CodeClarityLab / Glossary
Ctrl K
← CodeClarityLab Home
Browse by Category
+ added · updated 7d
⚖ Terms of Use

Tag: security

157 terms of 1445 total · page 1 of 8

🤖 AI Guestbook — #security educational data only
| |
Last 30 days
17 pings — 2026-04-10 F 32 pings — 2026-04-11 S 34 pings — 2026-04-12 S 36 pings — 2026-04-13 M 11 pings — 2026-04-14 T 2 pings — 2026-04-15 W 1 ping — 2026-04-16 T 45 pings — 2026-04-17 F 39 pings — 2026-04-18 S 89 pings — 2026-04-19 S 45 pings — 2026-04-20 M 9 pings — 2026-04-21 T 36 pings — 2026-04-22 W 56 pings — 2026-04-23 T 95 pings — 2026-04-24 F 112 pings — 2026-04-25 S 56 pings — 2026-04-26 S 30 pings — 2026-04-27 M 37 pings — 2026-04-28 T 49 pings — 2026-04-29 W 73 pings — 2026-04-30 T 131 pings — 2026-05-01 F 102 pings — 2026-05-02 S 85 pings — 2026-05-03 S 38 pings — 2026-05-04 M 28 pings — 2026-05-05 T 30 pings — 2026-05-06 W 108 pings — 2026-05-07 T 100 pings — Yesterday F 108 pings — Today S
Agents 108
Amazonbot 19Perplexity 7ChatGPT 4
Amazonbot 14ChatGPT 13Perplexity 11Google 3
Amazonbot 1.2kPerplexity 931ChatGPT 699Google 462Unknown AI 301Ahrefs 298SEMrush 147Claude 140Majestic 37Meta AI 16Qwen 12Bing 6DuckDuckGo 2
Most referenced — #security
AI-Assisted Code Generation 3Container Security 2PHP Sessions 2HTTPS & TLS 2Authentication 2Cache-Timing Side-Channel Attacks 2Static Analysis 2AI Security 2
CSRF Token Handling in Fetch & Axios 7preg_replace /e Modifier (Removed) 5XML Signature Wrapping (XSW) 4allow_url_fopen / allow_url_include 3Rainbow Table 3Container Security 2Variable Variables ($$var) Risks 2PHP End-of-Life Schedule & Security Implications 2
Type Coercion 183password_hash() — Native Bcrypt (PHP 5.5) 158preg_replace /e Modifier (Removed) 140allow_url_fopen / allow_url_include 104CSRF Token Handling in Fetch & Axios 97Responsible Vulnerability Disclosure 68PHP End-of-Life Schedule & Security Implications 572FA Bypass Techniques 46
How they use it
crawler 4k crawler_json 217 pre-tracking 84
Tag total4.3k pings Terms pinged157 / 157 Distinct agents12
Sort A → Z Recently Added Recently Updated Difficulty Most Viewed Most Rated Most Shared
Level All Beginner Intermediate Advanced Tag: security
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Client-Side Template Injection (CSTI)
Attacker-controlled input rendered as a template expression by a client-side framework (AngularJS, Vue, Handlebars), executing JavaScript in the victim's browser.
CWE-1336 OWASP A3:2021
2w ago security advanced 7.5
CSS Injection & Data Exfiltration via Stylesheets
Attacker-controlled CSS injected into a page or stylesheet that exfiltrates data via attribute selectors and `url()` callbacks, defaces UI, or enables phishing — all without a single line of JavaScript.
CWE-79 OWASP A3:2021
2w ago security advanced 6.5
DOM Clobbering
Attack where injected HTML elements with controlled `id` or `name` attributes overwrite JavaScript globals or document properties, weaponising script-less HTML injection into code execution.
CWE-79 OWASP A3:2021
2w ago security advanced 6.5
NoSQL Injection PHP 5.4+
Attacker-controlled input embedded into NoSQL queries (MongoDB, Redis, Couchbase) that subverts query intent — bypassing auth, exfiltrating data, or executing server-side code.
CWE-943 OWASP A3:2021
2w ago security intermediate 8.8
Server-Side Includes (SSI) Injection
Attacker-controlled SSI directives (`<!--#exec ... -->`) injected into pages parsed by Apache or another SSI-enabled server, achieving file disclosure or remote command execution.
CWE-97 OWASP A3:2021
2w ago security intermediate 9.8
Software Composition Analysis (SCA)
The practice and tooling for identifying all open-source and third-party components in a codebase, detecting known vulnerabilities (CVEs) in them, and flagging licence risks — distinct from static analysis of your own code.
3w ago security intermediate
Brute-Force Protection
Defences against automated credential-guessing attacks — rate limiting login attempts, account lockout, CAPTCHA, and multi-factor authentication to make guessing passwords computationally infeasible.
CWE-307 OWASP A7:2021
4w ago security intermediate
HTTP Cookies in PHP PHP 7.3+
Cookies are small key-value pairs sent by the server via Set-Cookie and echoed back by the browser on every request — PHP sets them with setcookie() before any output, with Secure, HttpOnly, and SameSite flags controlling safety.
4w ago php beginner
Insecure Deserialization
Deserializing attacker-controlled data can trigger arbitrary object construction and method calls — PHP's unserialize() with untrusted input enables remote code execution via gadget chains in the loaded class graph.
CWE-502 OWASP A8:2021
4w ago security advanced
OAuth 2.0
An authorisation framework that lets users grant third-party applications limited access to their resources without sharing passwords — using short-lived access tokens issued via defined flows for different client types.
CWE-287 OWASP A7:2021
4w ago security intermediate
Timing Attacks
Side-channel attacks that infer secret values by measuring how long an operation takes — a string comparison that short-circuits on the first mismatch leaks information about the secret one character at a time.
CWE-208
4w ago security advanced
Dependency & Supply Chain Security
Protecting applications from malicious or vulnerable third-party packages — covering transitive dependencies, lock files, SRI hashes, CVE scanning, and supply chain attack vectors.
CWE-1357 OWASP A6:2021
1mo ago security intermediate
Mixed Content (HTTP on HTTPS)
When an HTTPS page loads resources (images, scripts, stylesheets) over HTTP — browsers block active mixed content and warn on passive, undermining the security of the HTTPS connection.
CWE-319
1mo ago security intermediate
Linux File Permissions
Read, write, and execute permissions assigned to owner, group, and others — the foundation of Linux access control for web application files.
CWE-732 OWASP A5:2021
1mo ago linux beginner 7.5
PDO query() vs prepare() PHP 5.1+
PDO query() executes raw SQL immediately — prepare() parameterises it. query() must never include user-controlled values.
CWE-89 OWASP A3:2021
1mo ago php beginner 9.8
PDO::ATTR_EMULATE_PREPARES PHP 5.1+
Controls whether PDO sends real prepared statements to the database or emulates them client-side in PHP.
CWE-89 OWASP A3:2021
1mo ago php intermediate
Diagram: AI Context Poisoning AI Context Poisoning
An adversarial technique where malicious instructions are injected into an LLM's context window — via user input, retrieved documents, or tool results — to hijack the model's behaviour.
1mo ago ai_ml advanced
Diagram: AI Guardrails AI Guardrails
Runtime constraints and safety filters applied around LLM calls to detect, block, or rewrite inputs and outputs that are harmful, off-topic, or policy-violating.
1mo ago ai_ml intermediate
Diagram: Prompt Injection Attack Prompt Injection Attack
An attack where crafted user input overrides or hijacks an LLM's system instructions, causing it to ignore its intended behaviour and follow attacker-supplied commands instead.
CWE-74 OWASP LLM01:2025
1mo ago ai_ml advanced
Diagram: OAuth 2.0 PKCE — Proof Key for Code Exchange OAuth 2.0 PKCE — Proof Key for Code Exchange PHP 7.0+
An OAuth 2.0 extension that prevents authorisation code interception attacks in public clients (SPAs, mobile apps) by binding each authorisation request to a cryptographic secret the client generates.
2mo ago cryptography intermediate
✓ schema.org compliant