Security terms
Security vulnerabilities do not announce themselves — they wait quietly in code that looks perfectly fine on the surface. This category covers attack vectors, defensive techniques, secure coding practices, and the mental models that help you think like an attacker before one finds you. From SQL injection and XSS to authentication flaws and cryptographic pitfalls, understanding these terms is not optional — it is professional responsibility.
More on Security
History
Software security emerged as a formal discipline in the 1970s–80s as computing systems became interconnected and targets for malicious actors; early work focused on access control, cryptography, and authentication mechanisms. The 2000s saw explosive growth in web-based applications, spurring widespread awareness of injection attacks, cross-site scripting, and broken authentication—codified in frameworks like OWASP's Top 10. The rise of cloud computing, APIs, and microservices in the 2010s shifted the security landscape toward supply chain vulnerabilities, container security, and DevSecOps integration. Today, security is embedded throughout the software development lifecycle rather than bolted on at the end, with threat modeling, secure coding practices, and continuous vulnerability scanning now standard in mature organizations. The field continues to evolve in response to emerging attack vectors, regulatory requirements (GDPR, SOC 2), and the increasing sophistication of adversaries.
Key concepts
- Authentication
- Authorisation
- Cross-Site Scripting (XSS)
- Cross-Site Request Forgery (CSRF)
- Insecure Direct Object Reference (IDOR)
- Broken Access Control
- HTTPS & TLS
Best references
-
OWASP Top 10 The definitive industry standard for the ten most critical web application security risks. Essential for understanding attack vectors like XSS, CSRF, broken authentication, and injection flaws covered throughout this category.
-
CWE/SANS Top 25 Most Dangerous Software Weaknesses Authoritative enumeration of the most impactful software weaknesses from a root-cause perspective. Directly maps to many terms in this category including deserialization, injection, and access control flaws.
-
CVSS v3.1 Specification The standard framework for assessing vulnerability severity. Essential reference for understanding how security issues are quantified and prioritized in the industry.
-
RFC 5234 & RFC 7230-7235 (HTTP/1.1 & Security Headers) Canonical specifications for HTTP protocol semantics and security header definitions. Authoritative source for understanding HSTS, CSP, CORS, and cookie security attributes.
-
NIST Cybersecurity Framework Government-backed guidance on risk management and security controls. Provides structured context for defensive security practices and the organizational principles behind vulnerability prevention.
Typed relationships here
Edges touching a Security term. How edges work →
- Client-Side Sanitisation Mitigates Cross-Site Scripting (XSS) 3h
- Client-Side Sanitisation Mitigates DOM-Based XSS 3h
- XML Injection Often seen in Attack Chain / Cyber Kill Chain 10h
- Digital Signatures Alternative to HMAC (Hash-based Message Authentication Code) 2d
- Weak Password Hash Causes Account Takeover (ATO) 2d