CodeClarityLab / Glossary
Ctrl K
← CodeClarityLab Home
Browse by Category
+ added · updated 7d
⚖ Terms of Use

Tag: security

157 terms of 1444 total · page 1 of 8

🤖 AI Guestbook — #security educational data only
| |
Last 30 days
42 pings — 2026-04-08 W 5 pings — 2026-04-09 T 44 pings — 2026-04-10 F 45 pings — 2026-04-11 S 46 pings — 2026-04-12 S 58 pings — 2026-04-13 M 12 pings — 2026-04-14 T 6 pings — 2026-04-15 W 3 pings — 2026-04-16 T 63 pings — 2026-04-17 F 46 pings — 2026-04-18 S 108 pings — 2026-04-19 S 55 pings — 2026-04-20 M 14 pings — 2026-04-21 T 40 pings — 2026-04-22 W 59 pings — 2026-04-23 T 103 pings — 2026-04-24 F 114 pings — 2026-04-25 S 57 pings — 2026-04-26 S 30 pings — 2026-04-27 M 43 pings — 2026-04-28 T 59 pings — 2026-04-29 W 87 pings — 2026-04-30 T 147 pings — 2026-05-01 F 102 pings — 2026-05-02 S 85 pings — 2026-05-03 S 38 pings — 2026-05-04 M 28 pings — 2026-05-05 T 30 pings — Yesterday W 59 pings — Today T
Agents 59
ChatGPT 5Amazonbot 3Perplexity 2
ChatGPT 8Amazonbot 1
Amazonbot 1.1kPerplexity 921ChatGPT 683Google 460Unknown AI 301Ahrefs 290SEMrush 140Claude 44Majestic 37Meta AI 16Qwen 10DuckDuckGo 1
Most referenced — #security
preg_replace /e Modifier (Removed) 2Client-Side Sanitisation 2PHP End-of-Life Schedule & Security Implications 2Input Validation vs Output Encoding 2realpath() 2Container Security 1CSRF Token Handling in Fetch & Axios 1extract() Security Risk 1
preg_replace /e Modifier (Removed) 7password_hash() — Native Bcrypt (PHP 5.5) 2Catastrophic Backtracking 2serialize() / unserialize() 2allow_url_fopen / allow_url_include 1Safe Mode — What It Was & Why It Failed 1Client-Side Sanitisation 1Authorisation 1
Type Coercion 181password_hash() — Native Bcrypt (PHP 5.5) 155preg_replace /e Modifier (Removed) 131allow_url_fopen / allow_url_include 100CSRF Token Handling in Fetch & Axios 90Responsible Vulnerability Disclosure 66PHP End-of-Life Schedule & Security Implications 542FA Bypass Techniques 43
How they use it
crawler 3.7k crawler_json 187 pre-tracking 84
Tag total4k pings Terms pinged157 / 157 Distinct agents11
Sort A → Z Recently Added Recently Updated Difficulty Most Viewed Most Rated Most Shared
Level All Beginner Intermediate Advanced Tag: security
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Client-Side Template Injection (CSTI)
Attacker-controlled input rendered as a template expression by a client-side framework (AngularJS, Vue, Handlebars), executing JavaScript in the victim's browser.
CWE-1336 OWASP A3:2021
1w ago security advanced 7.5
CSS Injection & Data Exfiltration via Stylesheets
Attacker-controlled CSS injected into a page or stylesheet that exfiltrates data via attribute selectors and `url()` callbacks, defaces UI, or enables phishing — all without a single line of JavaScript.
CWE-79 OWASP A3:2021
1w ago security advanced 6.5
DOM Clobbering
Attack where injected HTML elements with controlled `id` or `name` attributes overwrite JavaScript globals or document properties, weaponising script-less HTML injection into code execution.
CWE-79 OWASP A3:2021
1w ago security advanced 6.5
NoSQL Injection PHP 5.4+
Attacker-controlled input embedded into NoSQL queries (MongoDB, Redis, Couchbase) that subverts query intent — bypassing auth, exfiltrating data, or executing server-side code.
CWE-943 OWASP A3:2021
1w ago security intermediate 8.8
Server-Side Includes (SSI) Injection
Attacker-controlled SSI directives (`<!--#exec ... -->`) injected into pages parsed by Apache or another SSI-enabled server, achieving file disclosure or remote command execution.
CWE-97 OWASP A3:2021
1w ago security intermediate 9.8
Software Composition Analysis (SCA)
The practice and tooling for identifying all open-source and third-party components in a codebase, detecting known vulnerabilities (CVEs) in them, and flagging licence risks — distinct from static analysis of your own code.
3w ago security intermediate
Brute-Force Protection
Defences against automated credential-guessing attacks — rate limiting login attempts, account lockout, CAPTCHA, and multi-factor authentication to make guessing passwords computationally infeasible.
CWE-307 OWASP A7:2021
4w ago security intermediate
HTTP Cookies in PHP PHP 7.3+
Cookies are small key-value pairs sent by the server via Set-Cookie and echoed back by the browser on every request — PHP sets them with setcookie() before any output, with Secure, HttpOnly, and SameSite flags controlling safety.
4w ago php beginner
Insecure Deserialization
Deserializing attacker-controlled data can trigger arbitrary object construction and method calls — PHP's unserialize() with untrusted input enables remote code execution via gadget chains in the loaded class graph.
CWE-502 OWASP A8:2021
4w ago security advanced
OAuth 2.0
An authorisation framework that lets users grant third-party applications limited access to their resources without sharing passwords — using short-lived access tokens issued via defined flows for different client types.
CWE-287 OWASP A7:2021
4w ago security intermediate
Timing Attacks
Side-channel attacks that infer secret values by measuring how long an operation takes — a string comparison that short-circuits on the first mismatch leaks information about the secret one character at a time.
CWE-208
4w ago security advanced
Dependency & Supply Chain Security
Protecting applications from malicious or vulnerable third-party packages — covering transitive dependencies, lock files, SRI hashes, CVE scanning, and supply chain attack vectors.
CWE-1357 OWASP A6:2021
1mo ago security intermediate
Mixed Content (HTTP on HTTPS)
When an HTTPS page loads resources (images, scripts, stylesheets) over HTTP — browsers block active mixed content and warn on passive, undermining the security of the HTTPS connection.
CWE-319
1mo ago security intermediate
Linux File Permissions
Read, write, and execute permissions assigned to owner, group, and others — the foundation of Linux access control for web application files.
CWE-732 OWASP A5:2021
1mo ago linux beginner 7.5
PDO query() vs prepare() PHP 5.1+
PDO query() executes raw SQL immediately — prepare() parameterises it. query() must never include user-controlled values.
CWE-89 OWASP A3:2021
1mo ago php beginner 9.8
PDO::ATTR_EMULATE_PREPARES PHP 5.1+
Controls whether PDO sends real prepared statements to the database or emulates them client-side in PHP.
CWE-89 OWASP A3:2021
1mo ago php intermediate
Diagram: AI Context Poisoning AI Context Poisoning
An adversarial technique where malicious instructions are injected into an LLM's context window — via user input, retrieved documents, or tool results — to hijack the model's behaviour.
1mo ago ai_ml advanced
Diagram: AI Guardrails AI Guardrails
Runtime constraints and safety filters applied around LLM calls to detect, block, or rewrite inputs and outputs that are harmful, off-topic, or policy-violating.
1mo ago ai_ml intermediate
Diagram: Prompt Injection Attack Prompt Injection Attack
An attack where crafted user input overrides or hijacks an LLM's system instructions, causing it to ignore its intended behaviour and follow attacker-supplied commands instead.
CWE-74 OWASP LLM01:2025
1mo ago ai_ml advanced
Diagram: OAuth 2.0 PKCE — Proof Key for Code Exchange OAuth 2.0 PKCE — Proof Key for Code Exchange PHP 7.0+
An OAuth 2.0 extension that prevents authorisation code interception attacks in public clients (SPAs, mobile apps) by binding each authorisation request to a cryptographic secret the client generates.
1mo ago cryptography intermediate
✓ schema.org compliant