Browse by Category

+ added · ✎ updated 7d

⚖ Terms of Use

Security terms

160 terms of 1444 total · page 8 of 8

🔒 Defending code from the threats that never sleep

Security vulnerabilities do not announce themselves — they wait quietly in code that looks perfectly fine on the surface. This category covers attack vectors, defensive techniques, secure coding practices, and the mental models that help you think like an attacker before one finds you. From SQL injection and XSS to authentication flaws and cryptographic pitfalls, understanding these terms is not optional — it is professional responsibility.

🤖 AI Guestbook — Security educational data only

| |

Last 30 days

Agents 89

Amazonbot 9Perplexity 7ChatGPT 5Ahrefs 1

ChatGPT 7Amazonbot 2Perplexity 1

Amazonbot 1.1kPerplexity 907ChatGPT 724Google 440Ahrefs 302Unknown AI 292SEMrush 152Claude 73Majestic 45Qwen 11Meta AI 10

How they use it

crawler 3.7k crawler_json 216 pre-tracking 83

Category total4k pings Terms pinged160 / 160 Distinct agents10

Sort A → Z Recently Added Recently Updated Difficulty Most Viewed Most Rated Most Shared

Level All Beginner Intermediate Advanced

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Timing Attack PHP 5.6+

Measuring how long a comparison takes reveals information about secret values — use hash_equals() to prevent it.

CWE-208 OWASP A2:2021

2mo ago security advanced 5.9

Diagram: Two-Factor Authentication (2FA)

Two-Factor Authentication (2FA) PHP 7.0+

Requiring a second verification factor (OTP, hardware key) in addition to a password dramatically reduces account takeover risk.

2mo ago security beginner

Type Juggling PHP 5.0+

PHP's loose comparison (==) can produce unexpected results — "0e123" == "0e456" is true, enabling auth bypasses.

CWE-704 OWASP A3:2021

2mo ago security intermediate 8.1

Unicode Normalisation Attack PHP 5.3+

Exploiting differences in Unicode normalisation forms to bypass input filters — two visually identical strings that differ at the byte level.

CWE-176 OWASP A3:2021

2mo ago security advanced 5.3

Weak Cryptography PHP 5.0+

Using MD5 or SHA1 for passwords or security tokens — both are cryptographically broken and trivially reversible.

CWE-327 OWASP A2:2021

2mo ago security intermediate 7.5

Weak Session ID PHP 5.0+

Session identifiers generated with insufficient entropy can be guessed or brute-forced, allowing session hijacking.

CWE-330 OWASP A2:2021

2mo ago security intermediate 8.1

Web Cache Deception

Tricking a cache into storing sensitive authenticated responses by appending a static-file-like suffix to a private URL.

CWE-524 OWASP A5:2021

2mo ago security advanced 7.5

XML Entity Expansion (Billion Laughs / XXE) PHP 5.0+

Denial-of-service via exponentially nested XML entities (Billion Laughs) or SSRF/file-read via external entity references (XXE).

CWE-611 OWASP A5:2021

2mo ago security intermediate 9.1

XML External Entity (XXE) PHP 5.0+

A vulnerable XML parser processes external entity references, letting attackers read local files or trigger SSRF.

CWE-611 OWASP A5:2021

2mo ago security advanced 8.2

XML Injection PHP 5.0+

Unsanitised user input injected into XML documents alters their structure, potentially corrupting data or enabling further attacks.

CWE-91 OWASP A3:2021

2mo ago security intermediate 7.5

XPath Injection PHP 5.0+

Unsanitised input manipulates XPath queries against XML documents, enabling data extraction or authentication bypass.

CWE-643 OWASP A3:2021

2mo ago security intermediate 7.5

Zero-Day Vulnerability

A security flaw unknown to the vendor with no available patch — attackers may have exploits in the wild before defenders can respond.

2mo ago security intermediate

Zip Slip PHP 5.0+

A path traversal attack via crafted archive filenames (e.g. ../../evil.php) that escape the extraction directory during unzip.

CWE-22 OWASP A1:2021

2mo ago security intermediate 8.1

Diagram: bcrypt

bcrypt PHP 5.5+

A deliberately slow password hashing algorithm designed to resist brute-force attacks by tunable computational cost.

CWE-327 OWASP A2:2021

2mo ago security intermediate

Diagram: Cross-Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) PHP 5.0+

A forged request tricks an authenticated user's browser into performing an unintended action on a site they're logged into.

CWE-352 OWASP A1:2021

2mo ago security intermediate 6.5

Diagram: Cross-Site Scripting (XSS)

Cross-Site Scripting (XSS) PHP 5.0+

User-supplied content rendered in the browser without escaping, allowing script injection into other users' sessions.

CWE-79 OWASP A3:2021

2mo ago security intermediate 6.1

Diagram: Insecure Direct Object Reference (IDOR)

Insecure Direct Object Reference (IDOR) PHP 5.0+

A user accesses another user's data by changing an ID in a URL or request — no authorisation check performed.

CWE-639 OWASP A1:2021

2mo ago security intermediate 7.5

Insufficient Logging & Monitoring

Failure to log security events and monitor them allows attacks to go undetected and unresponded to.

CWE-778 OWASP A9:2021

2mo ago security beginner 6.5

Diagram: Session Fixation

Session Fixation PHP 5.0+

An attacker forces a victim to use a known session ID, then hijacks their session after they authenticate.

CWE-384 OWASP A7:2021

2mo ago security intermediate 8.0

Diagram: SQL Injection

SQL Injection PHP 5.1+

Unsanitised user input inserted directly into a SQL query, letting attackers read, modify, or delete database data.

CWE-89 OWASP A3:2021

2mo ago security intermediate 9.8

← Prev 1 … 6 7 8

✓ schema.org compliant