Security — Code Glossary | CodeClarityLab

Browse by Category

+ added · ✎ updated 7d

⚖ Terms of Use ✉ Contact

🤖 AI Guestbook — Security educational data only

| |

Last 30 days

Agents 183

Amazonbot 29Perplexity 16Scrapy 6ChatGPT 5Ahrefs 4SEMrush 3Google 1

Perplexity 7ChatGPT 6Amazonbot 5Scrapy 2

Amazonbot 1.3kChatGPT 984Perplexity 959Ahrefs 499Google 480SEMrush 400Unknown AI 292Scrapy 221Claude 218Meta AI 167Bing 157Majestic 46Qwen 20Sogou 5

How they use it

crawler 5.1k crawler_json 550 pre-tracking 83

Category total5.7k pings Terms pinged160 / 160 Distinct agents13

Sort A → Z Recently Added Recently Updated Difficulty Most Viewed Most Rated Most Shared

Level All Beginner Intermediate Advanced

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Log Injection PHP 5.0+

Writing unsanitised user input into log files allows attackers to forge log entries or inject control characters.

CWE-117 OWASP A9:2021

3mo ago security intermediate 5.3

Diagram: Man-in-the-Middle Attack (MitM)

Man-in-the-Middle Attack (MitM) PHP 5.0+

An attacker secretly intercepts and potentially alters communications between two parties who believe they are communicating directly.

CWE-300 OWASP A2:2021

3mo ago security intermediate 7.4

Mass Assignment PHP 5.0+

Blindly binding all user-submitted fields to a model allows attackers to set fields they should not control.

CWE-915 OWASP A1:2021

3mo ago security intermediate 8.1

Null Byte Injection PHP 5.0+

Inserting a %00 null byte into a filename or string can truncate it at the C layer, bypassing extension checks.

CWE-626 OWASP A3:2021

3mo ago security intermediate 7.5

Diagram: OAuth 2.0 Vulnerabilities

OAuth 2.0 Vulnerabilities

Misimplemented OAuth flows expose applications to CSRF, token theft, open redirects, and account takeover.

CWE-287 OWASP A2:2021

3mo ago security advanced 8.1

Open Redirect PHP 5.0+

A redirect destination taken from user input can send victims to attacker-controlled sites, enabling phishing.

CWE-601 OWASP A1:2021

3mo ago security beginner 6.1

Open Source Dependency Risk

Third-party packages introduce supply-chain attack surface — malicious code, abandoned maintainers, and known CVEs can all compromise your application.

CWE-1395 OWASP A6:2021

3mo ago security intermediate

open_basedir Restriction PHP 4.0+

A PHP INI directive that restricts file operations to a specified directory tree, limiting the blast radius of path traversal and LFI attacks.

CWE-22 OWASP A5:2021

3mo ago security intermediate

OWASP Top 10 PHP 5.0+

The ten most critical web application security risk categories, published by OWASP and updated periodically.

3mo ago security beginner

Parameter Tampering

Modifying HTTP request parameters — query strings, POST fields, cookies, or hidden fields — to manipulate application business logic.

CWE-472 OWASP A1:2021

3mo ago security beginner 8.1

Password Peppering PHP 5.5+

A secret server-side value mixed into passwords before hashing — database theft alone is insufficient; the pepper must also be compromised.

3mo ago security intermediate

Path Normalisation Bypass PHP 5.0+

Using ../, URL encoding (%2f), or OS-specific separators to escape intended directory boundaries and access files outside an allowlisted path.

CWE-22 OWASP A1:2021

3mo ago security intermediate 7.5

Diagram: Path Traversal

Path Traversal PHP 5.0+ 🧠 1

User input used in a file path allows attackers to navigate outside the intended directory using ../ sequences.

CWE-22 OWASP A3:2021

3mo ago security intermediate 7.5

PHAR Deserialization Attack PHP 5.0+

PHP's phar:// stream wrapper triggers deserialization of PHAR metadata on any file operation, enabling PHP object injection without unserialize().

CWE-502 OWASP A8:2021

3mo ago security advanced 9.8

PHP Object Injection PHP 5.0+

Passing attacker-controlled data to unserialize() triggers magic methods on existing classes, enabling code execution, file deletion, or SSRF.

CWE-502 OWASP A8:2021

3mo ago security advanced 9.8

Predictable Token PHP 7.0+

Tokens generated with md5(time()) or rand() are trivially guessable because their entropy source is predictable.

CWE-338 OWASP A2:2021

3mo ago security intermediate 7.5

Privilege Escalation PHP 5.0+

A flaw that lets a lower-privileged user gain higher access — e.g. reading an admin role from a URL parameter.

CWE-269 OWASP A1:2021

3mo ago security intermediate 8.8

Prototype Pollution ES5

An attacker injects properties into JavaScript's Object.prototype, affecting all objects in the application.

CWE-1321 OWASP A3:2021

3mo ago security advanced 8.1

ReDoS (Regex Denial of Service)

A crafted input causes a regex with catastrophic backtracking to consume excessive CPU, making the application unresponsive.

CWE-1333 OWASP A5:2021

3mo ago security intermediate 7.5

Remote File Inclusion (RFI) PHP 5.0+

An attacker tricks include() or require() into loading a PHP file from an attacker-controlled remote URL, achieving code execution.

CWE-98 OWASP A3:2021

3mo ago security intermediate 9.8

← Prev 1 … 4 5 6 7 8 Next →

✓ schema.org compliant