Browse by Category

+ added · ✎ updated 7d

⚖ Terms of Use

Security terms

5 terms of 1444 total

🔒 Defending code from the threats that never sleep

Security vulnerabilities do not announce themselves — they wait quietly in code that looks perfectly fine on the surface. This category covers attack vectors, defensive techniques, secure coding practices, and the mental models that help you think like an attacker before one finds you. From SQL injection and XSS to authentication flaws and cryptographic pitfalls, understanding these terms is not optional — it is professional responsibility.

Sort A → Z Recently Added Recently Updated Difficulty Most Viewed Most Rated Most Shared

Level All Beginner Intermediate Advanced

✕ Clear A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

XML Signature Wrapping (XSW)

An attack on XML digital signatures where the attacker wraps the signed element in a new structure — the signature validates the original but the application processes the attacker's version.

2mo ago security advanced

XML Entity Expansion (Billion Laughs / XXE) PHP 5.0+

Denial-of-service via exponentially nested XML entities (Billion Laughs) or SSRF/file-read via external entity references (XXE).

CWE-611 OWASP A5:2021

2mo ago security intermediate 9.1

XML External Entity (XXE) PHP 5.0+

A vulnerable XML parser processes external entity references, letting attackers read local files or trigger SSRF.

CWE-611 OWASP A5:2021

2mo ago security advanced 8.2

XML Injection PHP 5.0+

Unsanitised user input injected into XML documents alters their structure, potentially corrupting data or enabling further attacks.

CWE-91 OWASP A3:2021

2mo ago security intermediate 7.5

XPath Injection PHP 5.0+

Unsanitised input manipulates XPath queries against XML documents, enabling data extraction or authentication bypass.

CWE-643 OWASP A3:2021

2mo ago security intermediate 7.5

✓ schema.org compliant