CodeClarityLab / Glossary
Ctrl K
← Home ← Codex ← DEBT
Browse by Category
+ added · updated 7d
Pages
Terms of Use About Contribute 🧠Logic graph Contact

Security terms

160 terms of 1506 total · page 8 of 8

🤖 AI Guestbook — Security educational data only
| |
Last 30 days
22 pings — 2026-05-26 T 54 pings — 2026-05-27 W 165 pings — 2026-05-28 T 25 pings — 2026-05-29 F 22 pings — 2026-05-30 S 32 pings — 2026-05-31 S 34 pings — 2026-06-01 M 26 pings — 2026-06-02 T 88 pings — 2026-06-03 W 184 pings — 2026-06-04 T 308 pings — 2026-06-05 F 170 pings — 2026-06-06 S 344 pings — 2026-06-07 S 268 pings — 2026-06-08 M 194 pings — 2026-06-09 T 92 pings — 2026-06-10 W 66 pings — 2026-06-11 T 82 pings — 2026-06-12 F 62 pings — 2026-06-13 S 16 pings — 2026-06-14 S 32 pings — 2026-06-15 M 45 pings — 2026-06-16 T 35 pings — 2026-06-17 W 34 pings — 2026-06-18 T 50 pings — 2026-06-19 F 83 pings — 2026-06-20 S 103 pings — 2026-06-21 S 67 pings — 2026-06-22 M 49 pings — Yesterday T 54 pings — Today W
Agents 54
Claude 48SEMrush 3Google 1ChatGPT 1PetalBot 1
PetalBot 21ChatGPT 7SEMrush 5Bing 5Google 3Perplexity 3Ahrefs 3Sogou 2
Scrapy 1.4kAmazonbot 1.3kChatGPT 1.1kPerplexity 1kAhrefs 650Google 643SEMrush 553Unknown AI 301Claude 270Bing 233Meta AI 169PetalBot 156Majestic 71Sogou 50Qwen 24Common Crawl 1
Most referenced — Security
Local File Inclusion (LFI) 2Broken Access Control 2CRLF Injection 2PHAR Deserialization Attack 2Insecure Deserialization 2Server-Side Request Forgery (SSRF) 1Security Misconfiguration 1Type Juggling 1
Type Juggling 3Security Misconfiguration 2Authorisation 2CRLF Injection 2Second-Order SQL Injection 2Content Security Policy (CSP) 2Subresource Integrity (SRI) 2Insecure Deserialization 2
Type Juggling 199PHAR Deserialization Attack 191preg_replace /e Modifier (Removed) 171CRLF Injection 133File Extension Bypass 103SameSite Cookie Attribute 102Security Misconfiguration 98Information Disclosure 97
How they use it
crawler 7.2k crawler_json 580 pre-tracking 83
Category total7.9k pings Terms pinged160 / 160 Distinct agents15
Sort A → Z Recently Added Recently Updated Difficulty Most Viewed Most Rated Most Shared
DEBT Burden Trap Effort Detectability ↓ Desc ↑ Asc
Level All Beginner Intermediate Advanced
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Timing Attack PHP 5.6+ 🧠 1
Measuring how long a comparison takes reveals information about secret values — use hash_equals() to prevent it.
CWE-208 OWASP A2:2021
3mo ago Security advanced 5.9
Diagram: Two-Factor Authentication (2FA) Two-Factor Authentication (2FA) PHP 7.0+ 🧠 3
Requiring a second verification factor (OTP, hardware key) in addition to a password dramatically reduces account takeover risk.
OWASP A7:2021
3mo ago Security beginner
Type Juggling PHP 5.0+ 🧠 2
PHP's loose comparison (==) can produce unexpected results — "0e123" == "0e456" is true, enabling auth bypasses.
CWE-704 OWASP A3:2021
3mo ago Security intermediate 8.1
Unicode Normalisation Attack PHP 5.3+ 🧠 1
Exploiting differences in Unicode normalisation forms to bypass input filters — two visually identical strings that differ at the byte level.
CWE-176 OWASP A3:2021
3mo ago Security advanced 5.3
Weak Cryptography PHP 5.0+ 🧠 1
Using MD5 or SHA1 for passwords or security tokens — both are cryptographically broken and trivially reversible.
CWE-327 OWASP A2:2021
3mo ago Security intermediate 7.5
Weak Session ID PHP 5.0+
Session identifiers generated with insufficient entropy can be guessed or brute-forced, allowing session hijacking.
CWE-330 OWASP A2:2021
3mo ago Security intermediate 8.1
Web Cache Deception
Tricking a cache into storing sensitive authenticated responses by appending a static-file-like suffix to a private URL.
CWE-524 OWASP A5:2021
3mo ago Security advanced 7.5
XML Entity Expansion (Billion Laughs / XXE) PHP 5.0+
Denial-of-service via exponentially nested XML entities (Billion Laughs) or SSRF/file-read via external entity references (XXE).
CWE-611 OWASP A5:2021
3mo ago Security intermediate 9.1
XML External Entity (XXE) PHP 5.0+ 🧠 1
A vulnerable XML parser processes external entity references, letting attackers read local files or trigger SSRF.
CWE-611 OWASP A5:2021
3mo ago Security advanced 8.2
XML Injection PHP 5.0+ 🧠 1
Unsanitised user input injected into XML documents alters their structure, potentially corrupting data or enabling further attacks.
CWE-91 OWASP A3:2021
3mo ago Security intermediate 7.5
XPath Injection PHP 5.0+ 🧠 3
Unsanitised input manipulates XPath queries against XML documents, enabling data extraction or authentication bypass.
CWE-643 OWASP A3:2021
3mo ago Security intermediate 7.5
Zero-Day Vulnerability
A security flaw unknown to the vendor with no available patch — attackers may have exploits in the wild before defenders can respond.
3mo ago Security intermediate
Zip Slip PHP 5.0+
A path traversal attack via crafted archive filenames (e.g. ../../evil.php) that escape the extraction directory during unzip.
CWE-22 OWASP A1:2021
3mo ago Security intermediate 8.1
Diagram: bcrypt bcrypt PHP 5.5+ 🧠 1
A deliberately slow password hashing algorithm designed to resist brute-force attacks by tunable computational cost.
CWE-327 OWASP A2:2021
3mo ago Security intermediate
Diagram: Cross-Site Request Forgery (CSRF) Cross-Site Request Forgery (CSRF) PHP 5.0+ 🧠 3
A forged request tricks an authenticated user's browser into performing an unintended action on a site they're logged into.
CWE-352 OWASP A1:2021
3mo ago Security intermediate 6.5
Diagram: Cross-Site Scripting (XSS) Cross-Site Scripting (XSS) PHP 5.0+ 🧠 2
User-supplied content rendered in the browser without escaping, allowing script injection into other users' sessions.
CWE-79 OWASP A3:2021
3mo ago Security intermediate 6.1
Diagram: Insecure Direct Object Reference (IDOR) Insecure Direct Object Reference (IDOR) PHP 5.0+ 🧠 1
A user accesses another user's data by changing an ID in a URL or request — no authorisation check performed.
CWE-639 OWASP A1:2021
3mo ago Security intermediate 7.5
Insufficient Logging & Monitoring
Failure to log security events and monitor them allows attacks to go undetected and unresponded to.
CWE-778 OWASP A9:2021
3mo ago Security beginner 6.5
Diagram: Session Fixation Session Fixation PHP 5.0+ 🧠 1
An attacker forces a victim to use a known session ID, then hijacks their session after they authenticate.
CWE-384 OWASP A7:2021
3mo ago Security intermediate 8.0
Diagram: SQL Injection SQL Injection PHP 5.1+ 🧠 4
Unsanitised user input inserted directly into a SQL query, letting attackers read, modify, or delete database data.
CWE-89 OWASP A3:2021
3mo ago Security intermediate 9.8
✓ schema.org compliant