Tag: security — Code Glossary - CodeClarityLab

Browse by Category

+ added · ✎ updated 7d

⚖ Terms of Use ✉ Contact

🤖 AI Guestbook — #security educational data only

| |

Last 30 days

Agents 128

Amazonbot 17Perplexity 10ChatGPT 6Scrapy 4Google 2SEMrush 1

ChatGPT 8Perplexity 7Amazonbot 7Google 2SEMrush 1Claude 1Scrapy 1

Amazonbot 1.3kChatGPT 1.1kPerplexity 979Google 519Ahrefs 464SEMrush 352Unknown AI 301Claude 221Meta AI 173Scrapy 168Bing 140Majestic 43Qwen 19Sogou 4DuckDuckGo 2

Most referenced — #security

Static Analysis 6 Input Validation vs Output Encoding 5 Penetration Testing 5 filter_var() 4 Threat Modelling 4 CSRF Token Handling in Fetch & Axios 3 Responsible Vulnerability Disclosure 3 SSL/TLS Certificate Types 3

Input Validation vs Output Encoding 6 Environment Variables 5 CSRF Token Handling in Fetch & Axios 4 password_verify() 3 Secrets Management 3 PDO 3 Forward Secrecy 3 Safe Mode — What It Was & Why It Failed 2

Type Coercion 190password_hash() — Native Bcrypt (PHP 5.5) 172CSRF Token Handling in Fetch & Axios 168preg_replace /e Modifier (Removed) 157allow_url_fopen / allow_url_include 115Responsible Vulnerability Disclosure 81 PHP End-of-Life Schedule & Security Implications 76 extract() — Dangerous Variable Injection 64

How they use it

crawler 5.2k crawler_json 527 pre-tracking 84

Tag total5.8k pings Terms pinged158 / 158 Distinct agents14

Sort A → Z Recently Added Recently Updated Difficulty Most Viewed Most Rated Most Shared

Level All Beginner Intermediate Advanced Tag: security ✕

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Package Typosquatting

Malicious packages published with names similar to popular ones (lodahs, requesst) hoping developers mistype — the package executes malicious code on install.

3mo ago security intermediate

Post-Quantum Cryptography 🧠 3

CRYSTALS-Kyber (ML-KEM) and CRYSTALS-Dilithium (ML-DSA) standardised by NIST in 2024 — designed to resist attacks from quantum computers.

3mo ago cryptography advanced

Secret Sharing — Shamir's Scheme

Splitting a secret into N shares where any K can reconstruct it — preventing single points of failure for root encryption keys and disaster recovery credentials.

3mo ago cryptography advanced

Secure File Downloads PHP 5.0+

Preventing path traversal, unauthorised access, and content injection when serving file downloads — validating paths, checking authorisation, and setting correct headers.

3mo ago security intermediate

Sensitive Data in Logs PHP 7.0+

Logging passwords, tokens, credit card numbers, or PII — log aggregators store data indefinitely and are often less secured than primary databases.

3mo ago security intermediate

Signed Commits & GPG Verification

Cryptographically signing commits with GPG or SSH keys proves the commit was made by the stated author — important for supply chain security and verifying commit integrity.

3mo ago git intermediate

SSL/TLS Certificate Types

DV (automated domain validation), OV (organisation verified), EV (deprecated green bar), Wildcard — Let's Encrypt provides free DV with automated 90-day renewal.

3mo ago networking intermediate

Tagged Template Literals ES2015

A function prefix on a template literal — the tag function receives the string parts and interpolated values separately, enabling safe SQL, HTML, CSS, and i18n string construction.

3mo ago javascript intermediate

Weak Password Hash PHP 5.5+ 🧠 1

Using MD5, SHA-1, or SHA-256 to hash passwords — fast algorithms designed for data integrity, not authentication, crackable in seconds with a GPU.

3mo ago security beginner

Weak Random Function PHP 7.0+

Using rand(), mt_rand(), or array_rand() for security-sensitive values — these are predictable pseudo-random generators not suitable for tokens, keys, or passwords.

3mo ago security intermediate

Web Crypto API ES2015

Browser-native cryptographic operations — crypto.subtle provides AES-GCM encryption, ECDSA signing, PBKDF2 key derivation, and SHA digests without external libraries.

3mo ago javascript advanced

Webhook Design PHP 5.0+

Best practices for reliable webhooks — HMAC signature verification, idempotency, delivery retry with exponential backoff, and handling slow consumers with queues.

3mo ago api_design intermediate

XML Signature Wrapping (XSW)

An attack on XML digital signatures where the attacker wraps the signed element in a new structure — the signature validates the original but the application processes the attacker's version.

3mo ago security advanced

Diagram: AI Security

AI Security 🧠 2

Security risks specific to AI systems — prompt injection, training data poisoning, model extraction, and insecure output handling that differ from traditional application security.

3mo ago ai_ml advanced

allow_url_fopen / allow_url_include PHP 5.0+ 🧠 1

PHP INI settings that permit file functions and include/require to load remote URLs — a major SSRF and RFI enabler.

CWE-98 OWASP A5:2021

3mo ago php intermediate 9.8

Diagram: Allowlist vs Blocklist

Allowlist vs Blocklist PHP 5.0+

Allowlists define what is permitted; blocklists define what is forbidden. Allowlists are always more secure.

3mo ago general beginner

Diagram: API Rate Limiting

API Rate Limiting

Controlling how many requests a client can make in a time window — protecting against abuse, ensuring fair usage, and preventing accidental DoS from misbehaving clients.

3mo ago api_design intermediate

Diagram: Asymmetric Encryption

Asymmetric Encryption PHP 5.0+ 🧠 1

A cryptographic system with a public key (shared freely) and a private key (kept secret) — data encrypted with the public key can only be decrypted with the private key.

3mo ago cryptography advanced

Diagram: Attack Surface

Attack Surface PHP 5.0+

The sum of all points where an attacker can try to enter or extract data from a system.

3mo ago general intermediate

basename() PHP 5.0+ 🧠 1

Returns only the filename component of a path, stripping any directory prefix — a simple path traversal defence.

3mo ago php beginner

← Prev 1 … 3 4 5 6 7 8 Next →

✓ schema.org compliant