Tech does not just watch: Take action against Russia’s war on Ukraine 🇺🇦, and take action against Israel’s occupation, destruction, and ethnic cleansing of Palestine (history) 🇵🇸 Hide

Frontend Dogma

“security” News Archive

Definition, related topics, and tag feed

Definition · Supertopics: user-experience · Subtopics: authentication, authorization, certificates, cors, cryptography, csp, csrf, hashing, malware, privacy, provenance, randomness, sanitization, ssh, ssl, tls, validation, vulnerabilities, xss (non-exhaustive) · “security” RSS feed (per email)

Entry (Sources) and Additional TopicsDate#
Cryptography Usage in Web Standards (w3c)502
standards, cryptography
OpenJS Foundation Security Program: Annual Report 2025 (ope)501
openjs
A Security Checklist for Your React and Next.js Apps (the)500
react, nextjs
Securing npm Is Table Stakes (nza+/cha)499
podcasts, interviews, npm, ai
Security (vik+/htt)498
web-almanac, studies, research, metrics, tls, certificates, cookies, csp, http-headers, apis, sanitization, configuration
Node.js January 2026 Security Release: What Changed and Why It Matters (nod)497
nodejs
Tuesday, January 13, 2026 Security Releases (nod)496
release-notes, nodejs
Mitigating Denial-of-Service Vulnerability From Unrecoverable Stack Space Exhaustion for React, Next.js, and APM Users (mco+/nod)495
nodejs, vulnerabilities, react, nextjs, tooling, monitoring, performance
npm to Implement Staged Publishing After Turbulent Shift Off Classic Tokens (sar/soc)494
npm, dependencies, github
Security Basics for Vibe-Coders (owe/pro)493
fundamentals, vibe-coding, ai
Testing Methods: Accessible Authentication (Enhanced) (dec)492
accessibility, testing, wcag, authentication
Testing Methods: Accessible Authentication (Minimum) (dec)491
accessibility, testing, wcag, authentication
Denial of Service and Source Code Exposure in React Server Components (rea)490
react, components
Thursday, December 18, 2025 Security Releases (nod)489
release-notes, nodejs
How We’re Protecting Our Newsroom From npm Supply Chain Attacks (rya/pnp)488
npm, dependencies, case-studies
No More Tokens—Locking Down npm Publish Workflows (zac)487
npm, dependencies, github, processes
[Next.js] Security Advisory: CVE-2025-66478 (seb)486
nextjs
Critical Security Vulnerability in React Server Components (rea)485
react, components
Decreasing [Let’s Encrypt] Certificate Lifetimes to 45 Days (mat/let)484
http, certificates, lets-encrypt
Taking Down Next.js Servers for 0.0001 Cents a Pop483
servers, nextjs, vulnerabilities
The Shai-Hulud 2.0 npm Worm: Analysis, and What You Need to Know482
npm, dependencies
GitLab Discovers Widespread npm Supply Chain Attack (git)481
npm, dependencies, gitlab, github, aws, gcp, azure
Automated npm Secret Rotation in GitHub Actions (mhe)480
npm, automation, github-actions
What Developers Really Mean by “Bad Code” (jet)479
maintainability, scalability, consistency, quality
Introducing the OWASP Top 10:2025 (she+/owa)478
introductions, owasp, vulnerabilities
Removing XSLT for a More Secure Browser (dro/dev)477
chromium, chrome, google, browsers, xsl, web-platform
Will npm’s New Security Steps Stop Attacks? (rev)476
npm, github, maintenance, foss
HTTPS by Default (jde+)475
http, chrome, google, browsers
Agentic AI and Security (ksi/mfo)474
ai, architecture
Octoverse: A New Developer Joins GitHub Every Second as AI Leads TypeScript to #1 (git)473
github, metrics, productivity, ai, foss, programming
Glassworm: First Self-Propagating Worm Using Invisible Code Hits OpenVSX Marketplace472
code-editors, vs-code, microsoft
Improving the Trustworthiness of JavaScript on the Web (clo)471
javascript, web-apps
Past Time for Passkeys (nor)470
videos, passkeys, passwords, authentication
Secure Coding in JavaScript469
javascript, frameworks
My Conclusions After Using Signed Exchanges on My Website for 2 Years (paw)468
signed-exchanges, performance
Lazy-Loading as a Security Measure467
lazy-loading, angular, react
Backend Concepts Every Experienced Developers Must Know466
concepts, network, concurrency, apis, databases, caching, scalability, observability, architecture
Fixing Safari Mixed Content Issues With Vite and mkcert465
safari, apple, browsers, vite, tooling
How Deno Protects Against npm Exploits (den)464
deno, npm
Strengthening npm Security: Important Changes to Authentication and Token Management (git)463
npm
How Hackers Use AI to Find Vulnerabilities Faster462
ai
CAPTCHA, When Security Takes Precedence Over Accessibility461
captcha, accessibility
Our Plan for a More Secure npm Supply Chain (xco/git)460
npm, dependencies, foss
npm Security Best Practices459
npm, provenance, best-practices
This May Be the Worst One (the)458
videos, npm, dependencies
Ongoing Supply Chain Attack Targets CrowdStrike npm Packages (pvd+/soc)457
npm, dependencies
ctrl/tinycolor and 40+ npm Packages Compromised456
npm, dependencies
How Maintainer Burnout Is Causing a Kubernetes Security Disaster (the)455
kubernetes, maintenance, foss, economics
Oh No, Not Again… a Meditation on npm Supply Chain Attacks (tan)454
npm, dependencies, microsoft
Anatomy of a Billion-Download npm Supply-Chain Attack453
npm, dependencies
npm Author Qix Compromised via Phishing Email in Major Supply Chain Attack (bur+/soc)452
npm, dependencies
CORS Explained: Stop Struggling With Cross-Origin Errors451
cors, http-headers, http
How OpenJS-Hosted Projects Benefit From Security Support (ope)450
openjs, hosting, foss
Why You Absolutely Need to Have Automated Dependency Management in Place (j9t)449
dependencies, maintainability, maintenance, automation, tooling
What Your Website’s Style Says About You—and How Hackers Can Use It Against You (err)448
css, javascript
Hardening Node.js Apps in Production: 8 Layers of Practical Security447
nodejs, best-practices
eslint-config-prettier Compromised: How npm Package With 30 Million Downloads Spread Malware446
prettier, eslint, npm, malware
AI Agents Are Creating a New Security Nightmare for Enterprises and Startups (the)445
ai, apis
npm Phishing Email Targets Developers With Typosquatted Domain (sar/soc)444
npm
Tuesday, July 15, 2025 Security Releases (nod)443
release-notes, nodejs
Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader (soc)442
npm, dependencies
MCP Security Vulnerabilities and Attack Vectors441
mcp, ai
A New Era of Code Quality440
quality
JWTs Are Not Session Tokens, Stop Using Them Like One439
json-web-tokens, authentication
Design Patterns for Securing LLM Agents Against Prompt Injections (sim)438
studies, research, ai, prompting, software-design-patterns
The Growing Risk of Malicious Browser Extensions (soc)437
browser-extensions
Escaping “<” and “>” in Attributes—How It Helps Protect Against Mutation XSS (sec)436
html, attributes, xss, escaping, chrome, google, browsers
HTML Spec Change: Escaping “<” and “>” in Attributes (sec/dev)435
html, attributes, escaping, xss
Beware of End-of-Life Node.js Versions—Upgrade or Seek Post-EOL Support (mco/nod)434
nodejs, maintenance
How to Access Local MCP Servers Through a Secure Tunnel (the)433
how-tos, mcp, ai, servers, network
Docker Launches Hardened Images, Intensifying Secure Container Market (the)432
docker
Modernizing Security431
modernization, processes
Securing Your Node.js App From Command Injection430
nodejs
Passkeys for Normal People (tro)429
authentication, passkeys, examples, concepts
npm Targeted by Malware Campaign Mimicking Familiar Library Names (soc)428
npm, malware, dependencies, link-lists
What Is an Encryption Backdoor? (int)427
encryption, vulnerabilities, concepts
Cybersecurity Leaders Are Staying in the Shadows (ste)426
community, culture
Threat Actors Misuse Node.js to Deliver Malware and Other Malicious Payloads (mic)425
nodejs, malware
Principles for Coding Securely With LLMs (sea)424
ai, principles
TLS Certificate Lifetimes Will Officially Reduce to 47 Days423
tls, certificates
LLMs Can’t Stop Making Up Software Dependencies and Sabotaging Everything (tho/the)422
ai, dependencies, slop
Secure a Vue App With OpenID Connect and the BFF Pattern (due)421
vuejs, authentication, backend-for-frontend
Teaching Code in the AI Era: Why Fundamentals Still Matter (ali)420
training, ai, programming, vibe-coding, scalability, performance, quality, testing, documentation
Stop Using Jenkins in 2025 (oso)419
jenkins, github-actions, ci-cd
Node.js Test CI Security Incident (nod)418
nodejs, retrospectives
Website Hijack Campaign Now Impacting 150,000 Sites (gad)417
Malware Found on npm Infecting Local Package With Reverse Shell (rev)416
npm, dependencies
Five Things Vibe Coders Should Know (From a Software Engineer) (uxd)415
vibe-coding, sanitization
GitHub Suffers a Cascading Supply Chain Attack Compromising CI/CD Secrets (inf)414
github, ci-cd
How to Prevent WordPress SQL Injection Attacks (sma)413
how-tos, wordpress, sql, databases
Lazarus Strikes npm Again With New Wave of Malicious Packages (soc)412
npm, dependencies
Updates on CVE for End-of-Life Versions (raf/nod)411
nodejs
What Is the OWASP Top 10 and How Can Your Team Benchmark Security? (jet)410
owasp, vulnerabilities, qodana, jetbrains
How to Protect Your Web Applications From XSS (tor/w3c)409
how-tos, web-apps, xss
In Tech, What Matters and What Is Dangerous (ham)408
community, foss, open-web
Secure UX: Building Cybersecurity and Privacy Into the UX Lifecycle (uxm)407
user-experience, processes
The Fallacy of Balance: Challenging the Notion of Security and Accessibility as Opposing Objectives (deq)406
videos, accessibility
It Is No Longer Safe to Move Our Governments and Societies to U.S. Clouds (ber)405
cloud-computing, privacy, legal
How OWASP Helps You Secure Your Full-Stack Web Applications (eri/sma)404
owasp, monitoring, authentication, vulnerabilities, configuration, csrf, cryptography, authorization
10 Common Web Development Mistakes to Avoid Right Now403
mistakes, mobile, performance, accessibility, seo, navigation, analytics, testing
Tightening Every Bolt (bag)402
videos, processes, code-reviews, testing
On Generative AI Security (sch)401
ai, lessons, microsoft
Understanding CORS Errors in Signed Exchanges (paw)400
cors, errors, signed-exchanges
Keep Your Node.js Apps Secure With “npx is-my-node-vulnerable” (tre)399
packages, npm, nodejs
How I Open-Sourced My Secret Access Tokens From GitHub, Slack, and npm—and Who Actually Cares398
github, slack, npm
Node.js EOL Versions CVE Dubbed the “Worst CVE of the Year” by Security Experts (sar/soc)397
nodejs, documentation
Tuesday, January 21, 2025 Security Releases (raf/nod)396
release-notes, nodejs
APIs Are Quickly Becoming the Latest Security Battleground (and Nightmare) (the)395
apis
CDN-First Is No Longer a Performance Feature (osv)394
content-delivery, performance, caching, embed-code, privacy
The Cyber-Cleanse: Take Back Your Digital Footprint (cyb)393
privacy
15 Principles for Secure Programming (rak)392
principles, validation, testing
Important Topics for Frontend Developers to Master in 2025391
learning, javascript, typescript, css, frameworks, git, apis, testing, performance, ci-cd, websockets
Developer Guide: How to Implement Passkeys390
guides, how-tos, authentication, passkeys
How to Automate OWASP Security Reviews in Your Pull Requests? (cod)389
how-tos, owasp, automation, code-reviews, coderabbit
5 Technical Trends to Help Web Developers Stand Out in 2025 (the)388
trends, career, javascript, ai, low-and-no-code
Avoid Hotlinking Images With “Cross-Origin-Resource-Policy”387
images
Content Security Policy Level 3 (mik/w3c)386
standards, csp
Security (htt)385
web-almanac, studies, research, metrics
JavaScript Import Attributes (ES2025) (tre)384
javascript
Exploring Internet Traffic Shifts and Cyber Attacks During the 2024 U.S. Election (clo)383
traffic
Securing Your Express REST API With Passport.js382
nodejs, express, json-web-tokens, apis, rest, tooling
SecretLint—a Linter for Preventing Committing Credentials (tre)381
tooling, linting
The Importance of UX in Cybersecurity (uxm)380
user-experience, usability
Understanding “npm audit” and Fixing Vulnerabilities379
npm, vulnerabilities, nodejs
Top 4 Web Vulnerabilities With Example and Mitigation378
vulnerabilities, sql, databases, xss, csrf
How to Implement Content Security Policy (CSP) Headers for Astro (tre)377
how-tos, http, http-headers, csp, astro, vercel, cloudflare
Why Code Security Matters—Even in Hardened Environments376
vulnerabilities, file-handling, nodejs
Database 101: SSL/TLS for Beginners375
introductions, databases, ssl, tls, authentication
Cloudflare Study: 39% of Companies Losing Control of Their IT and Security Environment (tre)374
studies, research, engineering-management
NIST Recommends Some Common-Sense Password Rules (sch)373
passwords, guidelines
I Finally Understand OAuth372
authorization, oauth, processes
Fake GitHub Site Targeting Developers (jul/san)371
github
Hacking Cars in JavaScript (Running Replay Attacks in the Browser With the HackRF) (dev)370
javascript
Gaining Access to Anyone’s Browser Without Them Even Visiting a Website369
arc, the-browser-company, browsers, vulnerabilities
10 AI Dangers and Risks and How to Manage Them (rin)368
ai, privacy, sustainability, legal
Web Security: Shaping the Secure Web (set/w3c)367
web, w3c
5 Wasm Use Cases for Frontend Development (ele/des)366
guest-posts, webassembly, performance
What Is Incident Response?365
incident-response, overviews
Migrating From Netlify to Cloudflare for AI Bot Protection (sia)364
migrating, netlify, cloudflare, ai
The Great npm Garbage Patch363
dependencies, npm, spam
Frontend Security Checklist (tre)362
checklists, react
Automated Ways to Security Audit Your Website361
auditing, automation, tooling
Secure Node.js Applications From Supply Chain Attacks360
nodejs, best-practices, dependencies
The Cloud Run Security Gap You Didn’t Know You Had (and How to Fix It)359
google, gcp
The Pitfalls of In-App Browsers (fro)358
browsers, mobile, privacy, user-experience
Supply Chain Security in npm—We Can Be Optimistic About the Future357
npm, dependencies, provenance
Script Integrity (chr/fro)356
embed-code, javascript
Introducing the MDN HTTP Observatory (mdn)355
introductions, mdn, mozilla, http
Tuesday, July 2, 2024 Security Releases (nod)354
release-notes, nodejs
WebAuthn: Enhancing Security With Minimal Effort (tbe)353
authentication, webauthn
RegreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH Server352
ssh, vulnerabilities
Polyfill Supply Chain Attack Embeds Malware in JavaScript CDN Assets351
malware, vulnerabilities
Catching Compromised Cookies350
cookies, testing
Backdoor Slipped Into Multiple WordPress Plugins in Ongoing Supply-Chain Attack (dan/ars)349
wordpress, plugins
The Hacking of Culture and the Creation of Socio-Technical Debt (sch)348
culture
OAuth Authentication (rya)347
authentication, authorization, oauth
Researchers Uncover npm Registry Vulnerability to Cache Poisoning and DoS Attacks (sar/soc)346
npm, dependencies, vulnerabilities, caching
What Is Mixed Content? (fre)345
http
The Ultimate Guide to Iframes (log)344
guides, iframes, html, javascript
How a Single Vulnerability Can Bring Down the JavaScript Ecosystem343
javascript, npm, dependencies, caching, vulnerabilities
JavaScript Security: Simple Practices to Secure Your Frontend342
javascript, dependencies, csp
Manifesto for a Humane Web (mic)341
websites, manifestos, web, principles, accessibility, dei, sustainability, user-experience
Securing Client-Side JavaScript (ada)340
javascript, graceful-degradation
Poor Express Authentication Patterns in Node.js and How to Avoid Them339
express, nodejs, authentication
Passkeys: A Shattered Dream (fir)338
authentication, passkeys
Using Legitimate GitHub URLs for Malware (sch)337
malware, github
When Security and Accessibility Clash: Why Are Banking Applications So Inaccessible? (nic)336
accessibility
Open Source Security (OpenSSF) and OpenJS Foundations Issue Alert for Social Engineering Takeovers of Open Source Projects (ope)335
foss, openjs
Wednesday, April 10, 2024 Security Releases (raf/nod)334
release-notes, nodejs
Node.js Secure Coding: Mitigate and Weaponize Code Injection Vulnerabilities333
books, nodejs, vulnerabilities
The Free Software Commons (jen)332
foss, community
The V8 Sandbox331
v8
Building a Digital Fortress: How to Strengthen DNS Against DDoS Attacks?330
dns
Using JSON Web Tokens With Node.js329
json-web-tokens, nodejs, authentication
Wednesday, April 3, 2024 Security Releases (nod)328
release-notes, nodejs
In-App Browsers Are Still a Privacy, Security, and Choice Problem (tho/the)327
browsers, mobile, privacy
CORS Finally Explained—Simply326
csrf, cors, concepts
How Does Single Sign-On (SSO) Work? (mil)325
authentication
How npm Install Scripts Can Be Weaponized: A Real-World Example of a Harmful npm Package (eth)324
npm, dependencies, examples
Preventing SQL Injection Attacks in Node.js323
nodejs, databases, sql
Frontend Application Security: Tips and Tricks322
web-apps, xss, csrf, authentication, dependencies, csp, validation, tips-and-tricks
Wednesday, February 14, 2024 Security Releases (raf+/nod)321
release-notes, nodejs
How to Boost WordPress Security and Protect Your SEO Ranking320
how-tos, wordpress, seo
Malicious npm Package Masquerades as Noblox.js, Targeting Roblox Users for Data Theft (sar/soc)319
npm, dependencies
Practice Safe DSD With “setHTMLUnsafe” (It’s Complicated) (jar/van)318
html, dom, shadow-dom, apis
Tuesday, February 6, 2024 Security Releases (raf/nod)317
release-notes, nodejs
JWT vs. Session Authentication316
authentication, json-web-tokens, comparisons
GitHub, npm Registry Abused to Host SSH Key-Stealing Malware315
github, npm, malware, foss
Navigating JavaScript Security: Recompiling Firefox to Bypass Anti-Debugger Techniques (gli)314
javascript, debugging, firefox, mozilla, browsers
Deceptive Deprecation: The Truth About npm Deprecated Packages313
deprecation, npm, dependencies, research
Safely Accessing the DOM With Angular SSR (dev)312
dom, javascript, angular, server-side-rendering
Node.js Security Progress Report—Progress on Permission Model, Fuzzer, and Connections With Community (ope)311
nodejs
I Hate CORS310
videos, cors
Building Multiple Progressive Web Apps on the Same Domain (dev)309
videos, web-apps, progressive-web-apps, architecture
Session-Based vs. Token-Based Authentication: Which Is Better?308
authentication, json-web-tokens, comparisons
10 Best Practices for Secure Code Review of Node.js Code307
best-practices, code-reviews, nodejs
Security Headers Using “<meta>” (sap/mat)306
csp, html
Blind CSS Exfiltration: Exfiltrate Unknown Web Pages305
css
Mastering Cryptography Fundamentals With Node’s “crypto” Module304
cryptography, nodejs
Secure Code Review Tips to Defend Against Vulnerable Node.js Code303
nodejs, code-reviews
Understanding CORS302
cors
Secret Scanning Scans Public npm Packages (git)301
github, npm, dependencies
What the !#@% Is a Passkey? (eff)300
passkeys
Local HTTPS for Next.js 13.5 (ami)299
testing, http, nextjs
Understanding XSS Attacks298
xss
A Comprehensive Guide to the Dangers of Regular Expressions in JavaScript (phi)297
guides, javascript, regex
Best Practices for Securing Node.js Applications in Production296
best-practices, nodejs
SSH Keys Stolen by Stream of Malicious PyPI and npm Packages (ble)295
ssh, dependencies, npm
npm Provenance General Availability (git)294
github, npm, provenance
Open Source Trends to Look for in 2024293
foss, trends, outlooks, ai
The WebP 0-Day292
webp, google, apple
Securing Your Node.js Apps by Analyzing Real-World Command Injection Examples291
nodejs, history, examples
How to Implement SSL/TLS Pinning in Node.js290
how-tos, ssl, tls, nodejs
A More Intelligent and Secure Web (ple/w3c)289
videos, w3c, standards, web, web-platform
Demystifying CORS: Understanding How Cross-Origin Resource Sharing Works288
cors, javascript
Towards HTTPS by Default (jde/dev)287
browsers, google, chrome, http, tls
Sophisticated, Highly-Targeted Attacks Continue to Plague npm286
npm
An Update on Chrome Security Updates—Shipping Security Fixes to You Faster285
browsers, google, chrome
Tuesday, August 8, 2023 Security Releases (raf/nod)284
release-notes, nodejs
SECURITY.md: Should I Have It? (mry/ecl)283
documentation
Publishing With npm Provenance From Private Source Repositories Is No Longer Supported (git)282
github, npm, provenance, foss
Social Engineering Campaign Targeting Tech Employees Spreading Through npm Malware (soc)281
malware, npm
Securing the Web Forward: Addressing Developer Concerns in Web Security (tor/w3c)280
web, surveys
Encoding: A Brief History and Its Role in Cybersecurity279
encoding, unicode, history
User Input Sanitization and Validation: Securing Your App278
sanitization, validation, conformance
Node.js Security Progress Report—17 Reports Closed (ope)277
nodejs
The Importance of Verifying Webhook Signatures276
webhooks
The Massive Bug at the Heart of the npm Ecosystem275
npm, dependencies, bugs
All You Need to Know About CORS and CORS Errors274
cors, errors
Understanding Authorization Before Authentication: Enhancing Web API Security273
authorization, authentication, apis, comparisons
An Introduction to Command Injection Vulnerabilities in Node.js and JavaScript272
introductions, vulnerabilities, nodejs, javascript
Django: A Security Improvement Coming to “format_html()” (ada)271
django, html
Tuesday, June 20, 2023 Security Releases (raf/nod)270
release-notes, nodejs
security.txt Now Mandatory for Dutch Government Websites269
legal
File Upload Security and Malware Protection (aus)268
malware, file-handling, edge-computing
Security Implications of HTTP Response Headers267
http, http-headers
The Case Against Automatic Dependency Updates (ben)266
dependencies, automation, ci-cd, maintenance
Automating Dependency Updates: The Big Debate265
dependencies, automation, ci-cd
Generating Provenance Statements264
npm, provenance
Introducing npm Package Provenance (git)263
introductions, github, npm, provenance, foss
8 Best Tools for Cryptography and Encryption (sta)262
link-lists, tooling, comparisons, cryptography, encryption, privacy
Dissecting npm Malware: Five Packages and Their Evil Install Scripts261
npm, malware
Passkeys: What the Heck and Why? (css)260
passkeys
Senior Engineering Strategies for Advanced React and TypeScript (tec)259
strategies, react, typescript, architecture, testing, performance, accessibility, maintenance
Cryptographically Protecting Your SPA258
single-page-apps, cryptography
Without Accessibility, There Is No Privacy or Security257
accessibility, privacy
Tips for Handling Dependabot, CodeQL, and Secret Scanning Alerts256
alerting, dependabot, tips-and-tricks
How to Password-Protect a Static HTML Page With No JS (ede)255
how-tos, css, fonts
SSL Certificates Explained254
videos, certificates, ssl, protocols
Quick Tip: How to Hash a Password in PHP253
how-tos, php, passwords, tips-and-tricks
Sandboxing JavaScript Code252
javascript
Unlocking Security Updates for Transitive Dependencies With npm (git)251
npm, dependencies, maintenance
7 Required Steps to Secure Your Iframes Security250
iframes, xss, html, http-headers, csp
Conditional API Responses for JavaScript vs. HTML Forms (aus)249
javascript, html, forms, comparisons
Why Do We Need Authorization and Authentication?248
authorization, authentication
The Top 10 Security Vulnerabilities for Web Applications247
vulnerabilities, web-apps
Leaked a Secret? Check Your GitHub Alerts… for Free (git)246
github
DOM Clobbering (fre/mat)245
dom
New npm Features for Secure Publishing and Safe Consumption (git)244
npm, dependencies
Using SRI to Protect From Malicious JavaScript (mat)243
javascript
WordPress Versions 3.7–4.0 No Longer Get Security Updates (sar)242
wordpress
“Not Secure” Warning for IE Mode241
browsers, microsoft, edge, internet-explorer
Node.js Security Best Practices (nod)240
nodejs, best-practices
npm Security: Preventing Supply Chain Attacks239
npm, dependencies
Secure JavaScript URL Validation238
javascript, validation, urls
Create a Passkey for Passwordless Logins (age/dev)237
authentication, passkeys
Designing a Secure API236
software-design, apis
Phylum Detects Active Typosquatting Campaign Targeting npm Developers235
npm, dependencies
Security (htt)234
web-almanac, studies, research, metrics
Continue Using .env Files as Usual233
environments
Quick Reminder: HTML5 “required” and “pattern” Are Not a Security Feature (cod)232
html, forms
Stop Using .env Files Now231
environments
Debunking Myths About HTTPS230
http, myths
Secure Your Node.js App With JSON Web Tokens (app)229
nodejs, json-web-tokens
Dependabot Unlocks Transitive Dependencies for npm Projects (git)228
dependencies, npm, dependabot
JavaScript Bugs Aplenty in Node.js Ecosystem—Found Automatically227
studies, research, nodejs, javascript, dependencies, quality, bugs
Introducing Even More Security Enhancements to npm (git)226
introductions, npm
Top 5 npm Vulnerability Scanners225
npm, vulnerabilities, tooling
What Is Passwordless Authentication and How to Implement It224
authentication, passwords
GA4 Is Being Blocked by Content Security Policy223
csp, metrics, google
Please Remove That .git Folder222
git
Should I Have Separate GitHub Accounts for Personal and Professional Projects?221
discussions, github, career
Understanding CSRF Attacks (zel)220
csrf
npm Security Update: Attack Campaign Using Stolen OAuth Tokens (git)219
oauth, version-control, npm, github
Snyk Finds 200+ Malicious npm Packages, Including Cobalt Strike Dependency Confusion Attacks218
javascript, npm, dependencies
Unexpectedly HTTPS?217
http
How to Respond to Growing Supply Chain Security Risks?216
how-tos, dependencies, nodejs, npm
The Web Is for Everyone: Our Vision for the Evolution of the Web (moz)215
web, outlooks, privacy, accessibility, performance, user-experience
Using HTTPS in Your Development Environment214
http, environments
How to Prevent SQL Injection Attacks in Node.js213
how-tos, nodejs, databases, sql
Can You Get Pwned With CSS?212
css
How to Fix Your Security Vulnerabilities With npm Override211
how-tos, vulnerabilities, npm, dependencies
Never, Ever, Ever Use Pixelation for Redacting Text210
content, images, obfuscation
Accessibly Insecure209
accessibility
Lessons Learned From Publishing a Content Security Policy208
lessons, csp
Ain’t No Party Like a Third Party (ada/css)207
dependencies, embed-code
Security (htt)206
web-almanac, studies, research, metrics
GitHub’s Commitment to npm Ecosystem Security (git)205
github, npm
Understanding and Implementing OAuth2 in Node.js (hon)204
nodejs, authorization, oauth
How to Win at CORS (jaf)203
how-tos, cors, html, http
The Options for Password-Revealing Inputs (chr/css)202
html, css, passwords, usability
npm Security Best Practices (owa)201
npm, best-practices
Encoding Data for POST Requests (jaf)200
javascript, encoding
NPM Global Audit199
packages, npm, quality, auditing
Understanding and Preventing Common Security Vulnerabilities198
vulnerabilities
Open Source Insights197
websites, foss, dependencies, licensing
I Learned to Love the Same-Origin Policy (eee/css)196
cors
Is Edge Computing Secure? Here Are 4 Security Risks to Be Aware Of195
edge-computing
TLS and mTLS Demystified194
tls, protocols
Best Practices for Inclusive Textual Websites193
performance, accessibility, best-practices
Clickjacking Attacks and How to Prevent Them192
how-tos
How to Safely Use GitHub Actions in Organizations (nza)191
how-tos, github-actions
What Is mTLS and How Does It Work?190
Mutual TLS: Stuff You Should Know189
tls, protocols
Don’t Try to Sanitize Input—Escape Output188
sanitization, escaping
Encrypting DNS Query Bad for Performance? (erw)187
performance, dns, http, encryption
Apple Joins FIDO Alliance, Commits to Getting Rid of Passwords (zdn)186
apple, fido, passwords, authentication
How to Automatically Update Your JavaScript Dependencies (spa/clo)185
how-tos, javascript, dependencies, automation, processes
What SSL Is, and Which Certificate Type Is Right for You184
ssl, certificates, privacy, concepts
Usability and Security; Better Together (24w)183
usability, user-experience
Server-Side Includes (SSI) Injection (owa)182
ssi
How Internet Security Works: TLS, SSL, and CA (osd)181
tls, ssl, protocols, certificates
Security and Privacy for Our Times (luk/w3c)180
privacy, web-platform
Web Feature Developers Told to Dial Up Attention on Privacy and Security (rip/tec)179
w3c, privacy, web-platform
CSS Security Vulnerabilities (chr/css)178
css, privacy, vulnerabilities
Understanding Subresource Integrity (dre/sma)177
hashing, embed-code
W3C Strategic Highlights: Web for All (Security, Privacy, Identity) (w3c)176
w3c, privacy, authentication
Guide to Web Authentication175
websites, authentication, webauthn, javascript
It’s Beginning to Look a Lot Like XSSmas (24w)174
vulnerabilities, csrf, xss
Protecting Your Site With Feature Policy (rac/sma)173
http-headers, http
AWS Security Guide: 7 Best Practices to Avoid Security Risks (wom)172
guides, aws, best-practices
WebAuthn, FIDO2 Infuse Browsers, Platforms With Strong Authentication (dar)171
w3c, fido, authentication, webauthn, browsers
In Your Face, Passwords: Big Three Browsers All Adopt Authentication API170
authentication, webauthn, apis, edge, microsoft, chrome, google, firefox, mozilla, browsers
HTTPS Is Easy (tro)169
websites, http
WordPress Security as a Process (sma)168
wordpress, processes
Making Your Website Faster and Safer With Cloudflare167
performance, caching, cloudflare
Validating Dependencies in the Project With npm-check and depcheck166
dependencies, maintenance, auditing, tooling, npm
Third Party CSS Is Not Safe (jaf)165
html, css, embed-code
Attackers Can Steal Sensitive Data by Abusing CSS—CSS Exfil Vulnerability164
css, csp
Building Secure JavaScript Applications163
javascript, xss, csrf, json-web-tokens, passwords
Creating Secure Password Resets With JSON Web Tokens (sma)162
passwords, json-web-tokens, nodejs
The Complete Guide to Switching From HTTP to HTTPS (sma)161
guides, http
How (Not) to Control Your CDN (mno)160
content-delivery, caching, http
How to Secure WordPress With SSL159
how-tos, wordpress, ssl
Encrypting IP Addresses (ber)158
ip, network, privacy, encryption
How to Secure Your Web App With HTTP Headers (sma)157
how-tos, web-apps, http, http-headers, csp
Just Another HTTPS Nudge (chr/css)156
http
On EME in HTML5 (tim/w3c)155
eme, drm, html, legal, standards, w3c
Using SSH Securely (ann)154
ssh
More Than 300 Federal Gov Websites Fail to Meet Domain Encryption Deadline153
http, tls, protocols, encryption
Content Security Policy Level 2 (mik+/w3c)152
standards, csp
A Checklist for Website Reviews (hcr)151
checklists, performance, browsers, seo, accessibility
Content Security Policy, Your Future Best Friend (sma)150
csp, link-lists
A Refined Content Security Policy (web)149
html, csp, webkit, safari, apple, browsers
The Performance Benefits of “rel=noopener” (jaf)148
html, links, performance
Web Platform Security Boundaries (ann)147
web-platform
Subresource Integrity (dev+/w3c)146
hashing, html, standards
W3C Looks to Secure the Web (sdt)145
w3c, authentication
Distribution Packages Considered Insecure144
dependencies, unix-like
The Current State of Web Security (An Interview With Anselm Hannemann) (hel+/css)143
interviews, http, ssl, tls, encryption, cloudflare, lets-encrypt
Eliminating Known Vulnerabilities With Snyk (sma)142
vulnerabilities, tooling
10 Web Predictions for 2016 (cra)141
web, outlooks, site-generators, browsers, css, mobile, performance, webassembly, seo
HSTS and “Let’s Encrypt” (tka)140
http, http-headers, ssl, lets-encrypt
An in-Depth Look at CORS139
cors, javascript, php
Indexing HTTPS Pages by Default138
google, search, http
Why Passwordless Authentication Works (cra)137
authentication, passwords
Introduction to TLS and SSL (ope)136
introductions, tls, ssl, protocols, certificates
A Simple Developer Error Is Exposing Private Information on Thousands of Websites (owe)135
version-control, git, mistakes, vulnerabilities
More Tips to Further Secure WordPress (eli)134
wordpress, tips-and-tricks, plugins
Improving Web Security With the Content Security Policy133
csp, http
Deprecating HTTP132
http, protocols, deprecation
Mozilla Wants to Deprecate Non-Secure HTTP, Will Make Proposals to W3C “Soon” (epr/ven)131
mozilla, http, deprecation
Want Fancy Firefox Features? Secure Your Website (sts/cne)130
firefox, mozilla, browsers, http
WordPress Front End Security: CSRF and Nonces (css)129
wordpress, csrf
Introduction to WordPress Front End Security: Escaping the Things (css)128
introductions, wordpress, escaping
What Are the Security Risks of HTML5 Apps?127
web-apps, sanitization
Moving to HTTPS on WordPress (chr/css)126
wordpress, http
Same-Origin Policy (ann)125
cors, web-platform
Securing the Web (w3c)124
web-platform
HTTPS as a Ranking Signal (met)123
google, search, http, seo
mXSS (gaz)122
xss, html
It’s Time to Encrypt the Entire Internet (kli/wir)121
web, http, ssl, encryption
3 Tips to Find Hacking on Your Site, and Ways to Prevent and Fix It120
search, google, tips-and-tricks
Cross-Origin Resource Sharing (ann/w3c)119
cors, standards
Despite Automatic Updates, Old Browsers Are Still a Problem (edb/zdn)118
browsers, web-platform, chrome, google, firefox, mozilla, internet-explorer, microsoft, safari, apple
Cross-Origin Resource Sharing on Track to Become a W3C Recommendation (sdt)117
w3c, cors, standards
Bid to Kill CAPTCHA Security Test Gains Momentum116
captcha, accessibility
We Should All Have Something to Hide115
privacy
Mobile Website Security114
mobile, hosting, policies
WordPress Security Tips113
wordpress, tips-and-tricks
Brad Hill: “HTML5 Security Realities” (chr/css)112
slides, xss, html
Bulletproof Your Drupal Website111
drupal
Top 10 PHP Security Vulnerabilities110
php, vulnerabilities
A Front End Engineer’s Manifesto (zac)109
websites, manifestos, user-experience, progressive-enhancement, simplicity, foss, accessibility, community, learning
A JavaScript Security Flaw108
javascript
The Secure Programmer’s Pledge107
manifestos
An Introduction to Content Security Policy (mik/dev)106
introductions, csp
Cross-Site Scripting Attacks (XSS)105
xss, examples
How to Secure Your WordPress Website (sma)104
how-tos, wordpress, link-lists
Using CORS (dev)103
cors
Some Notes on the Recent XML Encryption Attack (w3c)102
xml, encryption
XML Encryption Flaw Leaves Web Services Vulnerable (eur)101
web-services, xml, encryption
Notes From Writing HTML5 Media (bur)100
html, multimedia
HTTPS Is More Secure, So Why Isn’t the Web Using It? (ars)99
http, protocols, web
Web Cryptography: Salted Hash and Other Tasty Dishes (ali)98
cryptography
What Are the JSON Security Concerns in Web Development? (sim)97
json
What Is Cross Site Scripting or XSS? (chr/css)96
xss, javascript, concepts
Web Developers Accountable for HTML 5 Security95
html
HTML5 Raises New Security Issues94
html, browsers
10 Useful WordPress Security Tweaks (sma)93
wordpress
Web Security: Are You Part of the Problem? (cod/sma)92
vulnerabilities, php, javascript
Full Frontal ’09: Chris Heilmann on JavaScript Security (mic/aja)91
javascript
Cookies and Security (nza)90
cookies, xss, csrf
Finally Something to Get a Few More Users Off of IE 6? (dal/aja)89
internet-explorer, microsoft, browsers
The Internet Is Closing to Innovation (zit/new)88
web
You Could Be Getting Clickjacked (tec)87
vulnerabilities, frames, w3c
Video and Audio Tags and Cross Origin Access (dal/aja)86
html, multimedia
Dumb Security Tips: Think Before You Follow Online Guides (tan)85
tips-and-tricks
Alerting Webmasters to Webserver Vulnerabilities84
google
Simon Willison, @Media Ajax (mic/aja)83
ajax, xss, csrf, javascript, json
Frame-Busting Gadgets (mic)82
frames, iframes
Evil GIFs: Hiding Java in Your Image (dal/aja)81
gif, images, java
What’s in a “window.name”? (cod/aja)80
javascript
Internet Explorer 8 Promises Better Standards Compliance… and a Whole Lot More (est/cio)79
internet-explorer, microsoft, browsers, standards
Ajaxian Roundup for January 2008: JavaScript Turtles and IE 8 (dal/aja)78
javascript, prototypejs, dojo, extjs, jquery, gwt, yui, dwr, gears, flash, air, json, browsers, standards, css, design, comet, ajaxian, link-lists
Book Recommendation: AJAX Security by Hoffman and Sullivan77
books, ajax, javascript
Ajaxian Roundup for December 2007: It’s the End of the Year as We Know It (dal/aja)76
browsers, javascript, prototypejs, extjs, yui, jquery, microsoft, dwr, performance, gwt, comet, css, mobile, ajaxian, link-lists
Cross Site Scripting Joy (tri)75
xss
Making JavaScript Safe With No Script (dal/aja)74
javascript
Automated Security Scanners Choke on AJAX (rey/aja)73
ajax, javascript
Quick Security Checklist for Webmasters72
checklists
How to Protect a JSON or JavaScript Service71
how-tos, json, javascript
Securing Your JSON70
json, javascript, arrays
CSRF Protection Idea (dal/aja)69
csrf
JavaScript Security Experiments (mar)68
javascript, experiments
Security vs. Usability (nza)67
usability
Prepare for Attack—Making Your Web Applications More Secure66
web-apps, sql, xss, examples
JSON vs. XML: Browser Security Model (car)65
browsers, json, xml, comparisons
The Dangers of Cross-Domain AJAX With Flash (shi)64
ajax, javascript, flash
DOM vs. Web (mno)63
http, dom
AJAX: Is Your Application Secure Enough?62
ajax, javascript, web-apps
AJAX, XHR, JavaScript, and Cross Domain Security Story61
ajax, javascript
Top 7 PHP Security Blunders60
php, databases, sql
How to Make “XMLHttpRequest” Calls to Another Server in Your Domain59
how-tos, javascript
IE Frame Bug (dal/aja)58
internet-explorer, microsoft, browsers, frames
Validate Your Input!57
validation
JavaScript Security56
javascript
File Upload Security (lac)55
html, file-handling
Spot the Security Hole54
php
JavaScript and Security (sim)53
javascript
Handling Content From Strangers52
content
Web Services Security Gets Serious51
web-services
Getting Started With XML Security50
introductions, xml
Sorting Out the Web Services Security Landscape (tec)49
web-services, ssl, w3c
Website Experience Analyzer48
tools, analysis, performance, user-experience
Server Port Scanner47
tools, analysis, network, servers
Abuse Contact Lookup46
tools, analysis, policies
Content Security Policy Validator (CSP Validator)45
tools, analysis, csp, conformance
Content Security Policy Validator (Google)44
tools, analysis, csp, conformance
Cookie Use Checker43
tools, analysis, cookies
Cross-Site WebSocket Hijacking Tester42
tools, analysis
DNSSEC Checker41
tools, analysis, dns
Domain or IP Spam Checker40
tools, analysis, domains, ip
Email Blacklist Checker39
tools, analysis, email
Malware and Security Scanner38
tools, analysis
Site and Origin Comparer37
tools, analysis, comparisons
SPF Record Checker36
tools, analysis, dns, domains
SSL Checker (Qualys)35
tools, analysis, ssl, certificates
SSL Checker (SSL Shopper)34
tools, analysis, ssl, certificates
Virus Scanner33
tools, analysis
Website Certificate Fingerprint Checker32
tools, analysis, certificates
Website Headers Analyzer (Mozilla) (moz)31
tools, analysis, http, http-headers
Website Headers Analyzer (Security Headers)30
tools, analysis, http, http-headers
Website Scam Checker29
tools, analysis
Website Security Checker (Google)28
tools, analysis
Website Security Checker (Norton)27
tools, analysis
AES Encrypter and Decrypter26
tools, exploration, encryption
Blowfish Hash Generator25
tools, exploration, hashing
Browser Fingerprint Checker24
tools, exploration, browsers
“chmod” Calculator23
tools, exploration, permissions
CSR Decoder22
tools, exploration
Device Vulnerability Checker21
tools, exploration, vulnerabilities
Executable File Analyzer20
tools, exploration
Hash Generator19
tools, exploration, hashing
HMAC Checker18
tools, exploration
MD5 Hash Generator17
tools, exploration, hashing
Password Generator (Arantius.com)16
tools, exploration, passwords
Password Generator (Frontend Dogma) (fro)15
tools, exploration, frontend-dogma, passwords
Password Generator (Gibson Research Corporation)14
tools, exploration, passwords
Password Security Checker and Generator13
tools, exploration, passwords
Password Security Checker12
tools, exploration, passwords
Security Leak Victim Checker11
tools, exploration
SHA-512 Hash Generator10
tools, exploration, hashing
SPF Record Generator9
tools, exploration, dns, domains
SSL Client Checker8
tools, exploration, ssl, tls
Subresource Integrity Hash Generator (moz)7
tools, exploration, hashing
User Identity Generator6
tools, exploration, placeholders, randomness
Website Headers Analyzer (Dries Buytaert) (dri)5
tools, analysis, http, http-headers
WebRTC and IP Address Leak Checker4
tools, exploration, network, webrtc, ip, protocols
security.txt Generator3
tools, exploration, content