CodeClarityLab / Glossary
Ctrl K
← Home ← Codex ← DEBT
Browse by Category
+ added · updated 7d
Pages
Terms of Use About Contribute 🧠Logic graph Contact

Tag: owasp-top10

31 terms of 1506 total · page 1 of 2

🤖 AI Guestbook — #owasp-top10 educational data only
| |
Last 30 days
4 pings — 2026-05-26 T 12 pings — 2026-05-27 W 32 pings — 2026-05-28 T 9 pings — 2026-05-29 F 3 pings — 2026-05-30 S 5 pings — 2026-05-31 S 6 pings — 2026-06-01 M 6 pings — 2026-06-02 T 27 pings — 2026-06-03 W 50 pings — 2026-06-04 T 108 pings — 2026-06-05 F 52 pings — 2026-06-06 S 121 pings — 2026-06-07 S 100 pings — 2026-06-08 M 44 pings — 2026-06-09 T 24 pings — 2026-06-10 W 17 pings — 2026-06-11 T 14 pings — 2026-06-12 F 17 pings — 2026-06-13 S 3 pings — 2026-06-14 S 4 pings — 2026-06-15 M 6 pings — 2026-06-16 T 11 pings — 2026-06-17 W 5 pings — 2026-06-18 T 9 pings — 2026-06-19 F 27 pings — 2026-06-20 S 20 pings — 2026-06-21 S 13 pings — 2026-06-22 M 13 pings — Yesterday T 28 pings — Today W
Agents 28
Claude 26Google 1PetalBot 1
PetalBot 4ChatGPT 2Bing 2Google 1Perplexity 1SEMrush 1Ahrefs 1Sogou 1
Scrapy 466Amazonbot 248Perplexity 246Ahrefs 157Google 134ChatGPT 128SEMrush 114Claude 77Bing 55Unknown AI 52Meta AI 35PetalBot 32Majestic 15Sogou 14Qwen 6Common Crawl 1
Most referenced — #owasp-top10
Client-Side Template Injection (CSTI) 3Server-Side Request Forgery (SSRF) 2Security Misconfiguration 2Broken Access Control 2Account Takeover (ATO) 2Information Disclosure 2Path Traversal 2Privilege Escalation 2
Security Misconfiguration 2Server-Side Request Forgery (SSRF) 1Account Enumeration 1Information Disclosure 1Mass Assignment 1Parameter Tampering 1Open Redirect 1SQL Injection 1
Security Misconfiguration 99Information Disclosure 98Account Takeover (ATO) 88Cross-Site Request Forgery (CSRF) 84Privilege Escalation 76Cross-Site Scripting (XSS) 76SQL Injection 74Path Traversal 67
How they use it
crawler 1.7k crawler_json 113 pre-tracking 15
Tag total1.8k pings Terms pinged31 / 31 Distinct agents15
Sort A → Z Recently Added Recently Updated Difficulty Most Viewed Most Rated Most Shared
DEBT Burden Trap Effort Detectability ↓ Desc ↑ Asc
Level All Beginner Intermediate Advanced Tag: owasp-top10
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Client-Side Template Injection (CSTI)
Attacker-controlled input rendered as a template expression by a client-side framework (AngularJS, Vue, Handlebars), executing JavaScript in the victim's browser.
CWE-1336 OWASP A3:2021
2mo ago Security advanced 7.5
NoSQL Injection PHP 5.4+ 🧠 2
Attacker-controlled input embedded into NoSQL queries (MongoDB, Redis, Couchbase) that subverts query intent — bypassing auth, exfiltrating data, or executing server-side code.
CWE-943 OWASP A3:2021
2mo ago Security intermediate 8.8
Server-Side Includes (SSI) Injection
Attacker-controlled SSI directives (`<!--#exec ... -->`) injected into pages parsed by Apache or another SSI-enabled server, achieving file disclosure or remote command execution.
CWE-97 OWASP A3:2021
2mo ago Security intermediate 9.8
Dependency & Supply Chain Security
Protecting applications from malicious or vulnerable third-party packages — covering transitive dependencies, lock files, SRI hashes, CVE scanning, and supply chain attack vectors.
CWE-1357 OWASP A6:2021
3mo ago Security intermediate
Diagram: Account Enumeration Account Enumeration PHP 5.0+ 🧠 1
Differing application responses to valid vs. invalid usernames allow attackers to build a list of registered accounts.
CWE-203 OWASP A2:2021
3mo ago Security intermediate 5.3
Diagram: Account Takeover (ATO) Account Takeover (ATO) PHP 5.0+ 🧠 9
An attacker gains full control of a user account through credential stuffing, phishing, session hijacking, or abusing password-reset flows.
CWE-287 OWASP A7:2021
3mo ago Security intermediate 9.8
Diagram: Arbitrary File Upload Arbitrary File Upload PHP 5.0+
Accepting file uploads without validating type, extension, and content can allow PHP shell uploads and RCE.
CWE-434 OWASP A4:2021
3mo ago Security intermediate 9.8
Diagram: Broken Access Control Broken Access Control PHP 5.0+ 🧠 1
Failure to enforce what authenticated users are allowed to do — the #1 OWASP vulnerability, enabling privilege escalation and data exposure.
CWE-284 OWASP A1:2021
3mo ago Security intermediate 8.8
Diagram: Brute Force Attack Brute Force Attack PHP 5.0+ 🧠 1
Systematically trying every possible password or key until the correct one is found.
CWE-307 OWASP A7:2021
3mo ago Security beginner 7.5
Business Logic Vulnerability
Flaws in application workflow allow attackers to abuse legitimate features in unintended ways.
CWE-840 OWASP A4:2021
3mo ago Security advanced 7.5
Diagram: Command Injection Command Injection PHP 5.0+ 🧠 1
User input passed to a shell function (exec, system, shell_exec) allows arbitrary OS command execution.
CWE-78 OWASP A3:2021
3mo ago Security intermediate 9.8
Forced Browsing PHP 5.0+
Accessing resources at predictable URLs that are not linked from the application's UI but lack proper authorisation checks.
CWE-425 OWASP A1:2021
3mo ago Security beginner 7.5
Information Disclosure PHP 5.0+
Unintentional leakage of sensitive data — stack traces, version numbers, internal paths — aids attackers in crafting targeted exploits.
CWE-200 OWASP A5:2021
3mo ago Security beginner 5.3
Insecure Deserialization PHP 5.0+
Untrusted data passed to unserialize() can trigger PHP magic methods and lead to remote code execution.
CWE-502 OWASP A8:2021
3mo ago Security advanced 9.8
Insecure Password Reset Flow PHP 5.0+
Weaknesses in the password-reset mechanism allow attackers to take over accounts without knowing the original password.
CWE-640 OWASP A7:2021
3mo ago Security intermediate 8.1
Mass Assignment PHP 5.0+
Blindly binding all user-submitted fields to a model allows attackers to set fields they should not control.
CWE-915 OWASP A1:2021
3mo ago Security intermediate 8.1
Open Redirect PHP 5.0+
A redirect destination taken from user input can send victims to attacker-controlled sites, enabling phishing.
CWE-601 OWASP A1:2021
3mo ago Security beginner 6.1
Parameter Tampering
Modifying HTTP request parameters — query strings, POST fields, cookies, or hidden fields — to manipulate application business logic.
CWE-472 OWASP A1:2021
3mo ago Security beginner 8.1
Diagram: Path Traversal Path Traversal PHP 5.0+ 🧠 2
User input used in a file path allows attackers to navigate outside the intended directory using ../ sequences.
CWE-22 OWASP A3:2021
3mo ago Security intermediate 7.5
Privilege Escalation PHP 5.0+ 🧠 1
A flaw that lets a lower-privileged user gain higher access — e.g. reading an admin role from a URL parameter.
CWE-269 OWASP A1:2021
3mo ago Security intermediate 8.8
✓ schema.org compliant