CodeClarityLab / Glossary
Ctrl K
← CodeClarityLab Home
Browse by Category
+ added · updated 7d
⚖ Terms of Use

Tag: security

91 terms of 1448 total · page 1 of 5

Sort A → Z Recently Added Recently Updated Difficulty Most Viewed Most Rated Most Shared
Level All Beginner Intermediate Advanced Tag: security
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
NoSQL Injection PHP 5.4+
Attacker-controlled input embedded into NoSQL queries (MongoDB, Redis, Couchbase) that subverts query intent — bypassing auth, exfiltrating data, or executing server-side code.
CWE-943 OWASP A3:2021
2w ago security intermediate 8.8
Server-Side Includes (SSI) Injection
Attacker-controlled SSI directives (`<!--#exec ... -->`) injected into pages parsed by Apache or another SSI-enabled server, achieving file disclosure or remote command execution.
CWE-97 OWASP A3:2021
2w ago security intermediate 9.8
Software Composition Analysis (SCA)
The practice and tooling for identifying all open-source and third-party components in a codebase, detecting known vulnerabilities (CVEs) in them, and flagging licence risks — distinct from static analysis of your own code.
4w ago security intermediate
Brute-Force Protection
Defences against automated credential-guessing attacks — rate limiting login attempts, account lockout, CAPTCHA, and multi-factor authentication to make guessing passwords computationally infeasible.
CWE-307 OWASP A7:2021
1mo ago security intermediate
OAuth 2.0
An authorisation framework that lets users grant third-party applications limited access to their resources without sharing passwords — using short-lived access tokens issued via defined flows for different client types.
CWE-287 OWASP A7:2021
1mo ago security intermediate
Dependency & Supply Chain Security
Protecting applications from malicious or vulnerable third-party packages — covering transitive dependencies, lock files, SRI hashes, CVE scanning, and supply chain attack vectors.
CWE-1357 OWASP A6:2021
1mo ago security intermediate
Mixed Content (HTTP on HTTPS)
When an HTTPS page loads resources (images, scripts, stylesheets) over HTTP — browsers block active mixed content and warn on passive, undermining the security of the HTTPS connection.
CWE-319
1mo ago security intermediate
PDO::ATTR_EMULATE_PREPARES PHP 5.1+
Controls whether PDO sends real prepared statements to the database or emulates them client-side in PHP.
CWE-89 OWASP A3:2021
2mo ago php intermediate
Diagram: AI Guardrails AI Guardrails
Runtime constraints and safety filters applied around LLM calls to detect, block, or rewrite inputs and outputs that are harmful, off-topic, or policy-violating.
2mo ago ai_ml intermediate
Diagram: OAuth 2.0 PKCE — Proof Key for Code Exchange OAuth 2.0 PKCE — Proof Key for Code Exchange PHP 7.0+
An OAuth 2.0 extension that prevents authorisation code interception attacks in public clients (SPAs, mobile apps) by binding each authorisation request to a cryptographic secret the client generates.
2mo ago cryptography intermediate
Diagram: TLS Certificate Lifecycle TLS Certificate Lifecycle
The end-to-end process of generating, validating, issuing, deploying, monitoring, and renewing a TLS certificate — and what breaks at each stage when it goes wrong.
2mo ago cryptography intermediate
Authentication PHP 7.0+
The process of verifying that a user is who they claim to be — typically by validating credentials (password, token, certificate) and establishing a session or issuing a signed token for subsequent requests.
2mo ago security intermediate
Authorisation PHP 7.0+
The process of determining what an authenticated user is permitted to do — checking permissions, roles, or policies before allowing access to a resource or action.
2mo ago security intermediate
Catastrophic Backtracking PHP 5.3+
A regex engine failure mode where certain patterns combined with specific inputs cause exponential backtracking, making the match take seconds or minutes — a common denial-of-service vector called ReDoS.
2mo ago regex intermediate
CORS — Cross-Origin Resource Sharing PHP 7.0+
A browser security mechanism that blocks JavaScript from making HTTP requests to a different origin — PHP APIs must send specific headers to allow cross-origin requests from permitted frontend origins.
2mo ago security intermediate
create_function() — The Dynamic Code Smell PHP 4.0+
create_function() created anonymous functions from strings — deprecated PHP 7.2, removed PHP 8. It used eval() internally, risked code injection, and was always replaceable with proper closures.
2mo ago php intermediate
mcrypt Deprecation — Migrate to OpenSSL PHP 5.0+
mcrypt was deprecated in PHP 7.1 and removed in PHP 7.2 — migrate all encryption to OpenSSL (openssl_encrypt) or libsodium (sodium_crypto_secretbox).
2mo ago php intermediate
register_globals Era & Why It Was Dangerous PHP 3.0+
PHP 4 shipped with register_globals=On by default — injecting GET/POST/COOKIE values as global variables, making PHP synonymous with insecurity until it was off-by-default in PHP 4.2.
2mo ago php intermediate
Remote Code Execution (RCE)
A vulnerability allowing an attacker to run arbitrary code on the server — the most severe class of web vulnerability, typically achieved through eval(), unserialise(), file upload flaws, or OS command injection.
2mo ago security intermediate
Role-Based Access Control (RBAC)
An authorisation model where permissions are assigned to roles, and roles are assigned to users — checking 'can this role perform this action?' rather than 'can this specific user?'
2mo ago security intermediate
✓ schema.org compliant