CodeClarityLab / Glossary
Ctrl K
← Home ← Codex ← DEBT
Browse by Category
+ added · updated 7d
Pages
Terms of Use About Contribute 🧠Logic graph Contact

Security terms

160 terms of 1506 total · page 2 of 8

🤖 AI Guestbook — Security educational data only
| |
Last 30 days
22 pings — 2026-05-26 T 54 pings — 2026-05-27 W 165 pings — 2026-05-28 T 25 pings — 2026-05-29 F 22 pings — 2026-05-30 S 32 pings — 2026-05-31 S 34 pings — 2026-06-01 M 26 pings — 2026-06-02 T 88 pings — 2026-06-03 W 184 pings — 2026-06-04 T 308 pings — 2026-06-05 F 170 pings — 2026-06-06 S 344 pings — 2026-06-07 S 268 pings — 2026-06-08 M 194 pings — 2026-06-09 T 92 pings — 2026-06-10 W 66 pings — 2026-06-11 T 82 pings — 2026-06-12 F 62 pings — 2026-06-13 S 16 pings — 2026-06-14 S 32 pings — 2026-06-15 M 45 pings — 2026-06-16 T 35 pings — 2026-06-17 W 34 pings — 2026-06-18 T 50 pings — 2026-06-19 F 83 pings — 2026-06-20 S 103 pings — 2026-06-21 S 67 pings — 2026-06-22 M 49 pings — Yesterday T 54 pings — Today W
Agents 54
Claude 48SEMrush 3Google 1ChatGPT 1PetalBot 1
PetalBot 21ChatGPT 7SEMrush 5Bing 5Google 3Perplexity 3Ahrefs 3Sogou 2
Scrapy 1.4kAmazonbot 1.3kChatGPT 1.1kPerplexity 1kAhrefs 650Google 643SEMrush 553Unknown AI 301Claude 270Bing 233Meta AI 169PetalBot 156Majestic 71Sogou 50Qwen 24Common Crawl 1
Most referenced — Security
Local File Inclusion (LFI) 2Broken Access Control 2CRLF Injection 2PHAR Deserialization Attack 2Insecure Deserialization 2Server-Side Request Forgery (SSRF) 1Security Misconfiguration 1Type Juggling 1
Type Juggling 3Security Misconfiguration 2Authorisation 2CRLF Injection 2Second-Order SQL Injection 2Content Security Policy (CSP) 2Subresource Integrity (SRI) 2Insecure Deserialization 2
Type Juggling 199PHAR Deserialization Attack 191preg_replace /e Modifier (Removed) 171CRLF Injection 133File Extension Bypass 103SameSite Cookie Attribute 102Security Misconfiguration 98Information Disclosure 97
How they use it
crawler 7.2k crawler_json 580 pre-tracking 83
Category total7.9k pings Terms pinged160 / 160 Distinct agents15
Sort A → Z Recently Added Recently Updated Difficulty Most Viewed Most Rated Most Shared
DEBT Burden Trap Effort Detectability ↓ Desc ↑ Asc
Level All Beginner Intermediate Advanced
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Role-Based Access Control (RBAC) 🧠 3
An authorisation model where permissions are assigned to roles, and roles are assigned to users — checking 'can this role perform this action?' rather than 'can this specific user?'
3mo ago Security intermediate
Double URL Encoding Bypass PHP 4.0+
Filters operating on URL-decoded input miss double-encoded payloads — %2527 decodes to %27 which decodes to ' — always decode completely before filtering.
3mo ago Security advanced
extract() Security Risk PHP 4.0+
extract() creates variables from an array in the current scope — using it on user input ($_POST, $_GET) allows attackers to overwrite any local variable.
3mo ago Security intermediate
Object Cloning & Security Implications PHP 5.0+
clone creates a shallow copy — nested objects are still shared references. Implement __clone() for deep copy and audit what sensitive state gets duplicated.
3mo ago Security intermediate
preg_replace /e Modifier (Removed) PHP 3.0+
The /e modifier in preg_replace() evaluated the replacement as PHP code — removed in PHP 7.0. Any legacy code using it is a critical RCE vulnerability.
3mo ago Security advanced
register_globals Risk & Legacy Code PHP 3.0+
register_globals automatically created PHP variables from GET/POST/COOKIE data — removed in PHP 5.4. Legacy code using it is critically vulnerable to variable injection.
3mo ago Security intermediate
Safe Mode Removal & Modern Alternatives PHP 4.0+
PHP's safe_mode was removed in PHP 5.4 — it provided false security. Modern alternatives are open_basedir, OS-level permissions, and containers.
3mo ago Security intermediate
Stream Filter Injection via php:// wrapper PHP 5.0+
PHP stream wrappers (php://filter, php://input) combined with user-controlled filenames enable LFI-to-RCE escalation — never allow user input in file paths.
3mo ago Security advanced
Type Coercion in Authentication Checks PHP 4.0+
PHP's loose comparison (==) coerces types — '0e123' == '0e456' (both 0 in scientific notation), and 0 == 'admin' — always use === for authentication comparisons.
3mo ago Security advanced
Variable Variables ($$var) Risks PHP 3.0+
$$var creates a variable whose name is the value of $var — using it with user input allows arbitrary variable access/creation and is effectively a backdoor.
3mo ago Security advanced
2FA Bypass Techniques PHP 5.0+
Common ways attackers circumvent two-factor authentication — SIM swapping, real-time phishing proxies, SS7 attacks, backup code theft, and session cookie hijacking after authentication.
3mo ago Security advanced
Diagram: API Abuse Prevention API Abuse Prevention PHP 5.0+
Techniques to detect and block bots, scrapers, credential stuffing, and automated abuse — beyond basic rate limiting to behavioural and intelligence-based controls.
3mo ago Security advanced
API Key Lifecycle Management 🧠 4
Generating, distributing, rotating, and revoking API keys securely — covering scoping, expiry, audit logging, and emergency revocation procedures.
3mo ago Security intermediate
Business Logic Abuse
Exploiting flaws in application workflows rather than technical vulnerabilities — bypassing payment steps, abusing discount codes, manipulating quantity fields, or racing concurrent requests.
3mo ago Security advanced
Cache-Timing Side-Channel Attacks PHP 5.6+
Attacks that infer secret information from response time differences — cached responses arrive faster than uncached ones, leaking whether a resource exists or a secret was correct.
3mo ago Security advanced
Cookie Security Attributes PHP 7.3+
Modern cookie prefixes (__Host-, __Secure-) and the Partitioned attribute enforce strict security properties that cannot be overridden by JavaScript or subdomains.
3mo ago Security advanced
Dependency Confusion Attack PHP 5.0+
An attacker publishes a public package with the same name as a private internal package — package managers may fetch the malicious public version instead of the private one.
3mo ago Security advanced
Deserialization Gadget Chains PHP 5.0+
PHP object injection exploits that chain existing class methods (__wakeup, __destruct, __toString) to achieve remote code execution when unserialize() processes attacker-controlled data.
3mo ago Security advanced
GraphQL Security PHP 7.0+
GraphQL's flexibility creates unique security challenges — introspection exposure, unbounded query depth, N+1 amplification, and injection through dynamic resolvers.
3mo ago Security advanced
Hardcoded Credentials PHP 5.0+
Passwords, API keys, or tokens written directly into source code — permanently exposed to anyone with repository access and impossible to rotate without a code change.
3mo ago Security beginner
✓ schema.org compliant