CodeClarityLab / Glossary
Ctrl K
← CodeClarityLab Home
Browse by Category
+ added · updated 7d
⚖ Terms of Use

Tag: owasp-top10

31 terms of 1444 total · page 1 of 2

🤖 AI Guestbook — #owasp-top10 educational data only
| |
Last 30 days
4 pings — 2026-04-08 W 1 ping — 2026-04-09 T 9 pings — 2026-04-10 F 13 pings — 2026-04-11 S 5 pings — 2026-04-12 S 7 pings — 2026-04-13 M 2 pings — 2026-04-14 T 1 ping — 2026-04-15 W 2 pings — 2026-04-16 T 16 pings — 2026-04-17 F 16 pings — 2026-04-18 S 21 pings — 2026-04-19 S 10 pings — 2026-04-20 M 15 pings — 2026-04-21 T 9 pings — 2026-04-22 W 26 pings — 2026-04-23 T 20 pings — 2026-04-24 F 30 pings — 2026-04-25 S 5 pings — 2026-04-26 S 2 pings — 2026-04-27 M 16 pings — 2026-04-28 T 4 pings — 2026-04-29 W 9 pings — 2026-04-30 T 25 pings — 2026-05-01 F 17 pings — 2026-05-02 S 16 pings — 2026-05-03 S 3 pings — 2026-05-04 M 1 ping — 2026-05-05 T 6 pings — Yesterday W 7 pings — Today T
Agents 7
Perplexity 1Amazonbot 1
Perplexity 218Amazonbot 207Ahrefs 88Google 77ChatGPT 76Unknown AI 52SEMrush 35Majestic 11Claude 3Qwen 2Meta AI 1
Most referenced — #owasp-top10
Path Traversal 2Business Logic Vulnerability 1Parameter Tampering 1Privilege Escalation 1SQL Injection 1Two-Factor Authentication (2FA) 1
Command Injection 1Account Enumeration 1Information Disclosure 1Brute Force Attack 1Sensitive Data Exposure 1Dependency & Supply Chain Security 1
Information Disclosure 54Account Enumeration 35Privilege Escalation 35Parameter Tampering 34Security Misconfiguration 32Insecure Deserialization 32Sensitive Data Exposure 31Insecure Direct Object Reference (IDOR) 29
How they use it
crawler 719 crawler_json 36 pre-tracking 15
Tag total770 pings Terms pinged31 / 31 Distinct agents10
Sort A → Z Recently Added Recently Updated Difficulty Most Viewed Most Rated Most Shared
Level All Beginner Intermediate Advanced Tag: owasp-top10
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Client-Side Template Injection (CSTI)
Attacker-controlled input rendered as a template expression by a client-side framework (AngularJS, Vue, Handlebars), executing JavaScript in the victim's browser.
CWE-1336 OWASP A3:2021
1w ago security advanced 7.5
NoSQL Injection PHP 5.4+
Attacker-controlled input embedded into NoSQL queries (MongoDB, Redis, Couchbase) that subverts query intent — bypassing auth, exfiltrating data, or executing server-side code.
CWE-943 OWASP A3:2021
1w ago security intermediate 8.8
Server-Side Includes (SSI) Injection
Attacker-controlled SSI directives (`<!--#exec ... -->`) injected into pages parsed by Apache or another SSI-enabled server, achieving file disclosure or remote command execution.
CWE-97 OWASP A3:2021
1w ago security intermediate 9.8
Dependency & Supply Chain Security
Protecting applications from malicious or vulnerable third-party packages — covering transitive dependencies, lock files, SRI hashes, CVE scanning, and supply chain attack vectors.
CWE-1357 OWASP A6:2021
1mo ago security intermediate
Diagram: Account Enumeration Account Enumeration PHP 5.0+
Differing application responses to valid vs. invalid usernames allow attackers to build a list of registered accounts.
CWE-203 OWASP A2:2021
2mo ago security intermediate 5.3
Diagram: Account Takeover (ATO) Account Takeover (ATO) PHP 5.0+
An attacker gains full control of a user account through credential stuffing, phishing, session hijacking, or abusing password-reset flows.
CWE-287 OWASP A7:2021
2mo ago security intermediate 9.8
Diagram: Arbitrary File Upload Arbitrary File Upload PHP 5.0+
Accepting file uploads without validating type, extension, and content can allow PHP shell uploads and RCE.
CWE-434 OWASP A4:2021
2mo ago security intermediate 9.8
Diagram: Broken Access Control Broken Access Control PHP 5.0+
Failure to enforce what authenticated users are allowed to do — the #1 OWASP vulnerability, enabling privilege escalation and data exposure.
CWE-284 OWASP A1:2021
2mo ago security intermediate 8.8
Diagram: Brute Force Attack Brute Force Attack PHP 5.0+
Systematically trying every possible password or key until the correct one is found.
CWE-307 OWASP A7:2021
2mo ago security beginner 7.5
Business Logic Vulnerability
Flaws in application workflow allow attackers to abuse legitimate features in unintended ways.
CWE-840 OWASP A4:2021
2mo ago security advanced 7.5
Diagram: Command Injection Command Injection PHP 5.0+
User input passed to a shell function (exec, system, shell_exec) allows arbitrary OS command execution.
CWE-78 OWASP A3:2021
2mo ago security intermediate 9.8
Forced Browsing PHP 5.0+
Accessing resources at predictable URLs that are not linked from the application's UI but lack proper authorisation checks.
CWE-425 OWASP A1:2021
2mo ago security beginner 7.5
Information Disclosure PHP 5.0+
Unintentional leakage of sensitive data — stack traces, version numbers, internal paths — aids attackers in crafting targeted exploits.
CWE-200 OWASP A5:2021
2mo ago security beginner 5.3
Insecure Deserialization PHP 5.0+
Untrusted data passed to unserialize() can trigger PHP magic methods and lead to remote code execution.
CWE-502 OWASP A8:2021
2mo ago security advanced 9.8
Insecure Password Reset Flow PHP 5.0+
Weaknesses in the password-reset mechanism allow attackers to take over accounts without knowing the original password.
CWE-640 OWASP A7:2021
2mo ago security intermediate 8.1
Mass Assignment PHP 5.0+
Blindly binding all user-submitted fields to a model allows attackers to set fields they should not control.
CWE-915 OWASP A1:2021
2mo ago security intermediate 8.1
Open Redirect PHP 5.0+
A redirect destination taken from user input can send victims to attacker-controlled sites, enabling phishing.
CWE-601 OWASP A1:2021
2mo ago security beginner 6.1
Parameter Tampering
Modifying HTTP request parameters — query strings, POST fields, cookies, or hidden fields — to manipulate application business logic.
CWE-472 OWASP A1:2021
2mo ago security beginner 8.1
Diagram: Path Traversal Path Traversal PHP 5.0+
User input used in a file path allows attackers to navigate outside the intended directory using ../ sequences.
CWE-22 OWASP A3:2021
2mo ago security intermediate 7.5
Privilege Escalation PHP 5.0+
A flaw that lets a lower-privileged user gain higher access — e.g. reading an admin role from a URL parameter.
CWE-269 OWASP A1:2021
2mo ago security intermediate 8.8
✓ schema.org compliant