> ## Documentation Index
> Fetch the complete documentation index at: https://docs.semgrep.dev/llms.txt
> Use this file to discover all available pages before exploring further.

# Understanding Security Vulnerabilities

An **application security vulnerability** is a weaknesses in software systems that can be exploited by attackers to compromise the confidentiality, integrity, or availability of applications and data. Understanding these vulnerabilities is crucial for building secure applications and maintaining a strong security posture.

## What We'll Teach You

This section covers common security vulnerabilities that affect modern applications. For each vulnerability type, we'll explain:

* **How the vulnerability occurs** including the root causes and common scenarios.
* **Real-world examples** with code patterns that introduce these types of issues.
* **Impact and risks** as a consequence for when these vulnerabilities are exploited.
* **Prevention techniques** and secure coding best practices to avoid the problems.
* **Detection methods** such as how Semgrep can help with identification by scanning code.

Learning about these vulnerabilities helps you write more secure code and build better defenses into your applications from the start.

## Vulnerability Categories

<CardGroup>
  <Card title="Code Injection (RCE)" icon="terminal" href="/learn/vulnerabilities/code-injection" horizontal />

  <Card title="Command Injection" icon="code" href="/learn/vulnerabilities/command-injection" horizontal />

  <Card title="Cross-Site Scripting (XSS)" icon="globe" href="/learn/vulnerabilities/cross-site-scripting" horizontal />

  <Card title="Insecure Deserialization" icon="layer-group" href="/learn/vulnerabilities/insecure-deserialization" horizontal />

  <Card title="Insecure Direct Object Reference (IDOR)" icon="link" href="/learn/vulnerabilities/idor" horizontal />

  <Card title="Open Redirect" icon="arrow-right-from-arc" href="/learn/vulnerabilities/open-redirect" horizontal />

  <Card title="Server Side Request Forgery (SSRF)" icon="server" href="/learn/vulnerabilities/server-side-request-forgery" horizontal />

  <Card title="SQL Injection (SQLi)" icon="database" href="/learn/vulnerabilities/sql-injection" horizontal />

  <Card title="XML Security (XEE, XXE)" icon="file-code" href="/learn/vulnerabilities/xml-security" horizontal />
</CardGroup>

## Additional Resources

* [Security Research Blog](https://semgrep.dev/blog/security-research/): Recent blog posts from the Semgrep Security Research team discussing trends in vulnerability research and application security.
