[{"data":1,"prerenderedAt":565},["ShallowReactive",2],{"category-security":3},[4,10,16,21,25,29,33,37,42,47,51,55,59,63,67,71,75,79,83,87,92,96,100,104,108,112,116,120,124,128,132,137,141,145,149,153,157,161,165,169,173,177,181,185,189,193,197,201,205,209,213,217,222,226,229,233,237,241,245,249,253,258,261,265,269,273,277,281,285,289,293,297,301,305,309,313,317,321,325,329,333,337,341,345,349,353,357,361,365,369,373,377,381,385,389,393,397,401,405,409,413,417,421,425,430,434,438,442,446,450,454,458,462,466,470,474,478,482,486,490,494,498,502,507,511,514,518,522,526,530,534,538,542,546,549,553,557,561],{"title":5,"path":6,"acronym":5,"category":7,"difficulty":8,"description":9},"2FA","\u002Fterms\u002F2\u002F2fa","security","beginner","2FA is short for Two-Factor Authentication. Two locks instead of one. Password plus a code from your phone (or a hardware key).",{"title":11,"path":12,"acronym":13,"category":7,"difficulty":14,"description":15},"AI Red Teaming","\u002Fterms\u002Fa\u002Fai-red-teaming",null,"advanced","AI red teaming is probing AI systems for failures, jailbreaks, and safety bypasses before deployment — break it so users can't.",{"title":17,"path":18,"acronym":13,"category":7,"difficulty":19,"description":20},"API Key Rotation","\u002Fterms\u002Fa\u002Fapi-key-rotation","intermediate","API Key Rotation is regularly replacing your API keys with new ones. Like changing passwords, but for machine-to-machine authentication.",{"title":22,"path":23,"acronym":13,"category":7,"difficulty":19,"description":24},"API Security","\u002Fterms\u002Fa\u002Fapi-security","API security is protecting your APIs from abuse, data leaks, and unauthorized access. It covers authentication (who are you?), authorization (can you do th",{"title":26,"path":27,"acronym":13,"category":7,"difficulty":8,"description":28},"Access Token","\u002Fterms\u002Fa\u002Faccess-token","An Access Token is your short-lived pass to access an API. It proves you're authenticated and what you're allowed to do.",{"title":30,"path":31,"acronym":13,"category":7,"difficulty":19,"description":32},"Asymmetric Encryption","\u002Fterms\u002Fa\u002Fasymmetric-encryption","Asymmetric encryption uses two different keys — one to lock (public key), one to unlock (private key).",{"title":34,"path":35,"acronym":13,"category":7,"difficulty":19,"description":36},"Auth0","\u002Fterms\u002Fa\u002Fauth0","Auth0 is the auth service that enterprise companies pay for because it has compliance checkboxes, SAML, and an SLA.",{"title":38,"path":39,"acronym":40,"category":7,"difficulty":8,"description":41},"Authentication","\u002Fterms\u002Fa\u002Fauthentication","AuthN","Authentication is proving you are who you say you are.",{"title":43,"path":44,"acronym":45,"category":7,"difficulty":8,"description":46},"Authorization","\u002Fterms\u002Fa\u002Fauthorization","AuthZ","Authorization is deciding what you're allowed to do after you've proven who you are.",{"title":48,"path":49,"acronym":13,"category":7,"difficulty":19,"description":50},"Bcrypt","\u002Fterms\u002Fb\u002Fbcrypt","Bcrypt is the gold-standard password hasher that's intentionally slow.",{"title":52,"path":53,"acronym":13,"category":7,"difficulty":8,"description":54},"Biometric","\u002Fterms\u002Fb\u002Fbiometric","Biometric authentication uses your body as your password — fingerprint, face, iris scan.",{"title":56,"path":57,"acronym":13,"category":7,"difficulty":19,"description":58},"Bot Detection","\u002Fterms\u002Fb\u002Fbot-detection","Bot Detection figures out if a visitor is a human or a robot. Good bots (Googlebot) are welcome. Bad bots (scrapers, credential stuffers) get blocked.",{"title":60,"path":61,"acronym":13,"category":7,"difficulty":8,"description":62},"Brute Force","\u002Fterms\u002Fb\u002Fbrute-force","Brute force is the dumbest but sometimes effective hacking technique — just try every possible password until one works. No creativity needed.",{"title":64,"path":65,"acronym":13,"category":7,"difficulty":8,"description":66},"Bug Bounty","\u002Fterms\u002Fb\u002Fbug-bounty","A bug bounty program pays ethical hackers to find security vulnerabilities in your product.",{"title":68,"path":69,"acronym":13,"category":7,"difficulty":8,"description":70},"CAPTCHA","\u002Fterms\u002Fc\u002Fcaptcha","CAPTCHA is that annoying 'select all traffic lights' test that proves you're human.",{"title":72,"path":73,"acronym":72,"category":7,"difficulty":19,"description":74},"CORS","\u002Fterms\u002Fc\u002Fcors","CORS (Cross-Origin Resource Sharing) is the browser's built-in protection that prevents random websites from making API calls to your backend using the vis...",{"title":76,"path":77,"acronym":76,"category":7,"difficulty":19,"description":78},"CSP","\u002Fterms\u002Fc\u002Fcsp","CSP stands for Content Security Policy.",{"title":80,"path":81,"acronym":80,"category":7,"difficulty":19,"description":82},"CSRF","\u002Fterms\u002Fc\u002Fcsrf","CSRF (Cross-Site Request Forgery) is when a bad website hijacks your logged-in session on a good website to do things you didn't ask for.",{"title":84,"path":85,"acronym":13,"category":7,"difficulty":19,"description":86},"Certificate","\u002Fterms\u002Fc\u002Fcertificate","A certificate is a digital ID card for a website, signed by a trusted authority.",{"title":88,"path":89,"acronym":90,"category":7,"difficulty":19,"description":91},"Certificate Authority","\u002Fterms\u002Fc\u002Fcertificate-authority","CA","A Certificate Authority is like the DMV of the internet — a trusted organization that vouches for websites' identities.",{"title":93,"path":94,"acronym":13,"category":7,"difficulty":14,"description":95},"Certificate Pinning","\u002Fterms\u002Fc\u002Fcertificate-pinning","Certificate Pinning means your app only trusts a SPECIFIC certificate, not any cert signed by a trusted CA.",{"title":97,"path":98,"acronym":13,"category":7,"difficulty":8,"description":99},"Clerk","\u002Fterms\u002Fc\u002Fclerk","Clerk is auth for developers who hate building auth UI.",{"title":101,"path":102,"acronym":13,"category":7,"difficulty":19,"description":103},"Command Injection","\u002Fterms\u002Fc\u002Fcommand-injection","Command injection is like SQL injection but worse — instead of attacking your database, the hacker injects shell commands that run on your actual server.",{"title":105,"path":106,"acronym":13,"category":7,"difficulty":8,"description":107},"Compliance","\u002Fterms\u002Fc\u002Fcompliance","Compliance means following the rules — legal, industry, or governmental standards that say how you must handle data and security.",{"title":109,"path":110,"acronym":13,"category":7,"difficulty":19,"description":111},"Container Scanning","\u002Fterms\u002Fc\u002Fcontainer-scanning","Container Scanning checks your Docker images for known vulnerabilities in OS packages, libraries, and misconfigurations.",{"title":113,"path":114,"acronym":76,"category":7,"difficulty":19,"description":115},"Content Security Policy","\u002Fterms\u002Fc\u002Fcontent-security-policy","Content Security Policy is an HTTP header that tells the browser exactly where it's allowed to load scripts, images, and other resources from.",{"title":117,"path":118,"acronym":13,"category":7,"difficulty":19,"description":119},"Content Security Policy Headers","\u002Fterms\u002Fc\u002Fcontent-security-policy-headers","CSP tells the browser exactly where scripts, styles, images, and other resources are allowed to load from. If a hacker injects a script pointing to evil.",{"title":121,"path":122,"acronym":13,"category":7,"difficulty":14,"description":123},"Cosign","\u002Fterms\u002Fc\u002Fcosign","Cosign is the tool for signing container images, SBOMs, and other artifacts. It's part of the Sigstore project and makes image signing as easy as 'cosign s",{"title":125,"path":126,"acronym":13,"category":7,"difficulty":19,"description":127},"Credential Rotation","\u002Fterms\u002Fc\u002Fcredential-rotation","Credential Rotation is the practice of regularly changing ALL your secrets — database passwords, API keys, certificates, tokens.",{"title":129,"path":130,"acronym":80,"category":7,"difficulty":19,"description":131},"Cross-Site Request Forgery","\u002Fterms\u002Fc\u002Fcross-site-request-forgery","CSRF tricks your browser into making requests to another site while you're logged in.",{"title":133,"path":134,"acronym":135,"category":7,"difficulty":19,"description":136},"Cross-Site Scripting","\u002Fterms\u002Fc\u002Fcross-site-scripting","XSS","XSS is when a hacker sneaks their own JavaScript into your website so it runs in other people's browsers.",{"title":138,"path":139,"acronym":13,"category":7,"difficulty":19,"description":140},"DAST","\u002Fterms\u002Fd\u002Fdast","DAST attacks your running application to find vulnerabilities — like hiring a friendly hacker to poke at your website.",{"title":142,"path":143,"acronym":142,"category":7,"difficulty":8,"description":144},"DDoS","\u002Fterms\u002Fd\u002Fddos","DDoS (Distributed Denial of Service) is when thousands of computers flood your server with so much fake traffic that it can't handle real users.",{"title":146,"path":147,"acronym":13,"category":7,"difficulty":19,"description":148},"DDoS Mitigation","\u002Fterms\u002Fd\u002Fddos-mitigation","DDoS Mitigation protects your site from being overwhelmed by millions of fake requests.",{"title":150,"path":151,"acronym":13,"category":7,"difficulty":8,"description":152},"Decryption","\u002Fterms\u002Fd\u002Fdecryption","Decryption is using the secret decoder ring to turn scrambled gibberish back into a readable message.",{"title":154,"path":155,"acronym":13,"category":7,"difficulty":8,"description":156},"Defense in Depth","\u002Fterms\u002Fd\u002Fdefense-in-depth","Defense in Depth means layering multiple security measures so if one fails, others catch the threat.",{"title":158,"path":159,"acronym":13,"category":7,"difficulty":14,"description":160},"Dependency Confusion","\u002Fterms\u002Fd\u002Fdependency-confusion","Dependency Confusion tricks package managers into downloading a malicious public package instead of your private one.",{"title":162,"path":163,"acronym":13,"category":7,"difficulty":19,"description":164},"DevSecOps","\u002Fterms\u002Fd\u002Fdevsecops","DevSecOps is the philosophy that security isn't something you bolt on at the end — it's baked into every step of development.",{"title":166,"path":167,"acronym":13,"category":7,"difficulty":14,"description":168},"Device Flow","\u002Fterms\u002Fd\u002Fdevice-flow","Device Flow is OAuth for devices without a browser or keyboard — smart TVs, CLI tools, IoT devices. The device shows you a code, you go to a URL on your ph",{"title":170,"path":171,"acronym":13,"category":7,"difficulty":8,"description":172},"Encoding","\u002Fterms\u002Fe\u002Fencoding","Encoding is converting data into a different format for safe transport or storage — not for security, but to prevent misinterpretation.",{"title":174,"path":175,"acronym":13,"category":7,"difficulty":8,"description":176},"Encryption","\u002Fterms\u002Fe\u002Fencryption","Encryption is scrambling your message into gibberish so only someone with the secret decoder ring can read it.",{"title":178,"path":179,"acronym":13,"category":7,"difficulty":14,"description":180},"Envelope Encryption","\u002Fterms\u002Fe\u002Fenvelope-encryption","Envelope Encryption is a two-key system: you encrypt your data with a 'data key,' then encrypt that data key with a 'master key.",{"title":182,"path":183,"acronym":13,"category":7,"difficulty":8,"description":184},"Escape","\u002Fterms\u002Fe\u002Fescape","Escaping means converting special characters into their safe equivalents before putting them in HTML, SQL, or a shell command.",{"title":186,"path":187,"acronym":13,"category":7,"difficulty":8,"description":188},"Exploit","\u002Fterms\u002Fe\u002Fexploit","An exploit is the actual tool or technique used to take advantage of a vulnerability.",{"title":190,"path":191,"acronym":13,"category":7,"difficulty":14,"description":192},"FIDO2","\u002Fterms\u002Ff\u002Ffido2","FIDO2 is the whole framework that makes passwordless authentication work — WebAuthn (browser side) plus CTAP (authenticator side).",{"title":194,"path":195,"acronym":13,"category":7,"difficulty":14,"description":196},"Falco","\u002Fterms\u002Ff\u002Ffalco","Falco is a runtime security tool that watches system calls in your Kubernetes cluster.",{"title":198,"path":199,"acronym":13,"category":7,"difficulty":19,"description":200},"Feature Policy","\u002Fterms\u002Ff\u002Ffeature-policy","Feature Policy (now Permissions Policy) controls which browser features your site and embedded iframes can use. Block camera access? Disable geolocation?",{"title":202,"path":203,"acronym":13,"category":7,"difficulty":8,"description":204},"Firebase Auth","\u002Fterms\u002Ff\u002Ffirebase-auth","Firebase Auth is Google's 'just add authentication' service. Email\u002Fpassword, Google login, Apple sign-in, phone verification — it handles all of it so you ",{"title":206,"path":207,"acronym":13,"category":7,"difficulty":19,"description":208},"Firestore Rules","\u002Fterms\u002Ff\u002Ffirestore-rules","Firestore Rules are like a very picky nightclub bouncer who checks not just your ID, but also whether you're on the guest list, wearing the right shoes, an",{"title":210,"path":211,"acronym":13,"category":7,"difficulty":19,"description":212},"Fork Bomb","\u002Fterms\u002Ff\u002Ffork-bomb","A fork bomb is a program that endlessly copies itself until it eats all system resources and crashes the machine.",{"title":214,"path":215,"acronym":214,"category":7,"difficulty":8,"description":216},"GDPR","\u002Fterms\u002Fg\u002Fgdpr","GDPR (General Data Protection Regulation) is the EU's big rulebook for protecting people's personal data.",{"title":218,"path":219,"acronym":220,"category":7,"difficulty":14,"description":221},"HSM","\u002Fterms\u002Fh\u002Fhsm","Hardware Security Module","HSM stands for Hardware Security Module — a tamper-proof physical device that manages cryptographic keys. If someone tries to open it, the keys self-destru",{"title":223,"path":224,"acronym":223,"category":7,"difficulty":19,"description":225},"HSTS","\u002Fterms\u002Fh\u002Fhsts","HSTS (HTTP Strict Transport Security) tells the browser 'this site is ALWAYS HTTPS, never even try HTTP.",{"title":220,"path":227,"acronym":13,"category":7,"difficulty":14,"description":228},"\u002Fterms\u002Fh\u002Fhardware-security-module","An HSM is a physical device that generates, stores, and uses cryptographic keys without ever exposing them.",{"title":230,"path":231,"acronym":13,"category":7,"difficulty":14,"description":232},"HashiCorp Vault","\u002Fterms\u002Fh\u002Fhashicorp-vault","HashiCorp Vault is a fortress for your secrets.",{"title":234,"path":235,"acronym":13,"category":7,"difficulty":8,"description":236},"Hashing","\u002Fterms\u002Fh\u002Fhashing","Hashing is a one-way blender for data. You throw a password in, it spits out a weird string of letters and numbers, and there's no way to reverse it.",{"title":238,"path":239,"acronym":13,"category":7,"difficulty":14,"description":240},"Homomorphic Encryption","\u002Fterms\u002Fh\u002Fhomomorphic-encryption","Homomorphic Encryption lets you do math on encrypted data WITHOUT decrypting it.",{"title":242,"path":243,"acronym":13,"category":7,"difficulty":14,"description":244},"Image Signing","\u002Fterms\u002Fi\u002Fimage-signing","Image Signing is like putting a wax seal on your Docker images.",{"title":246,"path":247,"acronym":13,"category":7,"difficulty":8,"description":248},"Input Validation","\u002Fterms\u002Fi\u002Finput-validation","Input validation is checking that user input is what you expect before using it.",{"title":250,"path":251,"acronym":13,"category":7,"difficulty":19,"description":252},"JWT Security","\u002Fterms\u002Fj\u002Fjwt-security","JWT Security is about not screwing up JSON Web Tokens.",{"title":254,"path":255,"acronym":256,"category":7,"difficulty":19,"description":257},"KMS","\u002Fterms\u002Fk\u002Fkms","Key Management Service","KMS is the cloud service that holds your encryption keys in a hardware vault and does crypto operations for you. Need to encrypt something? Send it to KMS.",{"title":256,"path":259,"acronym":13,"category":7,"difficulty":14,"description":260},"\u002Fterms\u002Fk\u002Fkey-management-service","A Key Management Service (KMS) manages your encryption keys so you don't have to.",{"title":262,"path":263,"acronym":13,"category":7,"difficulty":19,"description":264},"Lucia Auth","\u002Fterms\u002Fl\u002Flucia-auth","Lucia Auth is the 'I want to understand my auth' library.",{"title":266,"path":267,"acronym":266,"category":7,"difficulty":8,"description":268},"MD5","\u002Fterms\u002Fm\u002Fmd5","MD5 is the old grandpa hash algorithm — fast, but full of holes.",{"title":270,"path":271,"acronym":270,"category":7,"difficulty":8,"description":272},"MFA","\u002Fterms\u002Fm\u002Fmfa","MFA stands for Multi-Factor Authentication. It's the umbrella term for requiring multiple proofs of identity. 2FA is MFA with exactly two factors.",{"title":274,"path":275,"acronym":274,"category":7,"difficulty":19,"description":276},"MITM","\u002Fterms\u002Fm\u002Fmitm","MITM stands for Man-in-the-Middle. An attacker silently sits between your browser and the server, eavesdropping on everything.",{"title":278,"path":279,"acronym":13,"category":7,"difficulty":8,"description":280},"Magic Link","\u002Fterms\u002Fm\u002Fmagic-link","A login method where they email you a special link instead of asking for a password. Click the link, you're in.",{"title":282,"path":283,"acronym":274,"category":7,"difficulty":19,"description":284},"Man-in-the-Middle","\u002Fterms\u002Fm\u002Fman-in-the-middle","A man-in-the-middle attack is when a hacker secretly sits between you and the website you're talking to, reading and possibly changing everything you send...",{"title":286,"path":287,"acronym":13,"category":7,"difficulty":14,"description":288},"Microsegmentation","\u002Fterms\u002Fm\u002Fmicrosegmentation","Microsegmentation is network segmentation dialed up to 11. Instead of segmenting by subnet, you create rules for EVERY workload.",{"title":290,"path":291,"acronym":13,"category":7,"difficulty":14,"description":292},"Model Inversion","\u002Fterms\u002Fm\u002Fmodel-inversion","Model inversion is reconstructing training data from a trained ML model — the privacy attack that makes ML teams sweat.",{"title":294,"path":295,"acronym":270,"category":7,"difficulty":8,"description":296},"Multi-Factor Authentication","\u002Fterms\u002Fm\u002Fmulti-factor-authentication","MFA is like 2FA but can use more than two factors. Three locks instead of two.",{"title":298,"path":299,"acronym":13,"category":7,"difficulty":19,"description":300},"Network Segmentation","\u002Fterms\u002Fn\u002Fnetwork-segmentation","Network Segmentation divides your network into isolated zones. The web servers can't talk to the database directly.",{"title":302,"path":303,"acronym":13,"category":7,"difficulty":19,"description":304},"NextAuth","\u002Fterms\u002Fn\u002Fnextauth","NextAuth is the 'build your own auth but with guardrails' option.",{"title":306,"path":307,"acronym":13,"category":7,"difficulty":19,"description":308},"OAuth Scopes","\u002Fterms\u002Fo\u002Foauth-scopes","OAuth Scopes define what an app is allowed to do with your account. 'Read your email' is a scope. 'Send email on your behalf' is another.",{"title":310,"path":311,"acronym":13,"category":7,"difficulty":14,"description":312},"OAuth2 Proxy","\u002Fterms\u002Fo\u002Foauth2-proxy","OAuth2 Proxy sits in front of your app and says 'not logged in? go authenticate first.",{"title":314,"path":315,"acronym":314,"category":7,"difficulty":8,"description":316},"OWASP","\u002Fterms\u002Fo\u002Fowasp","OWASP (Open Web Application Security Project) is the internet's biggest security club.",{"title":318,"path":319,"acronym":13,"category":7,"difficulty":19,"description":320},"OWASP API Top 10","\u002Fterms\u002Fo\u002Fowasp-api-top-10","The OWASP API Top 10 is a cheat sheet of the most common ways APIs get hacked.",{"title":322,"path":323,"acronym":13,"category":7,"difficulty":8,"description":324},"OWASP Top 10","\u002Fterms\u002Fo\u002Fowasp-top-10","The OWASP Top 10 is the security industry's greatest hits of web vulnerabilities — the 10 most common, dangerous ways apps get hacked.",{"title":326,"path":327,"acronym":326,"category":7,"difficulty":19,"description":328},"PCI DSS","\u002Fterms\u002Fp\u002Fpci-dss","PCI DSS is the security standard you must follow if you handle credit card data.",{"title":330,"path":331,"acronym":13,"category":7,"difficulty":14,"description":332},"PKCE","\u002Fterms\u002Fp\u002Fpkce","PKCE (pronounced 'pixy') prevents someone from stealing your OAuth authorization code and using it.",{"title":334,"path":335,"acronym":13,"category":7,"difficulty":19,"description":336},"Passkey","\u002Fterms\u002Fp\u002Fpasskey","Passkeys replace passwords with biometrics (fingerprint, face) or device PINs. No more 'Forgot password?",{"title":338,"path":339,"acronym":13,"category":7,"difficulty":19,"description":340},"Passkeys","\u002Fterms\u002Fp\u002Fpasskeys","Passkeys replace passwords with your fingerprint, face, or device PIN. No more remembering 'P@ssw0rd123!' — your phone or laptop IS your password.",{"title":342,"path":343,"acronym":13,"category":7,"difficulty":19,"description":344},"Passport.js","\u002Fterms\u002Fp\u002Fpassport-js","Passport.js is the oldest auth library still standing in Node.js.",{"title":346,"path":347,"acronym":13,"category":7,"difficulty":8,"description":348},"Password Manager","\u002Fterms\u002Fp\u002Fpassword-manager","A password manager remembers all your passwords so you don't have to reuse the same one everywhere.",{"title":350,"path":351,"acronym":13,"category":7,"difficulty":19,"description":352},"Penetration Testing","\u002Fterms\u002Fp\u002Fpenetration-testing","Penetration testing (pentesting) is hiring ethical hackers to try to break into your own systems before the real bad guys do.",{"title":354,"path":355,"acronym":13,"category":7,"difficulty":19,"description":356},"Pentest","\u002Fterms\u002Fp\u002Fpentest","Pentest is just short for penetration testing — the art of ethically hacking your own systems to find weaknesses.",{"title":358,"path":359,"acronym":13,"category":7,"difficulty":19,"description":360},"Permissions Policy","\u002Fterms\u002Fp\u002Fpermissions-policy","Permissions Policy is Feature Policy's newer, better version. Same concept — control which browser features your site can use.",{"title":362,"path":363,"acronym":13,"category":7,"difficulty":8,"description":364},"Phishing","\u002Fterms\u002Fp\u002Fphishing","Phishing is when hackers pretend to be someone you trust — your bank, your boss, Google — to trick you into giving up your password or clicking a bad link.",{"title":366,"path":367,"acronym":13,"category":7,"difficulty":8,"description":368},"Principle of Least Privilege","\u002Fterms\u002Fp\u002Fprinciple-of-least-privilege","Principle of Least Privilege means everyone and everything gets only the MINIMUM access needed to do their job. The intern doesn't get admin access.",{"title":370,"path":371,"acronym":13,"category":7,"difficulty":19,"description":372},"Private Key","\u002Fterms\u002Fp\u002Fprivate-key","A private key is the secret key that only YOU keep. It can decrypt messages encrypted with your public key, or sign messages to prove they came from you.",{"title":374,"path":375,"acronym":13,"category":7,"difficulty":14,"description":376},"Prompt Exfiltration","\u002Fterms\u002Fp\u002Fprompt-exfiltration","Prompt exfiltration is attacking an AI to leak its system prompt — not hijacking the model's behavior, but stealing its instructions.",{"title":378,"path":379,"acronym":13,"category":7,"difficulty":19,"description":380},"Public Key","\u002Fterms\u002Fp\u002Fpublic-key","A public key is like your open mailbox — anyone can drop a message in it (encrypt data with it), but only you have the key to open the box and read it (you...",{"title":382,"path":383,"acronym":13,"category":7,"difficulty":19,"description":384},"Rate Limiting Security","\u002Fterms\u002Fr\u002Frate-limiting-security","Rate Limiting prevents abuse by capping how many requests someone can make. 100 login attempts per minute? Blocked. 1000 API calls per second? Throttled.",{"title":386,"path":387,"acronym":13,"category":7,"difficulty":19,"description":388},"Refresh Token","\u002Fterms\u002Fr\u002Frefresh-token","A Refresh Token is a long-lived secret that gets you new access tokens without re-logging in.",{"title":390,"path":391,"acronym":13,"category":7,"difficulty":14,"description":392},"Runtime Security","\u002Fterms\u002Fr\u002Fruntime-security","Runtime Security monitors your applications WHILE they're running.",{"title":394,"path":395,"acronym":13,"category":7,"difficulty":19,"description":396},"SAST","\u002Fterms\u002Fs\u002Fsast","SAST scans your source code for security bugs WITHOUT running it.",{"title":398,"path":399,"acronym":398,"category":7,"difficulty":19,"description":400},"SBOM","\u002Fterms\u002Fs\u002Fsbom","An SBOM (Software Bill of Materials) is a complete ingredient list for your software — every library, framework, and dependency with their exact versions.",{"title":402,"path":403,"acronym":13,"category":7,"difficulty":19,"description":404},"SCA","\u002Fterms\u002Fs\u002Fsca","SCA checks if the libraries you're using have known vulnerabilities. You didn't write the bug, but you imported it. That lodash version from 2019?",{"title":406,"path":407,"acronym":406,"category":7,"difficulty":19,"description":408},"SHA","\u002Fterms\u002Fs\u002Fsha","SHA (Secure Hash Algorithm) is a family of blenders for data.",{"title":410,"path":411,"acronym":13,"category":7,"difficulty":14,"description":412},"SLSA","\u002Fterms\u002Fs\u002Fslsa","SLSA (pronounced 'salsa') is a framework with levels (1-4) that measure how secure your software supply chain is. Level 1: you have some build process.",{"title":414,"path":415,"acronym":414,"category":7,"difficulty":19,"description":416},"SOC 2","\u002Fterms\u002Fs\u002Fsoc-2","SOC 2 is a trust certification for SaaS companies. It proves to enterprise customers that you take security, availability, and privacy seriously.",{"title":418,"path":419,"acronym":13,"category":7,"difficulty":19,"description":420},"SQL Injection","\u002Fterms\u002Fs\u002Fsql-injection","SQL injection is when a hacker types SQL code into a text field instead of normal text, and your stupid database runs it.",{"title":422,"path":423,"acronym":422,"category":7,"difficulty":8,"description":424},"SSL","\u002Fterms\u002Fs\u002Fssl","SSL (Secure Sockets Layer) is the old-school version of the lock you see in your browser address bar.",{"title":426,"path":427,"acronym":428,"category":7,"difficulty":19,"description":429},"SSO","\u002Fterms\u002Fs\u002Fsso","Single Sign-On","Log in once, access everything. Instead of remembering 47 different passwords for 47 different work apps, you log in to one system (like Google or Okta) an...",{"title":431,"path":432,"acronym":13,"category":7,"difficulty":19,"description":433},"Salt","\u002Fterms\u002Fs\u002Fsalt","A salt is random gibberish you add to a password before hashing it so two people with the same password get completely different hashes.",{"title":435,"path":436,"acronym":13,"category":7,"difficulty":8,"description":437},"Sanitization","\u002Fterms\u002Fs\u002Fsanitization","Sanitization is cleaning up user input before using it — stripping out anything dangerous like script tags or SQL commands.",{"title":439,"path":440,"acronym":13,"category":7,"difficulty":8,"description":441},"Secret Scanning","\u002Fterms\u002Fs\u002Fsecret-scanning","Secret Scanning checks your code for accidentally committed passwords, API keys, and tokens. Pushed your AWS key to GitHub?",{"title":443,"path":444,"acronym":13,"category":7,"difficulty":14,"description":445},"Secure Boot","\u002Fterms\u002Fs\u002Fsecure-boot","Secure Boot verifies that every piece of software that loads during startup is signed and trusted. Bootloader? Signed. Kernel? Signed. Drivers? Signed. If ",{"title":447,"path":448,"acronym":13,"category":7,"difficulty":14,"description":449},"Secure Enclave","\u002Fterms\u002Fs\u002Fsecure-enclave","A Secure Enclave is a tiny, isolated computer inside your computer that handles the most sensitive stuff — biometric data, encryption keys, payment info.",{"title":451,"path":452,"acronym":13,"category":7,"difficulty":8,"description":453},"Security Audit","\u002Fterms\u002Fs\u002Fsecurity-audit","A security audit is a systematic review of your code, infrastructure, and processes to find security weaknesses.",{"title":455,"path":456,"acronym":13,"category":7,"difficulty":19,"description":457},"Security Headers","\u002Fterms\u002Fs\u002Fsecurity-headers","Security Headers are HTTP response headers that tell browsers 'here's how to protect my users.",{"title":459,"path":460,"acronym":13,"category":7,"difficulty":19,"description":461},"Security Theater","\u002Fterms\u002Fs\u002Fsecurity-theater","Security theater is the stuff that looks secure but doesn't actually stop attackers.",{"title":463,"path":464,"acronym":13,"category":7,"difficulty":19,"description":465},"Session Hijacking","\u002Fterms\u002Fs\u002Fsession-hijacking","Session hijacking is when an attacker steals your session cookie or token and impersonates you.",{"title":467,"path":468,"acronym":13,"category":7,"difficulty":14,"description":469},"Sigstore","\u002Fterms\u002Fs\u002Fsigstore","Sigstore makes signing software as easy as logging in with your Google account. No managing PGP keys, no key rotation headaches.",{"title":471,"path":472,"acronym":13,"category":7,"difficulty":8,"description":473},"Social Engineering","\u002Fterms\u002Fs\u002Fsocial-engineering","Social engineering is hacking people, not computers.",{"title":475,"path":476,"acronym":13,"category":7,"difficulty":19,"description":477},"Software Composition Analysis","\u002Fterms\u002Fs\u002Fsoftware-composition-analysis","Software Composition Analysis is a fancy name for 'checking your dependencies for known vulnerabilities and license issues.",{"title":479,"path":480,"acronym":13,"category":7,"difficulty":19,"description":481},"Subresource Integrity","\u002Fterms\u002Fs\u002Fsubresource-integrity","Subresource Integrity (SRI) adds a hash to your script and link tags. The browser downloads the file, checks the hash, and only executes it if it matches.",{"title":483,"path":484,"acronym":13,"category":7,"difficulty":14,"description":485},"Supply Chain Attack","\u002Fterms\u002Fs\u002Fsupply-chain-attack","A supply chain attack is when a hacker doesn't attack YOU — they attack something you depend on.",{"title":487,"path":488,"acronym":13,"category":7,"difficulty":19,"description":489},"Supply Chain Security","\u002Fterms\u002Fs\u002Fsupply-chain-security","Supply Chain Security protects the entire path from code to production — dependencies, build systems, registries, everything.",{"title":491,"path":492,"acronym":13,"category":7,"difficulty":19,"description":493},"Symmetric Encryption","\u002Fterms\u002Fs\u002Fsymmetric-encryption","Symmetric encryption uses the same key to lock and unlock data. Like a house key — whoever has a copy can both lock and unlock the door.",{"title":495,"path":496,"acronym":495,"category":7,"difficulty":19,"description":497},"TLS","\u002Fterms\u002Ft\u002Ftls","TLS (Transport Layer Security) is the updated, actually-secure version of SSL. It's the technology that puts the padlock in your browser's address bar.",{"title":499,"path":500,"acronym":499,"category":7,"difficulty":19,"description":501},"TOTP","\u002Fterms\u002Ft\u002Ftotp","TOTP (Time-based One-Time Password) is the 6-digit code that changes every 30 seconds in apps like Google Authenticator.",{"title":503,"path":504,"acronym":505,"category":7,"difficulty":14,"description":506},"TPM","\u002Fterms\u002Ft\u002Ftpm","Trusted Platform Module","TPM is the security chip on your computer's motherboard that stores encryption keys and verifies boot integrity. It's why Windows 11 requires TPM 2.0 — Mic",{"title":508,"path":509,"acronym":13,"category":7,"difficulty":19,"description":510},"Token Rotation","\u002Fterms\u002Ft\u002Ftoken-rotation","Token Rotation means regularly replacing your tokens with fresh ones. Old token out, new token in.",{"title":505,"path":512,"acronym":503,"category":7,"difficulty":14,"description":513},"\u002Fterms\u002Ft\u002Ftrusted-platform-module","A TPM is a security chip on your motherboard that stores encryption keys, certificates, and passwords in tamper-resistant hardware. It verifies that your c",{"title":515,"path":516,"acronym":5,"category":7,"difficulty":8,"description":517},"Two-Factor Authentication","\u002Fterms\u002Ft\u002Ftwo-factor-authentication","2FA means you need two things to log in: something you know (password) and something you have (your phone).",{"title":519,"path":520,"acronym":13,"category":7,"difficulty":19,"description":521},"Typosquatting","\u002Fterms\u002Ft\u002Ftyposquatting","Typosquatting is when attackers publish malicious packages with names that are one typo away from popular ones. 'lodahs' instead of 'lodash.",{"title":523,"path":524,"acronym":13,"category":7,"difficulty":19,"description":525},"Vault","\u002Fterms\u002Fv\u002Fvault","HashiCorp Vault is the Fort Knox of secrets management. It stores API keys, passwords, certificates, and encryption keys behind multiple layers of security",{"title":527,"path":528,"acronym":13,"category":7,"difficulty":8,"description":529},"Vulnerability","\u002Fterms\u002Fv\u002Fvulnerability","A vulnerability is a weakness in your code or system that a bad guy could exploit. Like a broken lock on a door.",{"title":531,"path":532,"acronym":531,"category":7,"difficulty":19,"description":533},"WAF","\u002Fterms\u002Fw\u002Fwaf","WAF stands for Web Application Firewall.",{"title":535,"path":536,"acronym":531,"category":7,"difficulty":19,"description":537},"Web Application Firewall","\u002Fterms\u002Fw\u002Fweb-application-firewall","A WAF is a smart firewall that understands web traffic.",{"title":539,"path":540,"acronym":13,"category":7,"difficulty":14,"description":541},"WebAuthn","\u002Fterms\u002Fw\u002Fwebauthn","WebAuthn is the browser API that makes passkeys work.",{"title":543,"path":544,"acronym":13,"category":7,"difficulty":19,"description":545},"Webhook Signature","\u002Fterms\u002Fw\u002Fwebhook-signature","A webhook signature is like the wax seal on a medieval letter — it proves the message actually came from who it says it came from and wasn't tampered with.",{"title":135,"path":547,"acronym":135,"category":7,"difficulty":19,"description":548},"\u002Fterms\u002Fx\u002Fxss","XSS stands for Cross-Site Scripting. Hackers inject their own JavaScript into your site so when other users visit, the evil script runs in their browser.",{"title":550,"path":551,"acronym":13,"category":7,"difficulty":19,"description":552},"Zero Trust","\u002Fterms\u002Fz\u002Fzero-trust","Zero trust means 'never trust, always verify' — even if a request comes from inside your network.",{"title":554,"path":555,"acronym":13,"category":7,"difficulty":19,"description":556},"Zero-Day","\u002Fterms\u002Fz\u002Fzero-day","A zero-day is a vulnerability that nobody knows about yet — except the person who found it. The name means the vendor has had 'zero days' to fix it.",{"title":558,"path":559,"acronym":13,"category":7,"difficulty":14,"description":560},"Zero-Knowledge Proof","\u002Fterms\u002Fz\u002Fzero-knowledge-proof","A Zero-Knowledge Proof lets you prove you know something without revealing what you know. Prove you're over 18 without showing your birthday.",{"title":562,"path":563,"acronym":13,"category":7,"difficulty":14,"description":564},"mTLS","\u002Fterms\u002Fm\u002Fmtls","Normal TLS: you check that the website is legit. mTLS: you BOTH check each other. The server verifies your certificate, you verify the server's.",1776518250189]