CodeClarityLab / Glossary
Ctrl K
← Home ← Codex ← DEBT
Browse by Category
+ added · updated 7d
⚖ Terms of Use

Tag: security

158 terms of 1463 total · page 1 of 8

🤖 AI Guestbook — #security educational data only
| |
Last 30 days
9 pings — 2026-05-05 T 10 pings — 2026-05-06 W 70 pings — 2026-05-07 T 58 pings — 2026-05-08 F 158 pings — 2026-05-09 S 54 pings — 2026-05-10 S 16 pings — 2026-05-11 M 13 pings — 2026-05-12 T 31 pings — 2026-05-13 W 18 pings — 2026-05-14 T 80 pings — 2026-05-15 F 22 pings — 2026-05-16 S 23 pings — 2026-05-17 S 34 pings — 2026-05-18 M 19 pings — 2026-05-19 T 33 pings — 2026-05-20 W 44 pings — 2026-05-21 T 62 pings — 2026-05-22 F 213 pings — 2026-05-23 S 25 pings — 2026-05-24 S 23 pings — 2026-05-25 M 28 pings — 2026-05-26 T 61 pings — 2026-05-27 W 158 pings — 2026-05-28 T 20 pings — 2026-05-29 F 29 pings — 2026-05-30 S 25 pings — 2026-05-31 S 33 pings — 2026-06-01 M 32 pings — Yesterday T 49 pings — Today W
Agents 49
ChatGPT 6Perplexity 4Amazonbot 4Google 2Claude 1
ChatGPT 2Google 2Claude 1
Amazonbot 1.3kChatGPT 1.1kPerplexity 978Google 518Ahrefs 461SEMrush 324Unknown AI 301Claude 221Meta AI 173Bing 138Majestic 43Scrapy 35Qwen 19Sogou 3DuckDuckGo 2
Most referenced — #security
Environment Variables 5password_verify() 3Input Validation vs Output Encoding 3Forward Secrecy 3CSRF Token Handling in Fetch & Axios 2Safe Mode — What It Was & Why It Failed 2PHP End-of-Life Schedule & Security Implications 2Defence in Depth 2
Double URL Encoding Bypass 2PHP Sessions 2Input Validation vs Output Encoding 2Forward Secrecy 2CSRF Token Handling in Fetch & Axios 1Authorisation 1Secret Rotation 1escapeshellarg() 1
Type Coercion 189password_hash() — Native Bcrypt (PHP 5.5) 171CSRF Token Handling in Fetch & Axios 163preg_replace /e Modifier (Removed) 157allow_url_fopen / allow_url_include 114Responsible Vulnerability Disclosure 78PHP End-of-Life Schedule & Security Implications 75extract() — Dangerous Variable Injection 63
How they use it
crawler 5k crawler_json 527 pre-tracking 84
Tag total5.6k pings Terms pinged158 / 158 Distinct agents14
Sort A → Z Recently Added Recently Updated Difficulty Most Viewed Most Rated Most Shared
Level All Beginner Intermediate Advanced Tag: security
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Forward Secrecy PHP 7.4+
A key-exchange property where ephemeral session keys are discarded after use, so a future compromise of long-term keys cannot decrypt past sessions.
CWE-327 OWASP A02:2021-Cryptographic Failures
3d ago cryptography advanced 5.9
Client-Side Template Injection (CSTI)
Attacker-controlled input rendered as a template expression by a client-side framework (AngularJS, Vue, Handlebars), executing JavaScript in the victim's browser.
CWE-1336 OWASP A3:2021
1mo ago security advanced 7.5
CSS Injection & Data Exfiltration via Stylesheets
Attacker-controlled CSS injected into a page or stylesheet that exfiltrates data via attribute selectors and `url()` callbacks, defaces UI, or enables phishing — all without a single line of JavaScript.
CWE-79 OWASP A3:2021
1mo ago security advanced 6.5
DOM Clobbering
Attack where injected HTML elements with controlled `id` or `name` attributes overwrite JavaScript globals or document properties, weaponising script-less HTML injection into code execution.
CWE-79 OWASP A3:2021
1mo ago security advanced 6.5
NoSQL Injection PHP 5.4+ 🧠 2
Attacker-controlled input embedded into NoSQL queries (MongoDB, Redis, Couchbase) that subverts query intent — bypassing auth, exfiltrating data, or executing server-side code.
CWE-943 OWASP A3:2021
1mo ago security intermediate 8.8
Server-Side Includes (SSI) Injection
Attacker-controlled SSI directives (`<!--#exec ... -->`) injected into pages parsed by Apache or another SSI-enabled server, achieving file disclosure or remote command execution.
CWE-97 OWASP A3:2021
1mo ago security intermediate 9.8
Software Composition Analysis (SCA)
The practice and tooling for identifying all open-source and third-party components in a codebase, detecting known vulnerabilities (CVEs) in them, and flagging licence risks — distinct from static analysis of your own code.
2mo ago security intermediate
Brute-Force Protection
Defences against automated credential-guessing attacks — rate limiting login attempts, account lockout, CAPTCHA, and multi-factor authentication to make guessing passwords computationally infeasible.
CWE-307 OWASP A7:2021
2mo ago security intermediate
HTTP Cookies in PHP PHP 7.3+
Cookies are small key-value pairs sent by the server via Set-Cookie and echoed back by the browser on every request — PHP sets them with setcookie() before any output, with Secure, HttpOnly, and SameSite flags controlling safety.
2mo ago php beginner
Insecure Deserialization
Deserializing attacker-controlled data can trigger arbitrary object construction and method calls — PHP's unserialize() with untrusted input enables remote code execution via gadget chains in the loaded class graph.
CWE-502 OWASP A8:2021
2mo ago security advanced
OAuth 2.0
An authorisation framework that lets users grant third-party applications limited access to their resources without sharing passwords — using short-lived access tokens issued via defined flows for different client types.
CWE-287 OWASP A7:2021
2mo ago security intermediate
Timing Attacks
Side-channel attacks that infer secret values by measuring how long an operation takes — a string comparison that short-circuits on the first mismatch leaks information about the secret one character at a time.
CWE-208
2mo ago security advanced
Dependency & Supply Chain Security
Protecting applications from malicious or vulnerable third-party packages — covering transitive dependencies, lock files, SRI hashes, CVE scanning, and supply chain attack vectors.
CWE-1357 OWASP A6:2021
2mo ago security intermediate
Mixed Content (HTTP on HTTPS)
When an HTTPS page loads resources (images, scripts, stylesheets) over HTTP — browsers block active mixed content and warn on passive, undermining the security of the HTTPS connection.
CWE-319
2mo ago security intermediate
Linux File Permissions
Read, write, and execute permissions assigned to owner, group, and others — the foundation of Linux access control for web application files.
CWE-732 OWASP A5:2021
2mo ago linux beginner 7.5
PDO query() vs prepare() PHP 5.1+
PDO query() executes raw SQL immediately — prepare() parameterises it. query() must never include user-controlled values.
CWE-89 OWASP A3:2021
2mo ago php beginner 9.8
PDO::ATTR_EMULATE_PREPARES PHP 5.1+
Controls whether PDO sends real prepared statements to the database or emulates them client-side in PHP.
CWE-89 OWASP A3:2021
2mo ago php intermediate
Diagram: AI Context Poisoning AI Context Poisoning 🧠 1
An adversarial technique where malicious instructions are injected into an LLM's context window — via user input, retrieved documents, or tool results — to hijack the model's behaviour.
2mo ago ai_ml advanced
Diagram: AI Guardrails AI Guardrails 🧠 1
Runtime constraints and safety filters applied around LLM calls to detect, block, or rewrite inputs and outputs that are harmful, off-topic, or policy-violating.
2mo ago ai_ml intermediate
Diagram: Prompt Injection Attack Prompt Injection Attack
An attack where crafted user input overrides or hijacks an LLM's system instructions, causing it to ignore its intended behaviour and follow attacker-supplied commands instead.
CWE-74 OWASP LLM01:2025
2mo ago ai_ml advanced
✓ schema.org compliant