CodeClarityLab / Glossary
Ctrl K
← Home ← Codex ← DEBT
Browse by Category
+ added · updated 7d
Pages
Terms of Use About Contribute 🧠Logic graph Contact

Tag: security

159 terms of 1506 total · page 1 of 8

🤖 AI Guestbook — #security educational data only
| |
Last 30 days
27 pings — 2026-05-26 T 60 pings — 2026-05-27 W 156 pings — 2026-05-28 T 20 pings — 2026-05-29 F 29 pings — 2026-05-30 S 25 pings — 2026-05-31 S 33 pings — 2026-06-01 M 32 pings — 2026-06-02 T 91 pings — 2026-06-03 W 130 pings — 2026-06-04 T 269 pings — 2026-06-05 F 188 pings — 2026-06-06 S 360 pings — 2026-06-07 S 270 pings — 2026-06-08 M 140 pings — 2026-06-09 T 117 pings — 2026-06-10 W 61 pings — 2026-06-11 T 80 pings — 2026-06-12 F 66 pings — 2026-06-13 S 15 pings — 2026-06-14 S 41 pings — 2026-06-15 M 50 pings — 2026-06-16 T 48 pings — 2026-06-17 W 34 pings — 2026-06-18 T 60 pings — 2026-06-19 F 79 pings — 2026-06-20 S 97 pings — 2026-06-21 S 84 pings — 2026-06-22 M 50 pings — Yesterday T 60 pings — Today W
Agents 60
Claude 59SEMrush 1
PetalBot 28SEMrush 7Google 5ChatGPT 4Bing 3Sogou 2Perplexity 1
Amazonbot 1.3kScrapy 1.3kChatGPT 1.2kPerplexity 1kGoogle 710Ahrefs 618SEMrush 505Unknown AI 310Claude 283Bing 221Meta AI 174PetalBot 159Majestic 86Sogou 38Qwen 23ShapBot 8DuckDuckGo 4Common Crawl 4
Most referenced — #security
password_hash() — Native Bcrypt (PHP 5.5) 2Insecure Deserialization 2Container Security 1allow_url_fopen / allow_url_include 1Type Coercion in Authentication Checks 1create_function() — The Dynamic Code Smell 1preg_replace /e Modifier (Removed) 1Null Byte in File Paths (Legacy PHP) 1
password_hash() — Native Bcrypt (PHP 5.5) 4CSRF Token Handling in Fetch & Axios 2Authorisation 2password_verify() 2Bug Bounty Programme 2Certificate Transparency Logs 2PDO 2AI Guardrails 2
Type Coercion 209password_hash() — Native Bcrypt (PHP 5.5) 191CSRF Token Handling in Fetch & Axios 188preg_replace /e Modifier (Removed) 171allow_url_fopen / allow_url_include 148Input Validation vs Output Encoding 117Static Analysis 106PHP End-of-Life Schedule & Security Implications 103
How they use it
crawler 7.3k crawler_json 563 pre-tracking 84
Tag total7.9k pings Terms pinged159 / 159 Distinct agents17
Sort A → Z Recently Added Recently Updated Difficulty Most Viewed Most Rated Most Shared
DEBT Burden Trap Effort Detectability ↓ Desc ↑ Asc
Level All Beginner Intermediate Advanced Tag: security
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
iptables and netfilter
Kernel packet-filtering framework (netfilter) and its classic userspace tool (iptables) for firewalling, NAT, and packet mangling.
2w ago Linux advanced
Forward Secrecy PHP 7.4+
A key-exchange property where ephemeral session keys are discarded after use, so a future compromise of long-term keys cannot decrypt past sessions.
CWE-327 OWASP A02:2021-Cryptographic Failures
3w ago Cryptography advanced 5.9
Client-Side Template Injection (CSTI)
Attacker-controlled input rendered as a template expression by a client-side framework (AngularJS, Vue, Handlebars), executing JavaScript in the victim's browser.
CWE-1336 OWASP A3:2021
2mo ago Security advanced 7.5
CSS Injection & Data Exfiltration via Stylesheets 🧠 2
Attacker-controlled CSS injected into a page or stylesheet that exfiltrates data via attribute selectors and `url()` callbacks, defaces UI, or enables phishing — all without a single line of JavaScript.
CWE-79 OWASP A3:2021
2mo ago Security advanced 6.5
DOM Clobbering
Attack where injected HTML elements with controlled `id` or `name` attributes overwrite JavaScript globals or document properties, weaponising script-less HTML injection into code execution.
CWE-79 OWASP A3:2021
2mo ago Security advanced 6.5
NoSQL Injection PHP 5.4+ 🧠 2
Attacker-controlled input embedded into NoSQL queries (MongoDB, Redis, Couchbase) that subverts query intent — bypassing auth, exfiltrating data, or executing server-side code.
CWE-943 OWASP A3:2021
2mo ago Security intermediate 8.8
Server-Side Includes (SSI) Injection
Attacker-controlled SSI directives (`<!--#exec ... -->`) injected into pages parsed by Apache or another SSI-enabled server, achieving file disclosure or remote command execution.
CWE-97 OWASP A3:2021
2mo ago Security intermediate 9.8
Software Composition Analysis (SCA)
The practice and tooling for identifying all open-source and third-party components in a codebase, detecting known vulnerabilities (CVEs) in them, and flagging licence risks — distinct from static analysis of your own code.
2mo ago Security intermediate
Brute-Force Protection
Defences against automated credential-guessing attacks — rate limiting login attempts, account lockout, CAPTCHA, and multi-factor authentication to make guessing passwords computationally infeasible.
CWE-307 OWASP A7:2021
3mo ago Security intermediate
HTTP Cookies in PHP PHP 7.3+ 🧠 3
Cookies are small key-value pairs sent by the server via Set-Cookie and echoed back by the browser on every request — PHP sets them with setcookie() before any output, with Secure, HttpOnly, and SameSite flags controlling safety.
3mo ago PHP beginner
Insecure Deserialization
Deserializing attacker-controlled data can trigger arbitrary object construction and method calls — PHP's unserialize() with untrusted input enables remote code execution via gadget chains in the loaded class graph.
CWE-502 OWASP A8:2021
3mo ago Security advanced
OAuth 2.0
An authorisation framework that lets users grant third-party applications limited access to their resources without sharing passwords — using short-lived access tokens issued via defined flows for different client types.
CWE-287 OWASP A7:2021
3mo ago Security intermediate
Timing Attacks 🧠 4
Side-channel attacks that infer secret values by measuring how long an operation takes — a string comparison that short-circuits on the first mismatch leaks information about the secret one character at a time.
CWE-208
3mo ago Security advanced
Dependency & Supply Chain Security
Protecting applications from malicious or vulnerable third-party packages — covering transitive dependencies, lock files, SRI hashes, CVE scanning, and supply chain attack vectors.
CWE-1357 OWASP A6:2021
3mo ago Security intermediate
Mixed Content (HTTP on HTTPS)
When an HTTPS page loads resources (images, scripts, stylesheets) over HTTP — browsers block active mixed content and warn on passive, undermining the security of the HTTPS connection.
CWE-319
3mo ago Security intermediate
Linux File Permissions 🧠 1
Read, write, and execute permissions assigned to owner, group, and others — the foundation of Linux access control for web application files.
CWE-732 OWASP A5:2021
3mo ago Linux beginner 7.5
PDO query() vs prepare() PHP 5.1+
PDO query() executes raw SQL immediately — prepare() parameterises it. query() must never include user-controlled values.
CWE-89 OWASP A3:2021
3mo ago PHP beginner 9.8
PDO::ATTR_EMULATE_PREPARES PHP 5.1+
Controls whether PDO sends real prepared statements to the database or emulates them client-side in PHP.
CWE-89 OWASP A3:2021
3mo ago PHP intermediate
Diagram: AI Context Poisoning AI Context Poisoning 🧠 2
An adversarial technique where malicious instructions are injected into an LLM's context window — via user input, retrieved documents, or tool results — to hijack the model's behaviour.
3mo ago AI / ML advanced
Diagram: AI Guardrails AI Guardrails 🧠 4
Runtime constraints and safety filters applied around LLM calls to detect, block, or rewrite inputs and outputs that are harmful, off-topic, or policy-violating.
3mo ago AI / ML intermediate
✓ schema.org compliant