorisation check performed.
CWE-639 OWASP A1:2021
2mo ago security intermediate 7.5
Insufficient Logging & Monitoring
Failure to log security events and monitor them allows attacks to go undetected and unresponded to.
CWE-778 OWASP A9:2021
2mo ago security beginner 6.5
✓ schema.org compliant