Basic Vulnerability Countermeasures

SQL Injection - Placeholders, Prepared statements, Parameterized queries
- Sub-keywords: Blind SQL injection, Second-order injection, ORM security
Cross-Site Scripting (XSS) - Escaping, Sanitization, Content Security Policy (CSP)
- Sub-keywords: DOM-based XSS, Reflected XSS, Stored XSS
Command Injection - Shell command execution avoidance, Whitelist validation
- Sub-keywords: OS command injection, Code injection, eval() vulnerabilities
LDAP Injection, XML Injection
- Sub-keywords: XXE (XML External Entity), XPath injection, LDAP filter bypass

Password Management - Hashing (bcrypt, Argon2), Salt, Stretching
- Sub-keywords: PBKDF2, Password complexity requirements, Credential stuffing
Session Management - Session ID, Session fixation attack countermeasures, Timeout
- Sub-keywords: Session hijacking, Cookie security, Token-based authentication
Multi-Factor Authentication (MFA)
- Sub-keywords: TOTP, Biometric authentication, SMS authentication
OAuth, OpenID Connect
- Sub-keywords: JWT (JSON Web Tokens), Refresh tokens, Authorization code flow
Access Control - Principle of least privilege, Mandatory access control
- Sub-keywords: RBAC (Role-Based Access Control), ABAC (Attribute-Based), DAC (Discretionary)

CSRF (Cross-Site Request Forgery) - Tokens, SameSite Cookie attribute
- Sub-keywords: Anti-CSRF tokens, Double submit cookies, Origin header validation
Clickjacking - X-Frame-Options, frame-ancestors
- Sub-keywords: UI redressing, Framebust defense, Transparent overlays

Input Validation and Data Processing

Whitelist/Blacklist Approach
- Sub-keywords: Positive validation, Input filtering, Character encoding
Validation - Client-side/Server-side validation
- Sub-keywords: Data type validation, Length constraints, Format validation
Regular Expressions - ReDoS (Regular Expression DoS) countermeasures
- Sub-keywords: Catastrophic backtracking, Regex complexity analysis, Timeout limits
File Upload - Extension check, MIME type validation, File size limits
- Sub-keywords: Magic number verification, Malware scanning, Quarantine mechanisms
Path Traversal - Directory traversal countermeasures
- Sub-keywords: Canonicalization, Chroot jails, Path sanitization

Encryption Methods - Symmetric encryption (AES), Public key encryption (RSA)
- Sub-keywords: Block cipher modes (CBC, GCM), Key exchange, Elliptic curve cryptography
Hash Functions - SHA-256, SHA-3, MD5/SHA-1 deprecated
- Sub-keywords: HMAC, Message authentication codes, Collision resistance
SSL/TLS - HTTPS communication, Certificate validation
- Sub-keywords: Perfect forward secrecy, Certificate pinning, TLS handshake
Cryptographically Secure Pseudo-Random Number Generator (CSPRNG)
- Sub-keywords: Entropy sources, /dev/urandom, SecureRandom
Key Management - No hard-coding prohibition
- Sub-keywords: Key rotation, HSM (Hardware Security Module), Key escrow

Buffer Overflow - Boundary checks, Safe function usage
- Sub-keywords: Stack overflow, Heap overflow, Canary values
Memory Leak
- Sub-keywords: Resource cleanup, Dangling pointers, Memory profiling
Integer Overflow/Underflow
- Sub-keywords: Arithmetic wraparound, Range validation, Safe math libraries
Resource Exhaustion Countermeasures - DoS countermeasures, Rate limiting
- Sub-keywords: Throttling, Connection pooling, Circuit breaker pattern
Garbage Collection
- Sub-keywords: Reference counting, Mark-and-sweep, Finalization vulnerabilities

Error Messages - Prevention of information leakage
- Sub-keywords: Generic error pages, Stack trace suppression, Debug mode risks
Exception Handling - try-catch, Proper error handling
- Sub-keywords: Fail-safe defaults, Exception chaining, Resource cleanup in finally
Log Output - Masking sensitive information, Log injection countermeasures
- Sub-keywords: CRLF injection, Log tampering prevention, Audit trails
Debug Information - Disable in production environment
- Sub-keywords: Source map removal, Verbose error suppression, Development vs production builds

Principle of Least Privilege
- Sub-keywords: Privilege separation, Drop privileges, Capability-based security
Defense in Depth
- Sub-keywords: Layered security, Multiple controls, Fail-safe mechanisms
Fail-Safe
- Sub-keywords: Fail-closed vs fail-open, Default deny, Secure defaults
Secure by Default
- Sub-keywords: Opt-in insecure features, Secure configuration templates, Hardening guides
Open Design Principle
- Sub-keywords: Kerckhoffs's principle, Security through obscurity avoidance, Public review
OWASP Top 10 - Top 10 major vulnerabilities
- Sub-keywords: Broken access control, Cryptographic failures, Security misconfiguration

RESTful API - Proper authentication & authorization
- Sub-keywords: API keys, Rate limiting, Input validation
CORS (Cross-Origin Resource Sharing)
- Sub-keywords: Preflight requests, Access-Control headers, Origin validation
HTTP Headers - Strict-Transport-Security, X-Content-Type-Options
- Sub-keywords: X-XSS-Protection, Referrer-Policy, Permissions-Policy
Same-Origin Policy
- Sub-keywords: Origin definition, Port restrictions, JSONP risks
JSON Hijacking
- Sub-keywords: Array hijacking, CSRF on JSON endpoints, Content-Type validation

Reverse Engineering Countermeasures
- Sub-keywords: ProGuard, Code obfuscation, Anti-tampering
Code Obfuscation
- Sub-keywords: Symbol stripping, Control flow obfuscation, String encryption
Root/Jailbreak Detection
- Sub-keywords: SafetyNet, Integrity checking, Runtime environment validation
Secure Storage
- Sub-keywords: Keychain (iOS), Keystore (Android), Encrypted shared preferences

SSDLC (Secure Software Development Life Cycle)
- Sub-keywords: Security requirements, Threat modeling phase, Security testing
Threat Modeling - STRIDE
- Sub-keywords: Attack trees, DREAD, Data flow diagrams
Static Analysis (SAST), Dynamic Analysis (DAST)
- Sub-keywords: Code scanning, Fuzzing, IAST (Interactive)
Penetration Testing
- Sub-keywords: Black-box testing, White-box testing, Red team exercises
Code Review
- Sub-keywords: Peer review, Security-focused review, Automated code review tools