Security terms
Defending code from the threats that never sleep
Security vulnerabilities do not announce themselves — they wait quietly in code that looks perfectly fine on the surface. This category covers attack vectors, defensive techniques, secure coding practices, and the mental models that help you think like an attacker before one finds you. From SQL injection and XSS to authentication flaws and cryptographic pitfalls, understanding these terms is not optional — it is professional responsibility.
Remote Code Execution (RCE)
A vulnerability allowing an attacker to run arbitrary code on the server — the most severe class of web vulnerability, typically achieved through eval(), unserialise(), file upload flaws, or OS command injection.
2mo ago
security intermediate
Role-Based Access Control (RBAC)
An authorisation model where permissions are assigned to roles, and roles are assigned to users — checking 'can this role perform this action?' rather than 'can this specific user?'
2mo ago
security intermediate
register_globals Risk & Legacy Code PHP 3.0+
register_globals automatically created PHP variables from GET/POST/COOKIE data — removed in PHP 5.4. Legacy code using it is critically vulnerable to variable injection.
2mo ago
security intermediate
ReDoS (Regex Denial of Service)
A crafted input causes a regex with catastrophic backtracking to consume excessive CPU, making the application unresponsive.
CWE-1333 OWASP A5:2021
2mo ago
security intermediate
7.5
Remote File Inclusion (RFI) PHP 5.0+
An attacker tricks include() or require() into loading a PHP file from an attacker-controlled remote URL, achieving code execution.
CWE-98 OWASP A3:2021
2mo ago
security intermediate
9.8
Replay Attack PHP 5.0+
An attacker captures a valid request or authentication token and resubmits it later to gain unauthorised access or repeat an action.
CWE-294 OWASP A2:2021
2mo ago
security intermediate
7.5