“security” Archive
- Open Source Security (OpenSSF) and OpenJS Foundations Issue Alert for Social Engineering Takeovers of Open Source Projects · · open-source
- Wednesday, April 10, 2024 Security Releases · · release-notes, nodejs
- The V8 Sandbox · · v8
- Wednesday, April 3, 2024 Security Releases · · release-notes, nodejs
- Using JSON Web Tokens With Node.js · · json-web-tokens, nodejs, authentication
- Building a Digital Fortress: How to Strengthen DNS Against DDoS Attacks? · · dns
- In-App Browsers Are Still a Privacy, Security, and Choice Problem · · user-agents, mobile, privacy
- How npm Install Scripts Can Be Weaponized: A Real-World Example of a Harmful npm Package · · npm, dependencies, examples
- Preventing SQL Injection Attacks in Node.js · · nodejs, databases, sql
- Wednesday, February 14, 2024 Security Releases · · release-notes, nodejs
- How to Boost WordPress Security and Protect Your SEO Ranking · · how-tos, wordpress, seo
- Malicious npm Package Masquerades as Noblox.js, Targeting Roblox Users for Data Theft · · npm, dependencies
- Practice Safe DSD With “setHTMLUnsafe” (It’s Complicated) · · html, dom, shadow-dom, apis
- Tuesday, February 6, 2024 Security Releases · · release-notes, nodejs
- JWT vs. Session Authentication · · authentication, json-web-tokens, comparisons
- GitHub, npm Registry Abused to Host SSH Key-Stealing Malware · · github, npm, open-source
- Deceptive Deprecation: The Truth About npm Deprecated Packages · · npm, dependencies, research
- Safely Accessing the DOM With Angular SSR · · dom, javascript, angular, server-side-rendering
- Node.js Security Progress Report—Progress on Permission Model, Fuzzer, and Connections With Community · · nodejs
- I Hate CORS · · videos, cors
- Building Multiple Progressive Web Apps on the Same Domain · · videos, web-apps, architecture
- Session-Based vs. Token-Based Authentication: Which Is Better? · · authentication, json-web-tokens, comparisons
- 10 Best Practices for Secure Code Review of Node.js Code · · best-practices, code-reviews, nodejs
- Security Headers Using “<meta>” · · csp, html
- Blind CSS Exfiltration: Exfiltrate Unknown Web Pages · · css
- Mastering Cryptography Fundamentals With Node’s “crypto” Module · · cryptography, nodejs
- Secure Code Review Tips to Defend Against Vulnerable Node.js Code · · nodejs, code-reviews
- Understanding CORS · · cors
- Secret Scanning Scans Public npm Packages · · github, npm, dependencies
- What the !#@% Is a Passkey? · · passwords
- Local HTTPS for Next.js 13.5 · · testing, http, nextjs
- A Comprehensive Guide to the Dangers of Regular Expressions in JavaScript · · guides, javascript, regex
- SSH Keys Stolen by Stream of Malicious PyPI and npm Packages · · ssh, dependencies, npm
- Best Practices for Securing Node.js Applications in Production · · best-practices, nodejs
- npm Provenance General Availability · · github, npm, provenance
- The WebP 0-Day · · webp, google, apple
- Open Source Trends to Look for in 2024 · · open-source, trends, visions, ai
- Securing Your Node.js Apps by Analyzing Real-World Command Injection Examples · · nodejs, history, examples
- How to Implement SSL/TLS Pinning in Node.js · · how-tos, ssl, tls, nodejs
- A More Intelligent and Secure Web · · videos, w3c, standards, web, web-platform
- Demystifying CORS: Understanding How Cross-Origin Resource Sharing Works · · cors, javascript
- Towards HTTPS by Default · · user-agents, google, chrome, http, tls
- Sophisticated, Highly-Targeted Attacks Continue to Plague npm · · npm
- An Update on Chrome Security Updates—Shipping Security Fixes to You Faster · · user-agents, google, chrome
- Tuesday, August 8, 2023 Security Releases · · release-notes, nodejs
- Publishing With npm Provenance from Private Source Repositories Is No Longer Supported · · github, npm, provenance, open-source
- Social Engineering Campaign Targeting Tech Employees Spreading Through npm Malware · · npm
- Securing the Web Forward: Addressing Developer Concerns in Web Security · · web, surveys
- Encoding: A Brief History and Its Role in Cybersecurity · · encoding, unicode, history
- Node.js Security Progress Report—17 Reports Closed · · nodejs
- The Importance of Verifying Webhook Signatures · · webhooks
- The Massive Bug at the Heart of the npm Ecosystem · · npm, dependencies
- All You Need to Know About CORS and CORS Errors · · cors, errors
- Understanding Authorization Before Authentication: Enhancing Web API Security · · authorization, authentication, apis, comparisons
- An Introduction to Command Injection Vulnerabilities in Node.js and JavaScript · · introductions, nodejs, javascript
- Tuesday, June 20, 2023 Security Releases · · release-notes, nodejs
- security.txt Now Mandatory for Dutch Government Websites · · legal
- File Upload Security and Malware Protection · · file-handling, edge-computing
- Security Implications of HTTP Response Headers · · http
- Introducing npm Package Provenance · · github, npm, provenance, open-source
- Generating Provenance Statements · · npm, provenance
- 8 Best Tools for Cryptography and Encryption · · link-lists, tooling, comparisons, cryptography, privacy
- Dissecting npm Malware: Five Packages and Their Evil Install Scripts · · npm
- Passkeys: What the Heck and Why? · · passwords
- Cryptographically Protecting Your SPA · · spas, cryptography
- Without Accessibility, There Is No Privacy or Security · · accessibility, privacy
- How to Password-Protect a Static HTML Page With No JS · · how-tos, css, fonts
- Quick Tip: How to Hash a Password in PHP · · how-tos, php, passwords, tips-and-tricks
- Sandboxing JavaScript Code · · javascript
- Unlocking Security Updates for Transitive Dependencies With npm · · npm, dependencies, maintenance
- Conditional API Responses for JavaScript vs. HTML Forms · · javascript, html, forms, comparisons
- Why Do We Need Authorization and Authentication? · · authorization, authentication
- The Top 10 Security Vulnerabilities for Web Applications · · web-apps
- Leaked a Secret? Check Your GitHub Alerts… for Free · · github
- DOM Clobbering · · dom
- New npm Features for Secure Publishing and Safe Consumption · · npm, dependencies
- Using SRI to Protect from Malicious JavaScript · · javascript
- WordPress Versions 3.7–4.0 No Longer Get Security Updates · · wordpress
- “Not Secure” Warning for IE Mode · · user-agents, microsoft, edge, internet-explorer
- Node.js Security Best Practices · · nodejs, best-practices
- npm Security: Preventing Supply Chain Attacks · · npm, dependencies
- Secure JavaScript URL Validation · · javascript, validation, urls
- Create a Passkey for Passwordless Logins · · authentication, passwords
- Designing a Secure API · · software-design, apis
- Phylum Detects Active Typosquatting Campaign Targeting npm Developers · · npm, dependencies
- Security · · studies, research
- Continue Using .env Files as Usual · · environments
- Quick Reminder: HTML5 “required” and “pattern” Are Not a Security Feature · · html, forms
- Stop Using .env Files Now · · environments
- Debunking Myths About HTTPS · · http
- Secure Your Node.js App With JSON Web Tokens · · nodejs, json-web-tokens
- Dependabot Unlocks Transitive Dependencies for npm Projects · · dependencies, npm
- JavaScript Bugs Aplenty in Node.js Ecosystem—Found Automatically · · studies, research, nodejs, javascript, dependencies, quality
- Introducing Even More Security Enhancements to npm · · npm
- What Is Passwordless Authentication and How to Implement It · · authentication, passwords
- GA4 Is Being Blocked by Content Security Policy · · csp, metrics, google
- Please Remove That .git Folder · · git
- Should I Have Separate GitHub Accounts for Personal and Professional Projects? · · discussions, github, career
- Understanding CSRF Attacks ·
- npm Security Update: Attack Campaign Using Stolen OAuth Tokens · · version-control, npm, github
- Snyk Finds 200+ Malicious npm Packages, Including Cobalt Strike Dependency Confusion Attacks · · javascript, npm, dependencies
- Unexpectedly HTTPS? · · http
- How to Respond to Growing Supply Chain Security Risks? · · how-tos, dependencies, nodejs, npm
- The Web Is for Everyone: Our Vision for the Evolution of the Web · · web, visions, privacy, accessibility, performance, user-experience
- Using HTTPS in Your Development Environment · · http, environments
- How to Prevent SQL Injection Attacks in Node.js · · how-tos, nodejs, databases, sql
- How to Fix Your Security Vulnerabilities With npm Override · · how-tos, npm, dependencies
- Can You Get Pwned With CSS? · · css
- Accessibly Insecure · · accessibility
- Lessons Learned from Publishing a Content Security Policy · · lessons, csp
- CSS Fingerprinting · · websites, css, privacy
- Ain’t No Party Like a Third Party · · dependencies, embed-code
- Security · · studies, research
- GitHub’s Commitment to npm Ecosystem Security · · github, npm
- Understanding and Implementing OAuth2 in Node.js · · nodejs
- How to Win at CORS · · how-tos, cors, html, http
- The Options for Password-Revealing Inputs · · html, css, passwords, usability
- npm Security Best Practices · · npm, best-practices
- Encoding Data for POST Requests · · javascript, encoding
- NPM Global Audit · · packages, npm, quality, auditing
- Understanding and Preventing Common Security Vulnerabilities ·
- Open Source Insights · · websites, open-source, dependencies, licensing
- Is Edge Computing Secure? Here Are 4 Security Risks to Be Aware Of · · edge-computing
- TLS and mTLS Demystified · · tls, protocols
- Best Practices for Inclusive Textual Websites · · performance, accessibility, best-practices
- What Is mTLS and How Does It Work? ·
- Mutual TLS: Stuff You Should Know · · tls, protocols
- ASCII to Unicode Encoder and Decoder · tools, exploration, conversion, unicode, encoding
- DNSSEC Checker · tools, analysis, dns
- Website Experience Analyzer · tools, analysis, performance, user-experience
- security.txt Generator · tools, exploration, content
- WebRTC and IP Address Leak Checker · tools, exploration, network, ip, protocols
- User Identity Generator · tools, exploration, placeholders, randomness
- Cross-Site WebSocket Hijacking Tester · tools, analysis
- Content Security Policy Validator (Google) · tools, analysis, csp, conformance
- Content Security Policy Validator (CSP Validator) · tools, analysis, csp, conformance
- Subresource Integrity Hash Generator · tools, exploration
- Website Headers Analyzer (Mozilla) · tools, analysis, http
- MD5 Hash Generator · tools, exploration
- Email Blacklist Checker · tools, analysis, email
- Website Headers Analyzer (Dries Buytaert) · tools, analysis, http
- SSL Checker (SSL Shopper) · tools, analysis, ssl
- SSL Checker (Qualys) · tools, analysis, ssl
- Website Headers Analyzer (Security Headers) · tools, analysis, http
- Password Security Checker · tools, exploration, passwords
- “chmod” Calculator · tools, exploration, permissions
- Website Security Checker (Google) · tools, analysis
- SPF Record Checker · tools, analysis
- Cookie Use Checker · tools, analysis, cookies
- Password Generator (Frontend Dogma) · tools, exploration, passwords
- SSL Client Checker · tools, exploration, ssl
- Password Security Checker and Generator · tools, exploration, passwords
- Password Generator (Gibson Research Corporation) · tools, exploration, passwords
- Password Generator (Arantius.com) · tools, exploration, passwords
- SPF Record Generator · tools, exploration, dns
- SHA-512 Hash Generator · tools, exploration
- Security Leak Victim Checker (Have I Been Pwned) · tools, exploration
- Security Leak Victim Checker (Hasso Plattner Institute) · tools, exploration
- HMAC Checker · tools, exploration
- Hash Generator · tools, exploration
- Executable File Analyzer · tools, exploration
- Device Vulnerability Checker · tools, exploration
- CSR Decoder · tools, exploration
- Browser Fingerprint Checker · tools, exploration, user-agents
- Blowfish Hash Generator · tools, exploration
- AES Encrypter and Decrypter · tools, exploration
- Domain or IP Spam Checker · tools, analysis, domains
- Server Port Scanner · tools, analysis, network, servers
- Abuse Contact Lookup · tools, analysis, policies
- Website Security Checker (Norton) · tools, analysis
- Website Scam Checker · tools, analysis
- Website Privacy Checker · tools, analysis, privacy
- Website Certificate Fingerprint Checker · tools, analysis
- Virus Scanner · tools, analysis
- Site and Origin Comparer · tools, analysis, comparisons
- Malware and Security Scanner · tools, analysis
- P3P Validator · tools, analysis, conformance