CodeClarityLab / Glossary
Ctrl K
← CodeClarityLab Home
Browse by Category
+ added · updated 7d
⚖ Terms of Use

Security terms

160 terms of 1444 total · page 2 of 8

🔒 Defending code from the threats that never sleep

Security vulnerabilities do not announce themselves — they wait quietly in code that looks perfectly fine on the surface. This category covers attack vectors, defensive techniques, secure coding practices, and the mental models that help you think like an attacker before one finds you. From SQL injection and XSS to authentication flaws and cryptographic pitfalls, understanding these terms is not optional — it is professional responsibility.

🤖 AI Guestbook — Security educational data only
| |
Last 30 days
32 pings — 2026-04-08 W 4 pings — 2026-04-09 T 32 pings — 2026-04-10 F 68 pings — 2026-04-11 S 51 pings — 2026-04-12 S 54 pings — 2026-04-13 M 11 pings — 2026-04-14 T 5 pings — 2026-04-15 W 10 pings — 2026-04-16 T 58 pings — 2026-04-17 F 53 pings — 2026-04-18 S 129 pings — 2026-04-19 S 49 pings — 2026-04-20 M 19 pings — 2026-04-21 T 46 pings — 2026-04-22 W 145 pings — 2026-04-23 T 97 pings — 2026-04-24 F 125 pings — 2026-04-25 S 54 pings — 2026-04-26 S 23 pings — 2026-04-27 M 45 pings — 2026-04-28 T 37 pings — 2026-04-29 W 76 pings — 2026-04-30 T 114 pings — 2026-05-01 F 107 pings — 2026-05-02 S 77 pings — 2026-05-03 S 36 pings — 2026-05-04 M 20 pings — 2026-05-05 T 27 pings — Yesterday W 89 pings — Today T
Agents 89
Amazonbot 9Perplexity 7ChatGPT 5Ahrefs 1
ChatGPT 7Amazonbot 2Perplexity 1
Amazonbot 1.1kPerplexity 907ChatGPT 724Google 440Ahrefs 302Unknown AI 292SEMrush 152Claude 73Majestic 45Qwen 11Meta AI 10
Most referenced — Security
Path Traversal 3Type Juggling 2preg_replace /e Modifier (Removed) 2MIME Sniffing & X-Content-Type-Options 22FA Bypass Techniques 2Business Logic Vulnerability 2Clickjacking & CSP frame-ancestors 2CRLF Injection 2
preg_replace /e Modifier (Removed) 7Type Juggling 2OWASP API Security Top 10 2DNS Rebinding Attack 2Command Injection 1Authorisation 1Account Enumeration 1Information Disclosure 1
Type Juggling 150PHAR Deserialization Attack 149preg_replace /e Modifier (Removed) 131CRLF Injection 92File Extension Bypass 75SameSite Cookie Attribute 74Information Disclosure 55JWT Vulnerabilities 55
How they use it
crawler 3.7k crawler_json 216 pre-tracking 83
Category total4k pings Terms pinged160 / 160 Distinct agents10
Sort A → Z Recently Added Recently Updated Difficulty Most Viewed Most Rated Most Shared
Level All Beginner Intermediate Advanced
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Role-Based Access Control (RBAC)
An authorisation model where permissions are assigned to roles, and roles are assigned to users — checking 'can this role perform this action?' rather than 'can this specific user?'
2mo ago security intermediate
Double URL Encoding Bypass PHP 4.0+
Filters operating on URL-decoded input miss double-encoded payloads — %2527 decodes to %27 which decodes to ' — always decode completely before filtering.
2mo ago security advanced
extract() Security Risk PHP 4.0+
extract() creates variables from an array in the current scope — using it on user input ($_POST, $_GET) allows attackers to overwrite any local variable.
2mo ago security intermediate
Object Cloning & Security Implications PHP 5.0+
clone creates a shallow copy — nested objects are still shared references. Implement __clone() for deep copy and audit what sensitive state gets duplicated.
2mo ago security intermediate
preg_replace /e Modifier (Removed) PHP 3.0+
The /e modifier in preg_replace() evaluated the replacement as PHP code — removed in PHP 7.0. Any legacy code using it is a critical RCE vulnerability.
2mo ago security advanced
register_globals Risk & Legacy Code PHP 3.0+
register_globals automatically created PHP variables from GET/POST/COOKIE data — removed in PHP 5.4. Legacy code using it is critically vulnerable to variable injection.
2mo ago security intermediate
Safe Mode Removal & Modern Alternatives PHP 4.0+
PHP's safe_mode was removed in PHP 5.4 — it provided false security. Modern alternatives are open_basedir, OS-level permissions, and containers.
2mo ago security intermediate
Stream Filter Injection via php:// wrapper PHP 5.0+
PHP stream wrappers (php://filter, php://input) combined with user-controlled filenames enable LFI-to-RCE escalation — never allow user input in file paths.
2mo ago security advanced
Type Coercion in Authentication Checks PHP 4.0+
PHP's loose comparison (==) coerces types — '0e123' == '0e456' (both 0 in scientific notation), and 0 == 'admin' — always use === for authentication comparisons.
2mo ago security advanced
Variable Variables ($$var) Risks PHP 3.0+
$$var creates a variable whose name is the value of $var — using it with user input allows arbitrary variable access/creation and is effectively a backdoor.
2mo ago security advanced
2FA Bypass Techniques PHP 5.0+
Common ways attackers circumvent two-factor authentication — SIM swapping, real-time phishing proxies, SS7 attacks, backup code theft, and session cookie hijacking after authentication.
2mo ago security advanced
Diagram: API Abuse Prevention API Abuse Prevention PHP 5.0+
Techniques to detect and block bots, scrapers, credential stuffing, and automated abuse — beyond basic rate limiting to behavioural and intelligence-based controls.
2mo ago security advanced
API Key Lifecycle Management
Generating, distributing, rotating, and revoking API keys securely — covering scoping, expiry, audit logging, and emergency revocation procedures.
2mo ago security intermediate
Business Logic Abuse
Exploiting flaws in application workflows rather than technical vulnerabilities — bypassing payment steps, abusing discount codes, manipulating quantity fields, or racing concurrent requests.
2mo ago security advanced
Cache-Timing Side-Channel Attacks PHP 5.6+
Attacks that infer secret information from response time differences — cached responses arrive faster than uncached ones, leaking whether a resource exists or a secret was correct.
2mo ago security advanced
Cookie Security Attributes PHP 7.3+
Modern cookie prefixes (__Host-, __Secure-) and the Partitioned attribute enforce strict security properties that cannot be overridden by JavaScript or subdomains.
2mo ago security advanced
Dependency Confusion Attack PHP 5.0+
An attacker publishes a public package with the same name as a private internal package — package managers may fetch the malicious public version instead of the private one.
2mo ago security advanced
Deserialization Gadget Chains PHP 5.0+
PHP object injection exploits that chain existing class methods (__wakeup, __destruct, __toString) to achieve remote code execution when unserialize() processes attacker-controlled data.
2mo ago security advanced
GraphQL Security PHP 7.0+
GraphQL's flexibility creates unique security challenges — introspection exposure, unbounded query depth, N+1 amplification, and injection through dynamic resolvers.
2mo ago security advanced
Hardcoded Credentials PHP 5.0+
Passwords, API keys, or tokens written directly into source code — permanently exposed to anyone with repository access and impossible to rotate without a code change.
2mo ago security beginner
✓ schema.org compliant