CodeClarityLab / Glossary
Ctrl K
← Home ← Codex ← DEBT
Browse by Category
+ added · updated 7d
⚖ Terms of Use ✉ Contact

Tag: security

11 terms of 1466 total

Sort A → Z Recently Added Recently Updated Difficulty Most Viewed Most Rated Most Shared
Level All Beginner Intermediate Advanced Tag: security
✕ Clear A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
DOM Clobbering
Attack where injected HTML elements with controlled `id` or `name` attributes overwrite JavaScript globals or document properties, weaponising script-less HTML injection into code execution.
CWE-79 OWASP A3:2021
1mo ago security advanced 6.5
Dependency & Supply Chain Security
Protecting applications from malicious or vulnerable third-party packages — covering transitive dependencies, lock files, SRI hashes, CVE scanning, and supply chain attack vectors.
CWE-1357 OWASP A6:2021
2mo ago security intermediate
Double URL Encoding Bypass PHP 4.0+
Filters operating on URL-decoded input miss double-encoded payloads — %2527 decodes to %27 which decodes to ' — always decode completely before filtering.
2mo ago security advanced
Dependency Audit & CVE Scanning PHP 5.0+
Automated scanning of project dependencies for known vulnerabilities (CVEs) — composer audit, npm audit, and tools like Snyk run in CI to catch vulnerable packages before deployment.
3mo ago general intermediate
Dependency Confusion Attack PHP 5.0+
An attacker publishes a public package with the same name as a private internal package — package managers may fetch the malicious public version instead of the private one.
3mo ago security advanced
Dependency Management Philosophy PHP 5.3+
Every dependency is a liability — prefer few well-maintained packages; pin versions via composer.lock; audit regularly.
3mo ago general intermediate
Deserialization Gadget Chains PHP 5.0+
PHP object injection exploits that chain existing class methods (__wakeup, __destruct, __toString) to achieve remote code execution when unserialize() processes attacker-controlled data.
3mo ago security advanced
DSN Security & Connection String Secrets PHP 5.0+
Database credentials in connection strings must never be hardcoded — use environment variables or secrets managers, least-privilege users, and never log DSNs.
3mo ago database intermediate
Diagram: Defence in Depth Defence in Depth PHP 5.0+
Layering multiple independent security controls so that bypassing one does not compromise the whole system.
3mo ago general intermediate
Diagram: Digital Signatures Digital Signatures PHP 5.0+ 🧠 5
Cryptographic proof that data was created by the holder of a private key and has not been altered — providing authentication, integrity, and non-repudiation.
3mo ago cryptography advanced
Dynamic Analysis (DAST)
Testing a running application by sending crafted inputs to discover vulnerabilities that only manifest at runtime.
3mo ago general intermediate
✓ schema.org compliant