CodeClarityLab / Glossary
Ctrl K
← Home ← Codex ← DEBT
Browse by Category
+ added · updated 7d
⚖ Terms of Use ✉ Contact

Tag: security

158 terms of 1466 total · page 3 of 8

🤖 AI Guestbook — #security educational data only
| |
Last 30 days
7 pings — 2026-05-06 W 57 pings — 2026-05-07 T 50 pings — 2026-05-08 F 141 pings — 2026-05-09 S 46 pings — 2026-05-10 S 15 pings — 2026-05-11 M 13 pings — 2026-05-12 T 29 pings — 2026-05-13 W 17 pings — 2026-05-14 T 78 pings — 2026-05-15 F 15 pings — 2026-05-16 S 23 pings — 2026-05-17 S 34 pings — 2026-05-18 M 19 pings — 2026-05-19 T 32 pings — 2026-05-20 W 44 pings — 2026-05-21 T 61 pings — 2026-05-22 F 213 pings — 2026-05-23 S 25 pings — 2026-05-24 S 23 pings — 2026-05-25 M 28 pings — 2026-05-26 T 60 pings — 2026-05-27 W 158 pings — 2026-05-28 T 20 pings — 2026-05-29 F 29 pings — 2026-05-30 S 25 pings — 2026-05-31 S 33 pings — 2026-06-01 M 32 pings — 2026-06-02 T 91 pings — Yesterday W 121 pings — Today T
Agents 121
Amazonbot 16Perplexity 10ChatGPT 5Scrapy 4Google 2SEMrush 1
ChatGPT 8Perplexity 7Amazonbot 7Google 2SEMrush 1Claude 1Scrapy 1
Amazonbot 1.3kChatGPT 1.1kPerplexity 979Google 519Ahrefs 464SEMrush 351Unknown AI 301Claude 221Meta AI 173Scrapy 162Bing 140Majestic 43Qwen 19Sogou 4DuckDuckGo 2
Most referenced — #security
Static Analysis 6Penetration Testing 5Threat Modelling 4CSRF Token Handling in Fetch & Axios 3filter_var() 3Input Validation vs Output Encoding 3Responsible Vulnerability Disclosure 3SSL/TLS Certificate Types 3
Input Validation vs Output Encoding 6Environment Variables 5CSRF Token Handling in Fetch & Axios 4password_verify() 3Secrets Management 3PDO 3Forward Secrecy 3Safe Mode — What It Was & Why It Failed 2
Type Coercion 190password_hash() — Native Bcrypt (PHP 5.5) 172CSRF Token Handling in Fetch & Axios 168preg_replace /e Modifier (Removed) 157allow_url_fopen / allow_url_include 114Responsible Vulnerability Disclosure 81PHP End-of-Life Schedule & Security Implications 76extract() — Dangerous Variable Injection 64
How they use it
crawler 5.1k crawler_json 527 pre-tracking 84
Tag total5.8k pings Terms pinged158 / 158 Distinct agents14
Sort A → Z Recently Added Recently Updated Difficulty Most Viewed Most Rated Most Shared
Level All Beginner Intermediate Advanced Tag: security
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Object Cloning & Security Implications PHP 5.0+
clone creates a shallow copy — nested objects are still shared references. Implement __clone() for deep copy and audit what sensitive state gets duplicated.
2mo ago security intermediate
PHP End-of-Life Schedule & Security Implications PHP 5.0+
Each PHP minor version receives active support for 2 years and security-only fixes for 1 more year — running an EOL PHP version means no patches for discovered vulnerabilities.
2mo ago php beginner
preg_replace /e Modifier (Removed) PHP 3.0+
The /e modifier in preg_replace() evaluated the replacement as PHP code — removed in PHP 7.0. Any legacy code using it is a critical RCE vulnerability.
2mo ago security advanced
Prototype Chain Errors & hasOwnProperty ES2022
Iterating objects with for...in includes inherited prototype properties — use hasOwnProperty() or Object.keys() to iterate only own properties.
2mo ago javascript intermediate
register_globals Risk & Legacy Code PHP 3.0+
register_globals automatically created PHP variables from GET/POST/COOKIE data — removed in PHP 5.4. Legacy code using it is critically vulnerable to variable injection.
2mo ago security intermediate
Safe Mode Removal & Modern Alternatives PHP 4.0+
PHP's safe_mode was removed in PHP 5.4 — it provided false security. Modern alternatives are open_basedir, OS-level permissions, and containers.
2mo ago security intermediate
Stream Filter Injection via php:// wrapper PHP 5.0+
PHP stream wrappers (php://filter, php://input) combined with user-controlled filenames enable LFI-to-RCE escalation — never allow user input in file paths.
2mo ago security advanced
Type Coercion in Authentication Checks PHP 4.0+
PHP's loose comparison (==) coerces types — '0e123' == '0e456' (both 0 in scientific notation), and 0 == 'admin' — always use === for authentication comparisons.
2mo ago security advanced
Variable Variables ($$var) Risks PHP 3.0+
$$var creates a variable whose name is the value of $var — using it with user input allows arbitrary variable access/creation and is effectively a backdoor.
2mo ago security advanced
Client-Side Sanitisation ES2015 🧠 3
DOMPurify and the Sanitizer API remove dangerous HTML before insertion — complementing PHP's server-side htmlspecialchars for rich-text scenarios.
3mo ago javascript intermediate
CSRF Token Handling in Fetch & Axios ES2017
Including PHP-generated CSRF tokens in JavaScript requests — reading from meta tags or cookies and attaching to every state-changing request.
3mo ago javascript intermediate
2FA Bypass Techniques PHP 5.0+
Common ways attackers circumvent two-factor authentication — SIM swapping, real-time phishing proxies, SS7 attacks, backup code theft, and session cookie hijacking after authentication.
3mo ago security advanced
AI-Assisted Code Generation 🧠 5
Using LLMs to generate, complete, or refactor code — powerful for boilerplate and exploration but requiring review for correctness, security, and licence compliance.
3mo ago ai_ml intermediate
Diagram: API Abuse Prevention API Abuse Prevention PHP 5.0+
Techniques to detect and block bots, scrapers, credential stuffing, and automated abuse — beyond basic rate limiting to behavioural and intelligence-based controls.
3mo ago security advanced
API Authentication Patterns 🧠 1
Bearer tokens (JWT) for user sessions, API keys for machine-to-machine, mTLS for highest-security internal services — matching authentication method to the use case.
3mo ago api_design intermediate
API Key Lifecycle Management 🧠 4
Generating, distributing, rotating, and revoking API keys securely — covering scoping, expiry, audit logging, and emergency revocation procedures.
3mo ago security intermediate
Block Cipher Modes PHP 7.1+
How a block cipher (AES) processes data larger than one block — ECB is insecure, CBC requires a MAC, GCM provides authenticated encryption and is the correct choice.
3mo ago cryptography advanced
Business Logic Abuse
Exploiting flaws in application workflows rather than technical vulnerabilities — bypassing payment steps, abusing discount codes, manipulating quantity fields, or racing concurrent requests.
3mo ago security advanced
Cache-Timing Side-Channel Attacks PHP 5.6+
Attacks that infer secret information from response time differences — cached responses arrive faster than uncached ones, leaking whether a resource exists or a secret was correct.
3mo ago security advanced
Certificate Transparency Logs 🧠 1
Public append-only logs of all issued TLS certificates — enabling detection of misissuance and rogue certificates within hours rather than months.
3mo ago cryptography advanced
✓ schema.org compliant