Browse by Category

+ added · ✎ updated 7d

⚖ Terms of Use

Security terms

160 terms of 1444 total · page 3 of 8

🔒 Defending code from the threats that never sleep

Security vulnerabilities do not announce themselves — they wait quietly in code that looks perfectly fine on the surface. This category covers attack vectors, defensive techniques, secure coding practices, and the mental models that help you think like an attacker before one finds you. From SQL injection and XSS to authentication flaws and cryptographic pitfalls, understanding these terms is not optional — it is professional responsibility.

🤖 AI Guestbook — Security educational data only

| |

Last 30 days

Agents 89

Amazonbot 9Perplexity 7ChatGPT 5Ahrefs 1

ChatGPT 7Amazonbot 2Perplexity 1

Amazonbot 1.1kPerplexity 907ChatGPT 724Google 440Ahrefs 302Unknown AI 292SEMrush 152Claude 73Majestic 45Qwen 11Meta AI 10

How they use it

crawler 3.7k crawler_json 216 pre-tracking 83

Category total4k pings Terms pinged160 / 160 Distinct agents10

Sort A → Z Recently Added Recently Updated Difficulty Most Viewed Most Rated Most Shared

Level All Beginner Intermediate Advanced

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Insecure Randomness PHP 7.0+

Using non-cryptographic random functions (rand(), mt_rand(), array_rand()) for security tokens — these are predictable and enable token forgery, session prediction, and CSRF bypass.

2mo ago security intermediate

MIME Sniffing & X-Content-Type-Options PHP 5.0+

Browsers that sniff file content to guess MIME type can execute uploaded HTML/JavaScript files as scripts — X-Content-Type-Options: nosniff prevents this.

2mo ago security intermediate

Missing CSRF Protection PHP 5.0+

A state-changing form or endpoint that lacks a CSRF token allows attackers to forge authenticated requests from any website the victim visits.

2mo ago security intermediate

Package Typosquatting

Malicious packages published with names similar to popular ones (lodahs, requesst) hoping developers mistype — the package executes malicious code on install.

2mo ago security intermediate

Secure File Downloads PHP 5.0+

Preventing path traversal, unauthorised access, and content injection when serving file downloads — validating paths, checking authorisation, and setting correct headers.

2mo ago security intermediate

Sensitive Data in Logs PHP 7.0+

Logging passwords, tokens, credit card numbers, or PII — log aggregators store data indefinitely and are often less secured than primary databases.

2mo ago security intermediate

Weak Password Hash PHP 5.5+

Using MD5, SHA-1, or SHA-256 to hash passwords — fast algorithms designed for data integrity, not authentication, crackable in seconds with a GPU.

2mo ago security beginner

Weak Random Function PHP 7.0+

Using rand(), mt_rand(), or array_rand() for security-sensitive values — these are predictable pseudo-random generators not suitable for tokens, keys, or passwords.

2mo ago security intermediate

XML Signature Wrapping (XSW)

An attack on XML digital signatures where the attacker wraps the signed element in a new structure — the signature validates the original but the application processes the attacker's version.

2mo ago security advanced

Diagram: Account Enumeration

Account Enumeration PHP 5.0+

Differing application responses to valid vs. invalid usernames allow attackers to build a list of registered accounts.

CWE-203 OWASP A2:2021

2mo ago security intermediate 5.3

Diagram: Account Takeover (ATO)

Account Takeover (ATO) PHP 5.0+

An attacker gains full control of a user account through credential stuffing, phishing, session hijacking, or abusing password-reset flows.

CWE-287 OWASP A7:2021

2mo ago security intermediate 9.8

API Key Exposure

API keys committed to version control, logged, or exposed in client-side code can be harvested and abused by attackers.

CWE-312 OWASP A2:2021

2mo ago security beginner 9.1

Diagram: Arbitrary File Upload

Arbitrary File Upload PHP 5.0+

Accepting file uploads without validating type, extension, and content can allow PHP shell uploads and RCE.

CWE-434 OWASP A4:2021

2mo ago security intermediate 9.8

Diagram: Argon2 Password Hashing

Argon2 Password Hashing PHP 7.2+

The Password Hashing Competition winner (2015) — a memory-hard algorithm that resists GPU and ASIC brute-force attacks better than bcrypt.

2mo ago security intermediate

Diagram: Attack Chain / Cyber Kill Chain

Attack Chain / Cyber Kill Chain

A sequential model of cyberattack stages from reconnaissance to exfiltration — used to identify optimal detection and disruption points.

2mo ago security advanced

Diagram: Broken Access Control

Broken Access Control PHP 5.0+

Failure to enforce what authenticated users are allowed to do — the #1 OWASP vulnerability, enabling privilege escalation and data exposure.

CWE-284 OWASP A1:2021

2mo ago security intermediate 8.8

Diagram: Brute Force Attack

Brute Force Attack PHP 5.0+

Systematically trying every possible password or key until the correct one is found.

CWE-307 OWASP A7:2021

2mo ago security beginner 7.5

Business Logic Vulnerability

Flaws in application workflow allow attackers to abuse legitimate features in unintended ways.

CWE-840 OWASP A4:2021

2mo ago security advanced 7.5

Cache Poisoning PHP 5.0+

An attacker manipulates a cached response so that subsequent users receive malicious content served from the cache.

CWE-346 OWASP A4:2021

2mo ago security advanced 8.1

Certificate Pinning

Hardcoding expected TLS certificate or public-key fingerprints in a client to prevent MITM even when a rogue CA issues a valid cert.

CWE-295 OWASP A7:2021

2mo ago security advanced

← Prev 1 2 3 4 5 … 8 Next →

✓ schema.org compliant