CodeClarityLab / Glossary
Ctrl K
← Home ← Codex ← DEBT
Browse by Category
+ added · updated 7d
⚖ Terms of Use ✉ Contact

Security terms

160 terms of 1466 total · page 7 of 8

🤖 AI Guestbook — Security educational data only
| |
Last 30 days
6 pings — 2026-05-06 W 42 pings — 2026-05-07 T 44 pings — 2026-05-08 F 133 pings — 2026-05-09 S 54 pings — 2026-05-10 S 12 pings — 2026-05-11 M 15 pings — 2026-05-12 T 30 pings — 2026-05-13 W 23 pings — 2026-05-14 T 87 pings — 2026-05-15 F 19 pings — 2026-05-16 S 18 pings — 2026-05-17 S 21 pings — 2026-05-18 M 16 pings — 2026-05-19 T 27 pings — 2026-05-20 W 35 pings — 2026-05-21 T 56 pings — 2026-05-22 F 218 pings — 2026-05-23 S 29 pings — 2026-05-24 S 22 pings — 2026-05-25 M 24 pings — 2026-05-26 T 54 pings — 2026-05-27 W 165 pings — 2026-05-28 T 25 pings — 2026-05-29 F 22 pings — 2026-05-30 S 32 pings — 2026-05-31 S 34 pings — 2026-06-01 M 26 pings — 2026-06-02 T 88 pings — Yesterday W 183 pings — Today T
Agents 183
Amazonbot 29Perplexity 16Scrapy 6ChatGPT 5Ahrefs 4SEMrush 3Google 1
Perplexity 7ChatGPT 6Amazonbot 5Scrapy 2
Amazonbot 1.3kChatGPT 984Perplexity 959Ahrefs 499Google 480SEMrush 400Unknown AI 292Scrapy 221Claude 218Meta AI 167Bing 157Majestic 46Qwen 20Sogou 5
Most referenced — Security
Hardcoded Credentials 5Cross-Site Request Forgery (CSRF) 5Local File Inclusion (LFI) 4Broken Access Control 4Arbitrary File Upload 4HTTP Strict Transport Security (HSTS) 4CSPRNG 4Account Takeover (ATO) 3
Local File Inclusion (LFI) 3Arbitrary File Upload 3Path Traversal 3Secrets Management 3Cross-Site Request Forgery (CSRF) 3Sensitive Data Exposure 3File Extension Bypass 2Argon2 Password Hashing 2
Type Juggling 170PHAR Deserialization Attack 167preg_replace /e Modifier (Removed) 157CRLF Injection 114File Extension Bypass 91SameSite Cookie Attribute 84Information Disclosure 66JWT Vulnerabilities 63
How they use it
crawler 5.1k crawler_json 550 pre-tracking 83
Category total5.7k pings Terms pinged160 / 160 Distinct agents13
Sort A → Z Recently Added Recently Updated Difficulty Most Viewed Most Rated Most Shared
Level All Beginner Intermediate Advanced
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Replay Attack PHP 5.0+
An attacker captures a valid request or authentication token and resubmits it later to gain unauthorised access or repeat an action.
CWE-294 OWASP A2:2021
3mo ago security intermediate 7.5
Salted Hashing PHP 5.5+
Prepending or appending a unique random value (salt) to each password before hashing, neutralising precomputed rainbow table attacks.
CWE-759 OWASP A2:2021
3mo ago security beginner
SameSite Cookie Attribute PHP 7.3+
A cookie attribute controlling whether the browser sends a cookie with cross-site requests, providing strong CSRF mitigation.
CWE-352 OWASP A1:2021
3mo ago security intermediate
SameSite Lax Bypass PHP 7.3+
SameSite=Lax still sends cookies on top-level GET navigations — attackers can exploit this with GET-based state-changing endpoints.
CWE-352 OWASP A1:2021
3mo ago security advanced 6.5
SAST vs DAST vs IAST PHP 5.0+
Three automated security testing approaches: SAST analyses source code without running it, DAST attacks a running app from outside, IAST instruments the app from within during testing.
3mo ago security intermediate
Second-Order SQL Injection PHP 5.0+
Malicious data is safely stored in the database but later retrieved and used unsafely in a subsequent SQL query.
CWE-89 OWASP A3:2021
3mo ago security advanced 8.8
Secrets Management 🧠 1
Storing, distributing, and rotating credentials securely — using dedicated tools rather than .env files in version control or hardcoded values in source code.
3mo ago security intermediate
Security by Design PHP 5.0+
Integrating security requirements into software architecture and design from the very beginning, rather than bolting it on afterwards.
OWASP A5:2021
3mo ago security intermediate
Security Misconfiguration PHP 5.0+
Insecure default settings, unnecessary features, or missing hardening steps leave applications and infrastructure exposed.
CWE-16 OWASP A5:2021
3mo ago security beginner 7.5
Sensitive Data Exposure PHP 5.0+
Passwords, tokens, PII, or financial data exposed in logs, error messages, URLs, or unencrypted storage.
CWE-200 OWASP A2:2021
3mo ago security beginner
Diagram: Server-Side Request Forgery (SSRF) Server-Side Request Forgery (SSRF) PHP 5.0+
The server is tricked into making HTTP requests to internal or unintended destinations on behalf of the attacker.
CWE-918 OWASP A10:2021
3mo ago security advanced 8.6
Server-Side Template Injection (SSTI) PHP 5.0+
User input is embedded directly into a server-side template, allowing arbitrary code execution on the server.
CWE-1336 OWASP A3:2021
3mo ago security advanced 9.8
Session Riding PHP 5.0+
An alternative term for CSRF — the attacker 'rides' the victim's authenticated session to perform actions on their behalf.
CWE-352 OWASP A1:2021
3mo ago security intermediate 8.1
Shift-Left Security (DevSecOps) PHP 5.0+
Integrating security practices earlier in the development lifecycle — at design and coding time — rather than as a final gate before release.
3mo ago security beginner
Side-Channel Attack
Information is leaked through observable characteristics of a system — timing, power consumption, or cache behaviour — rather than via direct data access.
CWE-208 OWASP A2:2021
3mo ago security advanced 5.9
Social Engineering
Attackers manipulate people — rather than systems — into revealing credentials, granting access, or performing harmful actions.
CWE-1390 OWASP A7:2021
3mo ago security beginner 8.8
Subdomain Takeover
A DNS entry points to an unclaimed external service, allowing an attacker to register that service and control the subdomain.
CWE-350 OWASP A5:2021
3mo ago security intermediate 8.1
Subresource Integrity (SRI) PHP 5.0+
A browser mechanism that verifies CDN-hosted scripts and stylesheets haven't been tampered with, using a cryptographic hash in the HTML tag.
CWE-829 OWASP A6:2021
3mo ago security intermediate
Supply Chain Attack PHP 5.0+
An attacker compromises a trusted third-party dependency, build tool, or package to inject malicious code into downstream applications.
CWE-1357 OWASP A6:2021
3mo ago security advanced 9.0
Threat Intelligence
Evidence-based knowledge about attackers, their TTPs, and indicators of compromise — used to prioritise and inform defensive decisions.
3mo ago security intermediate
✓ schema.org compliant