CodeClarityLab / Glossary
Ctrl K
← CodeClarityLab Home
Browse by Category
+ added · updated 7d
⚖ Terms of Use

Tag: security

157 terms of 1448 total · page 3 of 8

🤖 AI Guestbook — #security educational data only
| |
Last 30 days
0 pings — 2026-04-16 T 33 pings — 2026-04-17 F 28 pings — 2026-04-18 S 61 pings — 2026-04-19 S 34 pings — 2026-04-20 M 7 pings — 2026-04-21 T 27 pings — 2026-04-22 W 42 pings — 2026-04-23 T 84 pings — 2026-04-24 F 96 pings — 2026-04-25 S 50 pings — 2026-04-26 S 29 pings — 2026-04-27 M 26 pings — 2026-04-28 T 47 pings — 2026-04-29 W 72 pings — 2026-04-30 T 124 pings — 2026-05-01 F 83 pings — 2026-05-02 S 67 pings — 2026-05-03 S 26 pings — 2026-05-04 M 27 pings — 2026-05-05 T 30 pings — 2026-05-06 W 108 pings — 2026-05-07 T 100 pings — 2026-05-08 F 194 pings — 2026-05-09 S 64 pings — 2026-05-10 S 23 pings — 2026-05-11 M 19 pings — 2026-05-12 T 34 pings — 2026-05-13 W 23 pings — Yesterday T 27 pings — Today F
Agents 27
ChatGPT 1Perplexity 1
ChatGPT 4Amazonbot 4Perplexity 2
Amazonbot 1.3kPerplexity 944ChatGPT 737Google 473Ahrefs 308Unknown AI 301Claude 173SEMrush 169Bing 39Majestic 37Meta AI 32Qwen 14DuckDuckGo 2
Most referenced — #security
CSRF Token Handling in Fetch & Axios 3create_function() — The Dynamic Code Smell 1Safe Mode — What It Was & Why It Failed 1Role-Based Access Control (RBAC) 1Authentication 1Hardcoded Credentials 1JWT Deep Dive 1password_verify() 1
2FA Bypass Techniques 3CSRF Token Handling in Fetch & Axios 2PHP End-of-Life Schedule & Security Implications 2Insecure Randomness 2API Authentication Patterns 2session_regenerate_id() 2password_hash() — Native Bcrypt (PHP 5.5) 1preg_replace /e Modifier (Removed) 1
Type Coercion 184password_hash() — Native Bcrypt (PHP 5.5) 161preg_replace /e Modifier (Removed) 149CSRF Token Handling in Fetch & Axios 111allow_url_fopen / allow_url_include 107Responsible Vulnerability Disclosure 73PHP End-of-Life Schedule & Security Implications 642FA Bypass Techniques 49
How they use it
crawler 4.2k crawler_json 251 pre-tracking 84
Tag total4.6k pings Terms pinged157 / 157 Distinct agents12
Sort A → Z Recently Added Recently Updated Difficulty Most Viewed Most Rated Most Shared
Level All Beginner Intermediate Advanced Tag: security
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
PHP End-of-Life Schedule & Security Implications PHP 5.0+
Each PHP minor version receives active support for 2 years and security-only fixes for 1 more year — running an EOL PHP version means no patches for discovered vulnerabilities.
2mo ago php beginner
preg_replace /e Modifier (Removed) PHP 3.0+
The /e modifier in preg_replace() evaluated the replacement as PHP code — removed in PHP 7.0. Any legacy code using it is a critical RCE vulnerability.
2mo ago security advanced
Prototype Chain Errors & hasOwnProperty ES2022
Iterating objects with for...in includes inherited prototype properties — use hasOwnProperty() or Object.keys() to iterate only own properties.
2mo ago javascript intermediate
register_globals Risk & Legacy Code PHP 3.0+
register_globals automatically created PHP variables from GET/POST/COOKIE data — removed in PHP 5.4. Legacy code using it is critically vulnerable to variable injection.
2mo ago security intermediate
Safe Mode Removal & Modern Alternatives PHP 4.0+
PHP's safe_mode was removed in PHP 5.4 — it provided false security. Modern alternatives are open_basedir, OS-level permissions, and containers.
2mo ago security intermediate
Stream Filter Injection via php:// wrapper PHP 5.0+
PHP stream wrappers (php://filter, php://input) combined with user-controlled filenames enable LFI-to-RCE escalation — never allow user input in file paths.
2mo ago security advanced
Type Coercion in Authentication Checks PHP 4.0+
PHP's loose comparison (==) coerces types — '0e123' == '0e456' (both 0 in scientific notation), and 0 == 'admin' — always use === for authentication comparisons.
2mo ago security advanced
Variable Variables ($$var) Risks PHP 3.0+
$$var creates a variable whose name is the value of $var — using it with user input allows arbitrary variable access/creation and is effectively a backdoor.
2mo ago security advanced
Client-Side Sanitisation ES2015
DOMPurify and the Sanitizer API remove dangerous HTML before insertion — complementing PHP's server-side htmlspecialchars for rich-text scenarios.
2mo ago javascript intermediate
CSRF Token Handling in Fetch & Axios ES2017
Including PHP-generated CSRF tokens in JavaScript requests — reading from meta tags or cookies and attaching to every state-changing request.
2mo ago javascript intermediate
2FA Bypass Techniques PHP 5.0+
Common ways attackers circumvent two-factor authentication — SIM swapping, real-time phishing proxies, SS7 attacks, backup code theft, and session cookie hijacking after authentication.
2mo ago security advanced
AI-Assisted Code Generation
Using LLMs to generate, complete, or refactor code — powerful for boilerplate and exploration but requiring review for correctness, security, and licence compliance.
2mo ago ai_ml intermediate
Diagram: API Abuse Prevention API Abuse Prevention PHP 5.0+
Techniques to detect and block bots, scrapers, credential stuffing, and automated abuse — beyond basic rate limiting to behavioural and intelligence-based controls.
2mo ago security advanced
API Authentication Patterns
Bearer tokens (JWT) for user sessions, API keys for machine-to-machine, mTLS for highest-security internal services — matching authentication method to the use case.
2mo ago api_design intermediate
API Key Lifecycle Management
Generating, distributing, rotating, and revoking API keys securely — covering scoping, expiry, audit logging, and emergency revocation procedures.
2mo ago security intermediate
Block Cipher Modes PHP 7.1+
How a block cipher (AES) processes data larger than one block — ECB is insecure, CBC requires a MAC, GCM provides authenticated encryption and is the correct choice.
2mo ago cryptography advanced
Business Logic Abuse
Exploiting flaws in application workflows rather than technical vulnerabilities — bypassing payment steps, abusing discount codes, manipulating quantity fields, or racing concurrent requests.
2mo ago security advanced
Cache-Timing Side-Channel Attacks PHP 5.6+
Attacks that infer secret information from response time differences — cached responses arrive faster than uncached ones, leaking whether a resource exists or a secret was correct.
2mo ago security advanced
Certificate Transparency Logs
Public append-only logs of all issued TLS certificates — enabling detection of misissuance and rogue certificates within hours rather than months.
2mo ago cryptography advanced
Cloud VPC & Networking
Virtual Private Cloud — private subnets for databases/workers, public subnets for load balancers only, security groups as stateful firewalls.
2mo ago cloud intermediate
✓ schema.org compliant