CodeClarityLab / Glossary
Ctrl K
← Home ← Codex ← DEBT
Browse by Category
+ added · updated 7d
⚖ Terms of Use ✉ Contact

Security terms

160 terms of 1466 total · page 8 of 8

🤖 AI Guestbook — Security educational data only
| |
Last 30 days
6 pings — 2026-05-06 W 42 pings — 2026-05-07 T 44 pings — 2026-05-08 F 133 pings — 2026-05-09 S 54 pings — 2026-05-10 S 14 pings — 2026-05-11 M 15 pings — 2026-05-12 T 30 pings — 2026-05-13 W 23 pings — 2026-05-14 T 87 pings — 2026-05-15 F 19 pings — 2026-05-16 S 18 pings — 2026-05-17 S 21 pings — 2026-05-18 M 16 pings — 2026-05-19 T 27 pings — 2026-05-20 W 35 pings — 2026-05-21 T 56 pings — 2026-05-22 F 218 pings — 2026-05-23 S 29 pings — 2026-05-24 S 22 pings — 2026-05-25 M 24 pings — 2026-05-26 T 54 pings — 2026-05-27 W 165 pings — 2026-05-28 T 25 pings — 2026-05-29 F 22 pings — 2026-05-30 S 32 pings — 2026-05-31 S 34 pings — 2026-06-01 M 26 pings — 2026-06-02 T 88 pings — Yesterday W 177 pings — Today T
Agents 177
Amazonbot 27Perplexity 16ChatGPT 5Scrapy 5Ahrefs 3SEMrush 3Google 1
Perplexity 8ChatGPT 6Amazonbot 6Scrapy 2
Amazonbot 1.3kChatGPT 984Perplexity 959Ahrefs 499Google 480SEMrush 399Unknown AI 292Claude 218Scrapy 216Meta AI 167Bing 157Majestic 46Qwen 20Sogou 5
Most referenced — Security
Hardcoded Credentials 5Cross-Site Request Forgery (CSRF) 5Broken Access Control 4Arbitrary File Upload 4HTTP Strict Transport Security (HSTS) 4CSPRNG 4Local File Inclusion (LFI) 3Account Takeover (ATO) 3
Local File Inclusion (LFI) 3Arbitrary File Upload 3Path Traversal 3Secrets Management 3Cross-Site Request Forgery (CSRF) 3Sensitive Data Exposure 3File Extension Bypass 2Argon2 Password Hashing 2
Type Juggling 170PHAR Deserialization Attack 167preg_replace /e Modifier (Removed) 157CRLF Injection 114File Extension Bypass 91SameSite Cookie Attribute 84Information Disclosure 66JWT Vulnerabilities 63
How they use it
crawler 5.1k crawler_json 550 pre-tracking 83
Category total5.7k pings Terms pinged160 / 160 Distinct agents13
Sort A → Z Recently Added Recently Updated Difficulty Most Viewed Most Rated Most Shared
Level All Beginner Intermediate Advanced
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Timing Attack PHP 5.6+
Measuring how long a comparison takes reveals information about secret values — use hash_equals() to prevent it.
CWE-208 OWASP A2:2021
3mo ago security advanced 5.9
Diagram: Two-Factor Authentication (2FA) Two-Factor Authentication (2FA) PHP 7.0+
Requiring a second verification factor (OTP, hardware key) in addition to a password dramatically reduces account takeover risk.
OWASP A7:2021
3mo ago security beginner
Type Juggling PHP 5.0+
PHP's loose comparison (==) can produce unexpected results — "0e123" == "0e456" is true, enabling auth bypasses.
CWE-704 OWASP A3:2021
3mo ago security intermediate 8.1
Unicode Normalisation Attack PHP 5.3+
Exploiting differences in Unicode normalisation forms to bypass input filters — two visually identical strings that differ at the byte level.
CWE-176 OWASP A3:2021
3mo ago security advanced 5.3
Weak Cryptography PHP 5.0+
Using MD5 or SHA1 for passwords or security tokens — both are cryptographically broken and trivially reversible.
CWE-327 OWASP A2:2021
3mo ago security intermediate 7.5
Weak Session ID PHP 5.0+
Session identifiers generated with insufficient entropy can be guessed or brute-forced, allowing session hijacking.
CWE-330 OWASP A2:2021
3mo ago security intermediate 8.1
Web Cache Deception
Tricking a cache into storing sensitive authenticated responses by appending a static-file-like suffix to a private URL.
CWE-524 OWASP A5:2021
3mo ago security advanced 7.5
XML Entity Expansion (Billion Laughs / XXE) PHP 5.0+
Denial-of-service via exponentially nested XML entities (Billion Laughs) or SSRF/file-read via external entity references (XXE).
CWE-611 OWASP A5:2021
3mo ago security intermediate 9.1
XML External Entity (XXE) PHP 5.0+
A vulnerable XML parser processes external entity references, letting attackers read local files or trigger SSRF.
CWE-611 OWASP A5:2021
3mo ago security advanced 8.2
XML Injection PHP 5.0+ 🧠 1
Unsanitised user input injected into XML documents alters their structure, potentially corrupting data or enabling further attacks.
CWE-91 OWASP A3:2021
3mo ago security intermediate 7.5
XPath Injection PHP 5.0+
Unsanitised input manipulates XPath queries against XML documents, enabling data extraction or authentication bypass.
CWE-643 OWASP A3:2021
3mo ago security intermediate 7.5
Zero-Day Vulnerability
A security flaw unknown to the vendor with no available patch — attackers may have exploits in the wild before defenders can respond.
3mo ago security intermediate
Zip Slip PHP 5.0+
A path traversal attack via crafted archive filenames (e.g. ../../evil.php) that escape the extraction directory during unzip.
CWE-22 OWASP A1:2021
3mo ago security intermediate 8.1
Diagram: bcrypt bcrypt PHP 5.5+ 🧠 1
A deliberately slow password hashing algorithm designed to resist brute-force attacks by tunable computational cost.
CWE-327 OWASP A2:2021
3mo ago security intermediate
Diagram: Cross-Site Request Forgery (CSRF) Cross-Site Request Forgery (CSRF) PHP 5.0+ 🧠 1
A forged request tricks an authenticated user's browser into performing an unintended action on a site they're logged into.
CWE-352 OWASP A1:2021
3mo ago security intermediate 6.5
Diagram: Cross-Site Scripting (XSS) Cross-Site Scripting (XSS) PHP 5.0+ 🧠 1
User-supplied content rendered in the browser without escaping, allowing script injection into other users' sessions.
CWE-79 OWASP A3:2021
3mo ago security intermediate 6.1
Diagram: Insecure Direct Object Reference (IDOR) Insecure Direct Object Reference (IDOR) PHP 5.0+
A user accesses another user's data by changing an ID in a URL or request — no authorisation check performed.
CWE-639 OWASP A1:2021
3mo ago security intermediate 7.5
Insufficient Logging & Monitoring
Failure to log security events and monitor them allows attacks to go undetected and unresponded to.
CWE-778 OWASP A9:2021
3mo ago security beginner 6.5
Diagram: Session Fixation Session Fixation PHP 5.0+ 🧠 1
An attacker forces a victim to use a known session ID, then hijacks their session after they authenticate.
CWE-384 OWASP A7:2021
3mo ago security intermediate 8.0
Diagram: SQL Injection SQL Injection PHP 5.1+
Unsanitised user input inserted directly into a SQL query, letting attackers read, modify, or delete database data.
CWE-89 OWASP A3:2021
3mo ago security intermediate 9.8
✓ schema.org compliant