Up until this point, we have paid little attention to the taxonomy of common web vulnerabilities. Gaining insight into the underlying mechanics of web applications is far more important than memorizing several thousand random and often unnecessary terms; nomenclature such as improper restriction of operations within the bounds of a memory buffer (Common Weakness Enumeration) or insecure direct object references (Open Web Application Security Project) finds no place in a reasonable conversation—and rightly so.

Nevertheless, the industry has come up with a handful of reasonably precise phrases that security researchers use every day. Having thoroughly discussed the inner workings of the browser, it seems useful ...