CodeClarityLab / Glossary
Ctrl K
← Home ← Codex ← DEBT
Browse by Category
+ added · updated 7d
Pages
Terms of Use About Contribute 🧠Logic graph Contact

Security terms

160 terms of 1506 total · page 3 of 8

🤖 AI Guestbook — Security educational data only
| |
Last 30 days
22 pings — 2026-05-26 T 54 pings — 2026-05-27 W 165 pings — 2026-05-28 T 25 pings — 2026-05-29 F 22 pings — 2026-05-30 S 32 pings — 2026-05-31 S 34 pings — 2026-06-01 M 26 pings — 2026-06-02 T 88 pings — 2026-06-03 W 184 pings — 2026-06-04 T 308 pings — 2026-06-05 F 170 pings — 2026-06-06 S 344 pings — 2026-06-07 S 268 pings — 2026-06-08 M 194 pings — 2026-06-09 T 92 pings — 2026-06-10 W 66 pings — 2026-06-11 T 82 pings — 2026-06-12 F 62 pings — 2026-06-13 S 16 pings — 2026-06-14 S 32 pings — 2026-06-15 M 45 pings — 2026-06-16 T 35 pings — 2026-06-17 W 34 pings — 2026-06-18 T 50 pings — 2026-06-19 F 83 pings — 2026-06-20 S 103 pings — 2026-06-21 S 67 pings — 2026-06-22 M 49 pings — Yesterday T 54 pings — Today W
Agents 54
Claude 48SEMrush 3Google 1ChatGPT 1PetalBot 1
PetalBot 21ChatGPT 7SEMrush 5Bing 5Google 3Perplexity 3Ahrefs 3Sogou 2
Scrapy 1.4kAmazonbot 1.3kChatGPT 1.1kPerplexity 1kAhrefs 650Google 643SEMrush 553Unknown AI 301Claude 270Bing 233Meta AI 169PetalBot 156Majestic 71Sogou 50Qwen 24Common Crawl 1
Most referenced — Security
Local File Inclusion (LFI) 2Broken Access Control 2CRLF Injection 2PHAR Deserialization Attack 2Insecure Deserialization 2Server-Side Request Forgery (SSRF) 1Security Misconfiguration 1Type Juggling 1
Type Juggling 3Security Misconfiguration 2Authorisation 2CRLF Injection 2Second-Order SQL Injection 2Content Security Policy (CSP) 2Subresource Integrity (SRI) 2Insecure Deserialization 2
Type Juggling 199PHAR Deserialization Attack 191preg_replace /e Modifier (Removed) 171CRLF Injection 133File Extension Bypass 103SameSite Cookie Attribute 102Security Misconfiguration 98Information Disclosure 97
How they use it
crawler 7.2k crawler_json 580 pre-tracking 83
Category total7.9k pings Terms pinged160 / 160 Distinct agents15
Sort A → Z Recently Added Recently Updated Difficulty Most Viewed Most Rated Most Shared
DEBT Burden Trap Effort Detectability ↓ Desc ↑ Asc
Level All Beginner Intermediate Advanced
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Insecure Randomness PHP 7.0+
Using non-cryptographic random functions (rand(), mt_rand(), array_rand()) for security tokens — these are predictable and enable token forgery, session prediction, and CSRF bypass.
3mo ago Security intermediate
MIME Sniffing & X-Content-Type-Options PHP 5.0+
Browsers that sniff file content to guess MIME type can execute uploaded HTML/JavaScript files as scripts — X-Content-Type-Options: nosniff prevents this.
3mo ago Security intermediate
Missing CSRF Protection PHP 5.0+
A state-changing form or endpoint that lacks a CSRF token allows attackers to forge authenticated requests from any website the victim visits.
3mo ago Security intermediate
Package Typosquatting
Malicious packages published with names similar to popular ones (lodahs, requesst) hoping developers mistype — the package executes malicious code on install.
3mo ago Security intermediate
Secure File Downloads PHP 5.0+
Preventing path traversal, unauthorised access, and content injection when serving file downloads — validating paths, checking authorisation, and setting correct headers.
3mo ago Security intermediate
Sensitive Data in Logs PHP 7.0+
Logging passwords, tokens, credit card numbers, or PII — log aggregators store data indefinitely and are often less secured than primary databases.
3mo ago Security intermediate
Weak Password Hash PHP 5.5+ 🧠 1
Using MD5, SHA-1, or SHA-256 to hash passwords — fast algorithms designed for data integrity, not authentication, crackable in seconds with a GPU.
3mo ago Security beginner
Weak Random Function PHP 7.0+
Using rand(), mt_rand(), or array_rand() for security-sensitive values — these are predictable pseudo-random generators not suitable for tokens, keys, or passwords.
3mo ago Security intermediate
XML Signature Wrapping (XSW)
An attack on XML digital signatures where the attacker wraps the signed element in a new structure — the signature validates the original but the application processes the attacker's version.
3mo ago Security advanced
Diagram: Account Enumeration Account Enumeration PHP 5.0+ 🧠 1
Differing application responses to valid vs. invalid usernames allow attackers to build a list of registered accounts.
CWE-203 OWASP A2:2021
3mo ago Security intermediate 5.3
Diagram: Account Takeover (ATO) Account Takeover (ATO) PHP 5.0+ 🧠 9
An attacker gains full control of a user account through credential stuffing, phishing, session hijacking, or abusing password-reset flows.
CWE-287 OWASP A7:2021
3mo ago Security intermediate 9.8
API Key Exposure 🧠 2
API keys committed to version control, logged, or exposed in client-side code can be harvested and abused by attackers.
CWE-312 OWASP A2:2021
3mo ago Security beginner 9.1
Diagram: Arbitrary File Upload Arbitrary File Upload PHP 5.0+
Accepting file uploads without validating type, extension, and content can allow PHP shell uploads and RCE.
CWE-434 OWASP A4:2021
3mo ago Security intermediate 9.8
Diagram: Argon2 Password Hashing Argon2 Password Hashing PHP 7.2+ 🧠 3
The Password Hashing Competition winner (2015) — a memory-hard algorithm that resists GPU and ASIC brute-force attacks better than bcrypt.
OWASP A2:2021
3mo ago Security intermediate
Diagram: Attack Chain / Cyber Kill Chain Attack Chain / Cyber Kill Chain 🧠 3
A sequential model of cyberattack stages from reconnaissance to exfiltration — used to identify optimal detection and disruption points.
3mo ago Security advanced
Diagram: Broken Access Control Broken Access Control PHP 5.0+ 🧠 1
Failure to enforce what authenticated users are allowed to do — the #1 OWASP vulnerability, enabling privilege escalation and data exposure.
CWE-284 OWASP A1:2021
3mo ago Security intermediate 8.8
Diagram: Brute Force Attack Brute Force Attack PHP 5.0+ 🧠 1
Systematically trying every possible password or key until the correct one is found.
CWE-307 OWASP A7:2021
3mo ago Security beginner 7.5
Business Logic Vulnerability
Flaws in application workflow allow attackers to abuse legitimate features in unintended ways.
CWE-840 OWASP A4:2021
3mo ago Security advanced 7.5
Cache Poisoning PHP 5.0+
An attacker manipulates a cached response so that subsequent users receive malicious content served from the cache.
CWE-346 OWASP A4:2021
3mo ago Security advanced 8.1
Certificate Pinning
Hardcoding expected TLS certificate or public-key fingerprints in a client to prevent MITM even when a rogue CA issues a valid cert.
CWE-295 OWASP A7:2021
3mo ago Security advanced
✓ schema.org compliant