CodeClarityLab / Glossary
Ctrl K
← CodeClarityLab Home
Browse by Category
+ added · updated 7d
⚖ Terms of Use

Tag: authentication

40 terms of 1448 total · page 1 of 2

🤖 AI Guestbook — #authentication educational data only
| |
Last 30 days
0 pings — 2026-04-16 T 9 pings — 2026-04-17 F 3 pings — 2026-04-18 S 11 pings — 2026-04-19 S 6 pings — 2026-04-20 M 3 pings — 2026-04-21 T 2 pings — 2026-04-22 W 24 pings — 2026-04-23 T 28 pings — 2026-04-24 F 28 pings — 2026-04-25 S 8 pings — 2026-04-26 S 3 pings — 2026-04-27 M 4 pings — 2026-04-28 T 11 pings — 2026-04-29 W 14 pings — 2026-04-30 T 30 pings — 2026-05-01 F 22 pings — 2026-05-02 S 13 pings — 2026-05-03 S 5 pings — 2026-05-04 M 3 pings — 2026-05-05 T 5 pings — 2026-05-06 W 28 pings — 2026-05-07 T 31 pings — 2026-05-08 F 43 pings — 2026-05-09 S 16 pings — 2026-05-10 S 4 pings — 2026-05-11 M 7 pings — 2026-05-12 T 13 pings — 2026-05-13 W 15 pings — Yesterday T 18 pings — Today F
Agents 18
ChatGPT 1
Perplexity 4Amazonbot 4
Amazonbot 346Perplexity 311ChatGPT 207Google 104Ahrefs 93Unknown AI 71SEMrush 63Claude 51Bing 14Majestic 12Meta AI 8Qwen 5
Most referenced — #authentication
Type Juggling 1Type Coercion in Authentication Checks 1bcrypt 1API Key Exposure 1PHP Sessions 1Authentication 1Timing Attack 1Account Enumeration 1
2FA Bypass Techniques 3Account Takeover (ATO) 2Session Fixation 2session_regenerate_id() 2JWT Vulnerabilities 1Brute Force Attack 1PHP Session 1Two-Factor Authentication (2FA) 1
Type Juggling 160SameSite Cookie Attribute 78JWT Vulnerabilities 582FA Bypass Techniques 49Account Enumeration 39bcrypt 36Timing Attack 35LDAP Injection 33
How they use it
crawler 1.2k crawler_json 64 pre-tracking 16
Tag total1.3k pings Terms pinged40 / 40 Distinct agents11
Sort A → Z Recently Added Recently Updated Difficulty Most Viewed Most Rated Most Shared
Level All Beginner Intermediate Advanced Tag: authentication
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Brute-Force Protection
Defences against automated credential-guessing attacks — rate limiting login attempts, account lockout, CAPTCHA, and multi-factor authentication to make guessing passwords computationally infeasible.
CWE-307 OWASP A7:2021
1mo ago security intermediate
OAuth 2.0
An authorisation framework that lets users grant third-party applications limited access to their resources without sharing passwords — using short-lived access tokens issued via defined flows for different client types.
CWE-287 OWASP A7:2021
1mo ago security intermediate
Timing Attacks
Side-channel attacks that infer secret values by measuring how long an operation takes — a string comparison that short-circuits on the first mismatch leaks information about the secret one character at a time.
CWE-208
1mo ago security advanced
Diagram: OAuth 2.0 PKCE — Proof Key for Code Exchange OAuth 2.0 PKCE — Proof Key for Code Exchange PHP 7.0+
An OAuth 2.0 extension that prevents authorisation code interception attacks in public clients (SPAs, mobile apps) by binding each authorisation request to a cryptographic secret the client generates.
2mo ago cryptography intermediate
Authentication PHP 7.0+
The process of verifying that a user is who they claim to be — typically by validating credentials (password, token, certificate) and establishing a session or issuing a signed token for subsequent requests.
2mo ago security intermediate
PHP Sessions PHP 4.0+
Server-side state storage identified by a cookie-based session ID — PHP's built-in mechanism for persisting data across HTTP requests, with security implications for how the session is started, stored, and terminated.
2mo ago php beginner
Type Coercion in Authentication Checks PHP 4.0+
PHP's loose comparison (==) coerces types — '0e123' == '0e456' (both 0 in scientific notation), and 0 == 'admin' — always use === for authentication comparisons.
2mo ago security advanced
2FA Bypass Techniques PHP 5.0+
Common ways attackers circumvent two-factor authentication — SIM swapping, real-time phishing proxies, SS7 attacks, backup code theft, and session cookie hijacking after authentication.
2mo ago security advanced
XML Signature Wrapping (XSW)
An attack on XML digital signatures where the attacker wraps the signed element in a new structure — the signature validates the original but the application processes the attacker's version.
2mo ago security advanced
Diagram: Account Enumeration Account Enumeration PHP 5.0+
Differing application responses to valid vs. invalid usernames allow attackers to build a list of registered accounts.
CWE-203 OWASP A2:2021
2mo ago security intermediate 5.3
Diagram: Account Takeover (ATO) Account Takeover (ATO) PHP 5.0+
An attacker gains full control of a user account through credential stuffing, phishing, session hijacking, or abusing password-reset flows.
CWE-287 OWASP A7:2021
2mo ago security intermediate 9.8
API Key Exposure
API keys committed to version control, logged, or exposed in client-side code can be harvested and abused by attackers.
CWE-312 OWASP A2:2021
2mo ago security beginner 9.1
Diagram: Brute Force Attack Brute Force Attack PHP 5.0+
Systematically trying every possible password or key until the correct one is found.
CWE-307 OWASP A7:2021
2mo ago security beginner 7.5
CORS Misconfiguration PHP 5.0+
Overly permissive Cross-Origin Resource Sharing headers allow malicious sites to read sensitive API responses.
CWE-942 OWASP A5:2021
2mo ago security intermediate 7.5
Credential Stuffing PHP 5.0+
Automated injection of username/password pairs from previous data breaches to gain access to accounts where users reused credentials.
CWE-307 OWASP A7:2021
2mo ago security intermediate 8.1
Diagram: Digital Signatures Digital Signatures PHP 5.0+
Cryptographic proof that data was created by the holder of a private key and has not been altered — providing authentication, integrity, and non-repudiation.
2mo ago cryptography advanced
HMAC (Hash-based Message Authentication Code) PHP 5.1+
A keyed hash that verifies both the integrity and authenticity of a message — only someone with the secret key can produce or verify it.
OWASP A2:2021
2mo ago security intermediate
Insecure Cookie PHP 5.0+
Cookies without HttpOnly, Secure, and SameSite flags are vulnerable to theft via XSS, network interception, and CSRF.
CWE-1004 OWASP A2:2021
2mo ago security beginner 5.4
Insecure Password Reset Flow PHP 5.0+
Weaknesses in the password-reset mechanism allow attackers to take over accounts without knowing the original password.
CWE-640 OWASP A7:2021
2mo ago security intermediate 8.1
JWT Algorithm Confusion (alg:none & RS→HS) PHP 5.0+
Forging JWTs by exploiting libraries that accept alg:none or by switching an RS256 public key into HMAC-SHA256 signing.
CWE-327 OWASP A2:2021
2mo ago security intermediate 9.1
✓ schema.org compliant