CodeClarityLab / Glossary
Ctrl K
← CodeClarityLab Home
Browse by Category
+ added · updated 7d
⚖ Terms of Use

Security terms

12 terms of 1444 total

🔒 Defending code from the threats that never sleep

Security vulnerabilities do not announce themselves — they wait quietly in code that looks perfectly fine on the surface. This category covers attack vectors, defensive techniques, secure coding practices, and the mental models that help you think like an attacker before one finds you. From SQL injection and XSS to authentication flaws and cryptographic pitfalls, understanding these terms is not optional — it is professional responsibility.

Sort A → Z Recently Added Recently Updated Difficulty Most Viewed Most Rated Most Shared
Level All Beginner Intermediate Advanced
✕ Clear A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Prompt Injection Attacks (LLM Security)
An attack where malicious instructions embedded in user input or retrieved content override an LLM's system prompt — causing it to ignore its instructions, reveal confidential information, or take unintended actions.
2mo ago security advanced
preg_replace /e Modifier (Removed) PHP 3.0+
The /e modifier in preg_replace() evaluated the replacement as PHP code — removed in PHP 7.0. Any legacy code using it is a critical RCE vulnerability.
2mo ago security advanced
Package Typosquatting
Malicious packages published with names similar to popular ones (lodahs, requesst) hoping developers mistype — the package executes malicious code on install.
2mo ago security intermediate
Parameter Tampering
Modifying HTTP request parameters — query strings, POST fields, cookies, or hidden fields — to manipulate application business logic.
CWE-472 OWASP A1:2021
2mo ago security beginner 8.1
Password Peppering PHP 5.5+
A secret server-side value mixed into passwords before hashing — database theft alone is insufficient; the pepper must also be compromised.
OWASP A2:2021
2mo ago security intermediate
Path Normalisation Bypass PHP 5.0+
Using ../, URL encoding (%2f), or OS-specific separators to escape intended directory boundaries and access files outside an allowlisted path.
CWE-22 OWASP A1:2021
2mo ago security intermediate 7.5
Diagram: Path Traversal Path Traversal PHP 5.0+
User input used in a file path allows attackers to navigate outside the intended directory using ../ sequences.
CWE-22 OWASP A3:2021
2mo ago security intermediate 7.5
PHAR Deserialization Attack PHP 5.0+
PHP's phar:// stream wrapper triggers deserialization of PHAR metadata on any file operation, enabling PHP object injection without unserialize().
CWE-502 OWASP A8:2021
2mo ago security advanced 9.8
PHP Object Injection PHP 5.0+
Passing attacker-controlled data to unserialize() triggers magic methods on existing classes, enabling code execution, file deletion, or SSRF.
CWE-502 OWASP A8:2021
2mo ago security advanced 9.8
Predictable Token PHP 7.0+
Tokens generated with md5(time()) or rand() are trivially guessable because their entropy source is predictable.
CWE-338 OWASP A2:2021
2mo ago security intermediate 7.5
Privilege Escalation PHP 5.0+
A flaw that lets a lower-privileged user gain higher access — e.g. reading an admin role from a URL parameter.
CWE-269 OWASP A1:2021
2mo ago security intermediate 8.8
Prototype Pollution ES5
An attacker injects properties into JavaScript's Object.prototype, affecting all objects in the application.
CWE-1321 OWASP A3:2021
2mo ago security advanced 8.1
✓ schema.org compliant