Security terms
Defending code from the threats that never sleep
Security vulnerabilities do not announce themselves — they wait quietly in code that looks perfectly fine on the surface. This category covers attack vectors, defensive techniques, secure coding practices, and the mental models that help you think like an attacker before one finds you. From SQL injection and XSS to authentication flaws and cryptographic pitfalls, understanding these terms is not optional — it is professional responsibility.
Mixed Content (HTTP on HTTPS)
When an HTTPS page loads resources (images, scripts, stylesheets) over HTTP — browsers block active mixed content and warn on passive, undermining the security of the HTTPS connection.
CWE-319
1mo ago
security intermediate
MIME Sniffing & X-Content-Type-Options PHP 5.0+
Browsers that sniff file content to guess MIME type can execute uploaded HTML/JavaScript files as scripts — X-Content-Type-Options: nosniff prevents this.
2mo ago
security intermediate
Missing CSRF Protection PHP 5.0+
A state-changing form or endpoint that lacks a CSRF token allows attackers to forge authenticated requests from any website the victim visits.
2mo ago
security intermediate
Man-in-the-Middle Attack (MitM) PHP 5.0+ An attacker secretly intercepts and potentially alters communications between two parties who believe they are communicating directly.
CWE-300 OWASP A2:2021
2mo ago
security intermediate
7.4
Mass Assignment PHP 5.0+
Blindly binding all user-submitted fields to a model allows attackers to set fields they should not control.
CWE-915 OWASP A1:2021
2mo ago
security intermediate
8.1