Security Glossary
Plain English definitions of security terms
51 articlesVibe Coding Security Glossary - Plain English Definitions
Security terms explained for non-technical founders. From API keys to XSS, learn what security jargon actually means in plain English.
What is an API Key? Plain English Security Guide
Learn what API keys are, why they matter for security, and how to protect them. A simple explanation for non-technical founders building with AI tools.
What is an Audit Log? Security Logging Basics
Learn what audit logs are, why they matter for security and compliance, and how to implement effective logging in your application.
What is Authentication? Security Guide for Developers
Learn what authentication means, how it differs from authorization, and why it matters for your app security. Plain English guide for vibe coders.
What is Authorization? Access Control Explained
Learn what authorization means in web security, how it differs from authentication, and why proper access control prevents data breaches. Plain English guide.
What is a Backdoor? Persistent Access Threats
Learn what backdoors are, how attackers install them for persistent access, and how to detect and prevent them in your systems.
What is a Data Breach? Security Incident Basics
Learn what data breaches are, how they happen, and how to respond when one occurs. Understand breach notification requirements.
What is a Brute Force Attack? Password Security
Learn what brute force attacks are, how they work, and how to protect your application from password guessing attacks.
What is Security Compliance? Standards and Requirements
Learn what security compliance means, common frameworks, and how to meet requirements for your industry.
What are Cookies? Web Storage Security
Learn what cookies are, how to set them securely, and the difference between cookies and other storage options. Web security basics.
What is CORS? Cross-Origin Resource Sharing Explained
Learn what CORS is, why browsers block cross-origin requests, and how to configure CORS properly. Avoid the common security mistakes.
What is Credential Stuffing? Account Takeover Attacks
Learn what credential stuffing is, why password reuse makes it dangerous, and how to protect your users from account takeover.
What is CSP (Content Security Policy)? XSS Protection
Learn what Content Security Policy is, how it prevents XSS attacks, and how to configure CSP headers for your website. Security guide for developers.
What is CSRF (Cross-Site Request Forgery)? Security Guide
Learn what CSRF attacks are, how they trick users into unwanted actions, and how to protect your app with tokens and SameSite cookies.
What is a DDoS Attack? Distributed Denial of Service
Learn what DDoS attacks are, how they overwhelm websites, and how to protect your app. Security basics for developers.
What is Encryption? Data Protection Basics
Learn what encryption is, how it protects your data, and the difference between encryption at rest and in transit. Plain English security guide.
What are Environment Variables? Secrets Management
Learn what environment variables are, why they keep secrets safe, and how to use them properly. Essential security knowledge for developers.
What is an Exploit? Security Basics
Learn what exploits are, how they work, and how to protect your applications from known and unknown exploits.
What is a Firewall? Network Security Basics
Learn what firewalls are, how they protect your server, and the difference between network and web application firewalls. Security guide.
What is GDPR? Data Privacy Basics
Learn what GDPR is, who it applies to, and how to comply with EU data protection requirements.
What is Hashing? Password Security Basics
Learn what hashing is, why passwords should be hashed not encrypted, and which algorithms to use. Essential security knowledge for developers.
What is HSTS? HTTP Strict Transport Security
Learn what HSTS is, how it forces HTTPS connections, and why you should enable it. Protect your users from downgrade attacks.
What is HTTPS? Web Security Basics
Learn what HTTPS is, why it matters for your website, and how it protects your users' data. Plain English guide to secure connections.
What is IDOR? Insecure Direct Object Reference
Learn what IDOR vulnerabilities are, how attackers exploit them, and how to prevent unauthorized data access in your app.
What is Injection? Security Vulnerability Basics
Learn what injection attacks are, the different types, and how to prevent them. Essential security knowledge covering SQL injection, command injection, and more.
What is a JWT (JSON Web Token)? Authentication Guide
Learn what JWTs are, how they work for authentication, and common security mistakes to avoid. Plain English guide for developers.
What is Malware? Types and Prevention
Learn what malware is, the different types including ransomware and spyware, and how to protect your systems.
What is a Man-in-the-Middle Attack? Network Security
Learn what man-in-the-middle attacks are, how they intercept communications, and how HTTPS and other protections prevent them.
What is Middleware? Web Development Basics
Learn what middleware is, how it works in web frameworks, and how to use it for authentication, logging, and security. Development basics.
What is OAuth? Social Login Explained
Learn what OAuth is, how social login works, and why it's more secure than building your own authentication. Plain English guide.
What is a Penetration Test? Security Testing Basics
Learn what penetration testing is, the different types, and when your application needs a pen test.
What is Phishing? Attack Prevention Basics
Learn what phishing attacks are, how to recognize them, and how to protect your organization from email and social engineering threats.
What is Privilege Escalation? Access Control Security
Learn what privilege escalation is, how attackers gain elevated access, and how to prevent unauthorized permission elevation in your application.
What is Rate Limiting? API Protection
Learn what rate limiting is, why APIs need it, and how to implement it properly. Protect your app from abuse and DDoS attacks.
What is Row Level Security (RLS)? Supabase Guide
Learn what Row Level Security is, why it matters for Supabase apps, and how to implement RLS policies. Essential security for vibe-coded database apps.
What is Input Sanitization? Cleaning User Data
Learn what sanitization is, how it differs from validation, and when to use it. Protect your app from malicious input.
What is a Security Audit? Compliance Basics
Learn what security audits are, why they matter for compliance, and how to prepare for one.
What are Security Headers? HTTP Response Security
Learn what security headers are, which ones to implement, and how they protect your web application from common attacks.
What is a Session? Web Authentication Basics
Learn what sessions are, how they track logged-in users, and session security best practices. Web authentication explained.
What is SOC 2? SaaS Compliance Basics
Learn what SOC 2 is, the trust service criteria, and how to get SOC 2 certified for your SaaS company.
What is Social Engineering? Human-Targeted Attacks
Learn what social engineering is, the techniques attackers use, and how to protect your organization from human-targeted attacks.
What is SQL Injection? Database Security Guide
Learn what SQL injection attacks are, how they work, and how to prevent them with parameterized queries. Essential security knowledge for developers.
What is SSL/TLS? Encryption Explained
Learn what SSL and TLS are, how they encrypt web traffic, and why they're essential for secure websites. Plain English security guide.
What is SSRF? Server-Side Request Forgery
Learn what SSRF vulnerabilities are, how attackers exploit them, and how to prevent your server from making unauthorized requests.
What is Two-Factor Authentication (2FA)? Security Basics
Learn what 2FA is, why it matters, and how to implement it in your app. Protect user accounts with an extra layer of security.
What is Input Validation? Security Best Practices
Learn what input validation is, why it matters for security, and how to validate user data properly. Prevent bugs and vulnerabilities.
What is Vibe Coding? AI-Assisted Development
Learn what vibe coding is, how AI tools like Claude, Cursor, and Copilot enable it, and the security considerations for AI-assisted development.
What is a VPN? Virtual Private Network Explained
Learn what VPNs are, how they protect your connection, and when developers should use them. Security basics explained.
What is a Vulnerability? Security Basics
Learn what security vulnerabilities are, common types, and how to find and fix them in your applications.
What is XSS (Cross-Site Scripting)? Security Guide
Learn what XSS attacks are, how they work, and how to prevent cross-site scripting in your web app. Plain English security guide for developers.
What is a Zero-Day? Security Vulnerability Basics
Learn what zero-day vulnerabilities and exploits are, why they are dangerous, and how to protect against unknown threats.