Vulnerability

/ˌɛs-kjuː-ˈɛl ɪn-ˈdʒɛk-ʃən/

n. “When input becomes instruction.”

SQL Injection is a class of security vulnerability that occurs when untrusted input is treated as executable database logic. Instead of being handled strictly as data, user-supplied input is interpreted by the database as part of a structured query, allowing an attacker to alter the intent, behavior, or outcome of that query.

/biːst/

n. “The cipher’s hungry monster that chews SSL/TLS.”

BEAST, short for Browser Exploit Against SSL/TLS, is a cryptographic attack discovered in 2011 that targeted vulnerabilities in the SSL 3.0 and TLS 1.0 protocols. Specifically, it exploited weaknesses in the way block ciphers in Cipher Block Chaining (CBC) mode handled initialization vectors, allowing attackers to decrypt secure HTTPS cookies and potentially hijack user sessions.

/ˈpuːdəl/

n. “The sneaky browser bite that ate SSL.”

POODLE, short for Padding Oracle On Downgraded Legacy Encryption, is a security vulnerability discovered in 2014 that exploited weaknesses in older versions of the SSL protocol, specifically SSL 3.0. It allowed attackers to decrypt sensitive information from encrypted connections by taking advantage of how SSL handled padding in block ciphers. Essentially, POODLE turned what was supposed to be secure, encrypted communication into something leak-prone.

/ˌes-eɪtʃ-ˈwʌn/

n. “Good enough… until it wasn’t.”

SHA1 is a cryptographic hash function born in an era when the internet still believed in handshakes, trust, and the idea that computational limits would politely remain limits. Designed by the NSA and standardized in the mid-1990s, SHA1 takes arbitrary input and produces a 160-bit fingerprint — a fixed-length digest meant to uniquely represent data, documents, passwords, or entire software releases.