Security terms

3 terms of 1444 total

🔒 Defending code from the threats that never sleep

Security vulnerabilities do not announce themselves — they wait quietly in code that looks perfectly fine on the surface. This category covers attack vectors, defensive techniques, secure coding practices, and the mental models that help you think like an attacker before one finds you. From SQL injection and XSS to authentication flaws and cryptographic pitfalls, understanding these terms is not optional — it is professional responsibility.

Sort A → Z Recently Added Recently Updated Difficulty Most Viewed Most Rated Most Shared

Level All Beginner Intermediate Advanced

✕ Clear A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

NoSQL Injection PHP 5.4+

Attacker-controlled input embedded into NoSQL queries (MongoDB, Redis, Couchbase) that subverts query intent — bypassing auth, exfiltrating data, or executing server-side code.

CWE-943 OWASP A3:2021

1w ago security intermediate 8.8

Null Byte in File Paths (Legacy PHP) PHP 3.0+

Null bytes (%00) in file paths truncated strings at the C level in PHP < 5.3.4 — PHP 5.3.4+ throws a warning, PHP 7 throws ValueError for NUL in paths.

2mo ago security advanced

Null Byte Injection PHP 5.0+

Inserting a %00 null byte into a filename or string can truncate it at the C layer, bypassing extension checks.

CWE-626 OWASP A3:2021

2mo ago security intermediate 7.5