Tech does not just watch: Take action against Russia’s war on Ukraine 🇺🇦, and take action against Israel’s occupation, destruction, and ethnic cleansing of Palestine (history) 🇵🇸 Hide

Frontend Dogma

“security” News Archive

Definition, related topics, and tag feed

Definition · Supertopics: user-experience · Subtopics: authentication, authorization, certificates, cors, cryptography, csp, csrf, hashing, malware, privacy, provenance, randomness, sanitization, ssh, ssl, tls, validation, vulnerabilities, xss (non-exhaustive) · “security” RSS feed (per email)

Entry (Sources) and Additional TopicsDate#
A Security Checklist for Your React and Next.js Apps (the)497
react, nextjs
Security (vik+/htt)496
web-almanac, studies, research, metrics, tls, certificates, cookies, csp, http-headers, apis, sanitization, configuration
Node.js January 2026 Security Release: What Changed and Why It Matters (nod)495
nodejs
Tuesday, January 13, 2026 Security Releases (nod)494
release-notes, nodejs
Mitigating Denial-of-Service Vulnerability From Unrecoverable Stack Space Exhaustion for React, Next.js, and APM Users (mco+/nod)493
nodejs, vulnerabilities, react, nextjs, tooling, monitoring, performance
npm to Implement Staged Publishing After Turbulent Shift Off Classic Tokens (sar/soc)492
npm, dependencies, github
Security Basics for Vibe-Coders (owe/pro)491
fundamentals, vibe-coding, ai
Testing Methods: Accessible Authentication (Enhanced) (dec)490
accessibility, testing, wcag, authentication
Testing Methods: Accessible Authentication (Minimum) (dec)489
accessibility, testing, wcag, authentication
Denial of Service and Source Code Exposure in React Server Components (rea)488
react, components
Thursday, December 18, 2025 Security Releases (nod)487
release-notes, nodejs
How We’re Protecting Our Newsroom From npm Supply Chain Attacks (rya/pnp)486
npm, dependencies, case-studies
No More Tokens—Locking Down npm Publish Workflows (zac)485
npm, dependencies, github, processes
[Next.js] Security Advisory: CVE-2025-66478 (seb)484
nextjs
Critical Security Vulnerability in React Server Components (rea)483
react, components
Decreasing [Let’s Encrypt] Certificate Lifetimes to 45 Days (mat/let)482
http, certificates, lets-encrypt
Taking Down Next.js Servers for 0.0001 Cents a Pop481
servers, nextjs, vulnerabilities
The Shai-Hulud 2.0 npm Worm: Analysis, and What You Need to Know480
npm, dependencies
GitLab Discovers Widespread npm Supply Chain Attack (git)479
npm, dependencies, gitlab, github, aws, gcp, azure
Automated npm Secret Rotation in GitHub Actions (mhe)478
npm, automation, github-actions
What Developers Really Mean by “Bad Code” (jet)477
maintainability, scalability, consistency, quality
Introducing the OWASP Top 10:2025 (she+/owa)476
introductions, owasp, vulnerabilities
Removing XSLT for a More Secure Browser (dro/dev)475
chromium, chrome, google, browsers, xsl, web-platform
Will npm’s New Security Steps Stop Attacks? (rev)474
npm, github, maintenance, foss
HTTPS by Default (jde+)473
http, chrome, google, browsers
Agentic AI and Security (ksi/mfo)472
ai, architecture
Octoverse: A New Developer Joins GitHub Every Second as AI Leads TypeScript to #1 (git)471
github, metrics, productivity, ai, foss, programming
Glassworm: First Self-Propagating Worm Using Invisible Code Hits OpenVSX Marketplace470
code-editors, vs-code, microsoft
Improving the Trustworthiness of JavaScript on the Web (clo)469
javascript, web-apps
Past Time for Passkeys (nor)468
videos, passkeys, passwords, authentication
Secure Coding in JavaScript467
javascript, frameworks
My Conclusions After Using Signed Exchanges on My Website for 2 Years (paw)466
signed-exchanges, performance
Lazy-Loading as a Security Measure465
lazy-loading, angular, react
Backend Concepts Every Experienced Developers Must Know464
concepts, network, concurrency, apis, databases, caching, scalability, observability, architecture
Fixing Safari Mixed Content Issues With Vite and mkcert463
safari, apple, browsers, vite, tooling
How Deno Protects Against npm Exploits (den)462
deno, npm
Strengthening npm Security: Important Changes to Authentication and Token Management (git)461
npm
How Hackers Use AI to Find Vulnerabilities Faster460
ai
CAPTCHA, When Security Takes Precedence Over Accessibility459
captcha, accessibility
Our Plan for a More Secure npm Supply Chain (xco/git)458
npm, dependencies, foss
npm Security Best Practices457
npm, provenance, best-practices
This May Be the Worst One (the)456
videos, npm, dependencies
Ongoing Supply Chain Attack Targets CrowdStrike npm Packages (pvd+/soc)455
npm, dependencies
ctrl/tinycolor and 40+ npm Packages Compromised454
npm, dependencies
How Maintainer Burnout Is Causing a Kubernetes Security Disaster (the)453
kubernetes, maintenance, foss, economics
Oh No, Not Again… a Meditation on npm Supply Chain Attacks (tan)452
npm, dependencies, microsoft
Anatomy of a Billion-Download npm Supply-Chain Attack451
npm, dependencies
npm Author Qix Compromised via Phishing Email in Major Supply Chain Attack (bur+/soc)450
npm, dependencies
CORS Explained: Stop Struggling With Cross-Origin Errors449
cors, http-headers, http
How OpenJS-Hosted Projects Benefit From Security Support (ope)448
openjs, hosting, foss
Why You Absolutely Need to Have Automated Dependency Management in Place (j9t)447
dependencies, maintainability, maintenance, automation, tooling
What Your Website’s Style Says About You—and How Hackers Can Use It Against You (err)446
css, javascript
Hardening Node.js Apps in Production: 8 Layers of Practical Security445
nodejs, best-practices
eslint-config-prettier Compromised: How npm Package With 30 Million Downloads Spread Malware444
prettier, eslint, npm, malware
AI Agents Are Creating a New Security Nightmare for Enterprises and Startups (the)443
ai, apis
npm Phishing Email Targets Developers With Typosquatted Domain (sar/soc)442
npm
Tuesday, July 15, 2025 Security Releases (nod)441
release-notes, nodejs
Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader (soc)440
npm, dependencies
MCP Security Vulnerabilities and Attack Vectors439
mcp, ai
A New Era of Code Quality438
quality
JWTs Are Not Session Tokens, Stop Using Them Like One437
json-web-tokens, authentication
Design Patterns for Securing LLM Agents Against Prompt Injections (sim)436
studies, research, ai, prompting, software-design-patterns
The Growing Risk of Malicious Browser Extensions (soc)435
browser-extensions
Escaping “<” and “>” in Attributes—How It Helps Protect Against Mutation XSS (sec)434
html, attributes, xss, escaping, chrome, google, browsers
HTML Spec Change: Escaping “<” and “>” in Attributes (sec/dev)433
html, attributes, escaping, xss
Beware of End-of-Life Node.js Versions—Upgrade or Seek Post-EOL Support (mco/nod)432
nodejs, maintenance
How to Access Local MCP Servers Through a Secure Tunnel (the)431
how-tos, mcp, ai, servers, network
Docker Launches Hardened Images, Intensifying Secure Container Market (the)430
docker
Modernizing Security429
modernization, processes
Securing Your Node.js App From Command Injection428
nodejs
Passkeys for Normal People (tro)427
authentication, passkeys, examples, concepts
npm Targeted by Malware Campaign Mimicking Familiar Library Names (soc)426
npm, malware, dependencies, link-lists
What Is an Encryption Backdoor? (int)425
encryption, vulnerabilities, concepts
Cybersecurity Leaders Are Staying in the Shadows (ste)424
community, culture
Threat Actors Misuse Node.js to Deliver Malware and Other Malicious Payloads (mic)423
nodejs, malware
Principles for Coding Securely With LLMs (sea)422
ai, principles
TLS Certificate Lifetimes Will Officially Reduce to 47 Days421
tls, certificates
LLMs Can’t Stop Making Up Software Dependencies and Sabotaging Everything (tho/the)420
ai, dependencies
Secure a Vue App With OpenID Connect and the BFF Pattern (due)419
vuejs, authentication, backend-for-frontend
Teaching Code in the AI Era: Why Fundamentals Still Matter (ali)418
training, ai, programming, vibe-coding, scalability, performance, quality, testing, documentation
Stop Using Jenkins in 2025 (oso)417
jenkins, github-actions, ci-cd
Node.js Test CI Security Incident (nod)416
nodejs, retrospectives
Website Hijack Campaign Now Impacting 150,000 Sites (gad)415
Malware Found on npm Infecting Local Package With Reverse Shell (rev)414
npm, dependencies
Five Things Vibe Coders Should Know (From a Software Engineer) (uxd)413
vibe-coding, sanitization
GitHub Suffers a Cascading Supply Chain Attack Compromising CI/CD Secrets (inf)412
github, ci-cd
How to Prevent WordPress SQL Injection Attacks (sma)411
how-tos, wordpress, sql, databases
Lazarus Strikes npm Again With New Wave of Malicious Packages (soc)410
npm, dependencies
Updates on CVE for End-of-Life Versions (raf/nod)409
nodejs
What Is the OWASP Top 10 and How Can Your Team Benchmark Security? (jet)408
owasp, vulnerabilities, qodana, jetbrains
How to Protect Your Web Applications From XSS (tor/w3c)407
how-tos, web-apps, xss
In Tech, What Matters and What Is Dangerous (ham)406
community, foss, open-web
Secure UX: Building Cybersecurity and Privacy Into the UX Lifecycle (uxm)405
user-experience, processes
The Fallacy of Balance: Challenging the Notion of Security and Accessibility as Opposing Objectives (deq)404
videos, accessibility
It Is No Longer Safe to Move Our Governments and Societies to U.S. Clouds (ber)403
cloud-computing, privacy, legal
How OWASP Helps You Secure Your Full-Stack Web Applications (eri/sma)402
owasp, monitoring, authentication, vulnerabilities, configuration, csrf, cryptography, authorization
10 Common Web Development Mistakes to Avoid Right Now401
mistakes, mobile, performance, accessibility, seo, navigation, analytics, testing
Tightening Every Bolt (bag)400
videos, processes, code-reviews, testing
On Generative AI Security (sch)399
ai, lessons, microsoft
Understanding CORS Errors in Signed Exchanges (paw)398
cors, errors, signed-exchanges
Keep Your Node.js Apps Secure With “npx is-my-node-vulnerable” (tre)397
packages, npm, nodejs
How I Open-Sourced My Secret Access Tokens From GitHub, Slack, and npm—and Who Actually Cares396
github, slack, npm
Node.js EOL Versions CVE Dubbed the “Worst CVE of the Year” by Security Experts (sar/soc)395
nodejs, documentation
Tuesday, January 21, 2025 Security Releases (raf/nod)394
release-notes, nodejs
APIs Are Quickly Becoming the Latest Security Battleground (and Nightmare) (the)393
apis
CDN-First Is No Longer a Performance Feature (osv)392
content-delivery, performance, caching, embed-code, privacy
The Cyber-Cleanse: Take Back Your Digital Footprint (cyb)391
privacy
15 Principles for Secure Programming (rak)390
principles, validation, testing
Important Topics for Frontend Developers to Master in 2025389
learning, javascript, typescript, css, frameworks, git, apis, testing, performance, ci-cd, websockets
Developer Guide: How to Implement Passkeys388
guides, how-tos, authentication, passkeys
How to Automate OWASP Security Reviews in Your Pull Requests? (cod)387
how-tos, owasp, automation, code-reviews, coderabbit
5 Technical Trends to Help Web Developers Stand Out in 2025 (the)386
trends, career, javascript, ai, low-and-no-code
Avoid Hotlinking Images With “Cross-Origin-Resource-Policy”385
images
Content Security Policy Level 3 (mik/w3c)384
standards, csp
Security (htt)383
web-almanac, studies, research, metrics
JavaScript Import Attributes (ES2025) (tre)382
javascript
Exploring Internet Traffic Shifts and Cyber Attacks During the 2024 U.S. Election (clo)381
traffic
Securing Your Express REST API With Passport.js380
nodejs, express, json-web-tokens, apis, rest, tooling
SecretLint—a Linter for Preventing Committing Credentials (tre)379
tooling, linting
The Importance of UX in Cybersecurity (uxm)378
user-experience, usability
Understanding “npm audit” and Fixing Vulnerabilities377
npm, vulnerabilities, nodejs
Top 4 Web Vulnerabilities With Example and Mitigation376
vulnerabilities, sql, databases, xss, csrf
How to Implement Content Security Policy (CSP) Headers for Astro (tre)375
how-tos, http, http-headers, csp, astro, vercel, cloudflare
Why Code Security Matters—Even in Hardened Environments374
vulnerabilities, file-handling, nodejs
Database 101: SSL/TLS for Beginners373
introductions, databases, ssl, tls, authentication
Cloudflare Study: 39% of Companies Losing Control of Their IT and Security Environment (tre)372
studies, research, engineering-management
NIST Recommends Some Common-Sense Password Rules (sch)371
passwords, guidelines
I Finally Understand OAuth370
authorization, oauth, processes
Fake GitHub Site Targeting Developers (jul/san)369
github
Hacking Cars in JavaScript (Running Replay Attacks in the Browser With the HackRF) (dev)368
javascript
Gaining Access to Anyone’s Browser Without Them Even Visiting a Website367
arc, the-browser-company, browsers, vulnerabilities
10 AI Dangers and Risks and How to Manage Them (rin)366
ai, privacy, sustainability, legal
Web Security: Shaping the Secure Web (set/w3c)365
web, w3c
5 Wasm Use Cases for Frontend Development (ele/des)364
guest-posts, webassembly, performance
What Is Incident Response?363
incident-response, overviews
Migrating From Netlify to Cloudflare for AI Bot Protection (sia)362
migrating, netlify, cloudflare, ai
The Great npm Garbage Patch361
dependencies, npm, spam
Frontend Security Checklist (tre)360
checklists, react
Automated Ways to Security Audit Your Website359
auditing, automation, tooling
Secure Node.js Applications From Supply Chain Attacks358
nodejs, best-practices, dependencies
The Cloud Run Security Gap You Didn’t Know You Had (and How to Fix It)357
google, gcp
The Pitfalls of In-App Browsers (fro)356
browsers, mobile, privacy, user-experience
Supply Chain Security in npm—We Can Be Optimistic About the Future355
npm, dependencies, provenance
Script Integrity (chr/fro)354
embed-code, javascript
Introducing the MDN HTTP Observatory (mdn)353
introductions, mdn, mozilla, http
Tuesday, July 2, 2024 Security Releases (nod)352
release-notes, nodejs
WebAuthn: Enhancing Security With Minimal Effort (tbe)351
authentication, webauthn
RegreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH Server350
ssh, vulnerabilities
Polyfill Supply Chain Attack Embeds Malware in JavaScript CDN Assets349
malware, vulnerabilities
Catching Compromised Cookies348
cookies, testing
Backdoor Slipped Into Multiple WordPress Plugins in Ongoing Supply-Chain Attack (dan/ars)347
wordpress, plugins
The Hacking of Culture and the Creation of Socio-Technical Debt (sch)346
culture
OAuth Authentication (rya)345
authentication, authorization, oauth
Researchers Uncover npm Registry Vulnerability to Cache Poisoning and DoS Attacks (sar/soc)344
npm, dependencies, vulnerabilities, caching
What Is Mixed Content? (fre)343
http
The Ultimate Guide to Iframes (log)342
guides, iframes, html, javascript
How a Single Vulnerability Can Bring Down the JavaScript Ecosystem341
javascript, npm, dependencies, caching, vulnerabilities
JavaScript Security: Simple Practices to Secure Your Frontend340
javascript, dependencies, csp
Manifesto for a Humane Web (mic)339
websites, manifestos, web, principles, accessibility, dei, sustainability, user-experience
Securing Client-Side JavaScript (ada)338
javascript, graceful-degradation
Poor Express Authentication Patterns in Node.js and How to Avoid Them337
express, nodejs, authentication
Passkeys: A Shattered Dream (fir)336
authentication, passkeys
Using Legitimate GitHub URLs for Malware (sch)335
malware, github
When Security and Accessibility Clash: Why Are Banking Applications So Inaccessible? (nic)334
accessibility
Open Source Security (OpenSSF) and OpenJS Foundations Issue Alert for Social Engineering Takeovers of Open Source Projects (ope)333
foss, openjs
Wednesday, April 10, 2024 Security Releases (raf/nod)332
release-notes, nodejs
Node.js Secure Coding: Mitigate and Weaponize Code Injection Vulnerabilities331
books, nodejs, vulnerabilities
The Free Software Commons (jen)330
foss, community
The V8 Sandbox329
v8
Building a Digital Fortress: How to Strengthen DNS Against DDoS Attacks?328
dns
Using JSON Web Tokens With Node.js327
json-web-tokens, nodejs, authentication
Wednesday, April 3, 2024 Security Releases (nod)326
release-notes, nodejs
In-App Browsers Are Still a Privacy, Security, and Choice Problem (tho/the)325
browsers, mobile, privacy
CORS Finally Explained—Simply324
csrf, cors, concepts
How Does Single Sign-On (SSO) Work? (mil)323
authentication
How npm Install Scripts Can Be Weaponized: A Real-World Example of a Harmful npm Package (eth)322
npm, dependencies, examples
Preventing SQL Injection Attacks in Node.js321
nodejs, databases, sql
Frontend Application Security: Tips and Tricks320
web-apps, xss, csrf, authentication, dependencies, csp, validation, tips-and-tricks
Wednesday, February 14, 2024 Security Releases (raf+/nod)319
release-notes, nodejs
How to Boost WordPress Security and Protect Your SEO Ranking318
how-tos, wordpress, seo
Malicious npm Package Masquerades as Noblox.js, Targeting Roblox Users for Data Theft (sar/soc)317
npm, dependencies
Practice Safe DSD With “setHTMLUnsafe” (It’s Complicated) (jar/van)316
html, dom, shadow-dom, apis
Tuesday, February 6, 2024 Security Releases (raf/nod)315
release-notes, nodejs
JWT vs. Session Authentication314
authentication, json-web-tokens, comparisons
GitHub, npm Registry Abused to Host SSH Key-Stealing Malware313
github, npm, malware, foss
Navigating JavaScript Security: Recompiling Firefox to Bypass Anti-Debugger Techniques (gli)312
javascript, debugging, firefox, mozilla, browsers
Deceptive Deprecation: The Truth About npm Deprecated Packages311
deprecation, npm, dependencies, research
Safely Accessing the DOM With Angular SSR (dev)310
dom, javascript, angular, server-side-rendering
Node.js Security Progress Report—Progress on Permission Model, Fuzzer, and Connections With Community (ope)309
nodejs
I Hate CORS308
videos, cors
Building Multiple Progressive Web Apps on the Same Domain (dev)307
videos, web-apps, progressive-web-apps, architecture
Session-Based vs. Token-Based Authentication: Which Is Better?306
authentication, json-web-tokens, comparisons
10 Best Practices for Secure Code Review of Node.js Code305
best-practices, code-reviews, nodejs
Security Headers Using “<meta>” (sap/mat)304
csp, html
Blind CSS Exfiltration: Exfiltrate Unknown Web Pages303
css
Mastering Cryptography Fundamentals With Node’s “crypto” Module302
cryptography, nodejs
Secure Code Review Tips to Defend Against Vulnerable Node.js Code301
nodejs, code-reviews
Understanding CORS300
cors
Secret Scanning Scans Public npm Packages (git)299
github, npm, dependencies
What the !#@% Is a Passkey? (eff)298
passkeys
Local HTTPS for Next.js 13.5 (ami)297
testing, http, nextjs
Understanding XSS Attacks296
xss
A Comprehensive Guide to the Dangers of Regular Expressions in JavaScript (phi)295
guides, javascript, regex
Best Practices for Securing Node.js Applications in Production294
best-practices, nodejs
SSH Keys Stolen by Stream of Malicious PyPI and npm Packages (ble)293
ssh, dependencies, npm
npm Provenance General Availability (git)292
github, npm, provenance
Open Source Trends to Look for in 2024291
foss, trends, outlooks, ai
The WebP 0-Day290
webp, google, apple
Securing Your Node.js Apps by Analyzing Real-World Command Injection Examples289
nodejs, history, examples
How to Implement SSL/TLS Pinning in Node.js288
how-tos, ssl, tls, nodejs
A More Intelligent and Secure Web (ple/w3c)287
videos, w3c, standards, web, web-platform
Demystifying CORS: Understanding How Cross-Origin Resource Sharing Works286
cors, javascript
Towards HTTPS by Default (jde/dev)285
browsers, google, chrome, http, tls
Sophisticated, Highly-Targeted Attacks Continue to Plague npm284
npm
An Update on Chrome Security Updates—Shipping Security Fixes to You Faster283
browsers, google, chrome
Tuesday, August 8, 2023 Security Releases (raf/nod)282
release-notes, nodejs
SECURITY.md: Should I Have It? (mry/ecl)281
documentation
Publishing With npm Provenance From Private Source Repositories Is No Longer Supported (git)280
github, npm, provenance, foss
Social Engineering Campaign Targeting Tech Employees Spreading Through npm Malware (soc)279
malware, npm
Securing the Web Forward: Addressing Developer Concerns in Web Security (tor/w3c)278
web, surveys
Encoding: A Brief History and Its Role in Cybersecurity277
encoding, unicode, history
User Input Sanitization and Validation: Securing Your App276
sanitization, validation, conformance
Node.js Security Progress Report—17 Reports Closed (ope)275
nodejs
The Importance of Verifying Webhook Signatures274
webhooks
The Massive Bug at the Heart of the npm Ecosystem273
npm, dependencies
All You Need to Know About CORS and CORS Errors272
cors, errors
Understanding Authorization Before Authentication: Enhancing Web API Security271
authorization, authentication, apis, comparisons
An Introduction to Command Injection Vulnerabilities in Node.js and JavaScript270
introductions, vulnerabilities, nodejs, javascript
Django: A Security Improvement Coming to “format_html()” (ada)269
django, html
Tuesday, June 20, 2023 Security Releases (raf/nod)268
release-notes, nodejs
security.txt Now Mandatory for Dutch Government Websites267
legal
File Upload Security and Malware Protection (aus)266
malware, file-handling, edge-computing
Security Implications of HTTP Response Headers265
http, http-headers
The Case Against Automatic Dependency Updates (ben)264
dependencies, automation, ci-cd, maintenance
Automating Dependency Updates: The Big Debate263
dependencies, automation, ci-cd
Generating Provenance Statements262
npm, provenance
Introducing npm Package Provenance (git)261
introductions, github, npm, provenance, foss
8 Best Tools for Cryptography and Encryption (sta)260
link-lists, tooling, comparisons, cryptography, encryption, privacy
Dissecting npm Malware: Five Packages and Their Evil Install Scripts259
npm, malware
Passkeys: What the Heck and Why? (css)258
passkeys
Senior Engineering Strategies for Advanced React and TypeScript (tec)257
strategies, react, typescript, architecture, testing, performance, accessibility, maintenance
Cryptographically Protecting Your SPA256
single-page-apps, cryptography
Without Accessibility, There Is No Privacy or Security255
accessibility, privacy
Tips for Handling Dependabot, CodeQL, and Secret Scanning Alerts254
alerting, dependabot, tips-and-tricks
How to Password-Protect a Static HTML Page With No JS (ede)253
how-tos, css, fonts
SSL Certificates Explained252
videos, certificates, ssl, protocols
Quick Tip: How to Hash a Password in PHP251
how-tos, php, passwords, tips-and-tricks
Sandboxing JavaScript Code250
javascript
Unlocking Security Updates for Transitive Dependencies With npm (git)249
npm, dependencies, maintenance
7 Required Steps to Secure Your Iframes Security248
iframes, xss, html, http-headers, csp
Conditional API Responses for JavaScript vs. HTML Forms (aus)247
javascript, html, forms, comparisons
Why Do We Need Authorization and Authentication?246
authorization, authentication
The Top 10 Security Vulnerabilities for Web Applications245
vulnerabilities, web-apps
Leaked a Secret? Check Your GitHub Alerts… for Free (git)244
github
DOM Clobbering (fre/mat)243
dom
New npm Features for Secure Publishing and Safe Consumption (git)242
npm, dependencies
Using SRI to Protect From Malicious JavaScript (mat)241
javascript
WordPress Versions 3.7–4.0 No Longer Get Security Updates (sar)240
wordpress
“Not Secure” Warning for IE Mode239
browsers, microsoft, edge, internet-explorer
Node.js Security Best Practices (nod)238
nodejs, best-practices
npm Security: Preventing Supply Chain Attacks237
npm, dependencies
Secure JavaScript URL Validation236
javascript, validation, urls
Create a Passkey for Passwordless Logins (age/dev)235
authentication, passkeys
Designing a Secure API234
software-design, apis
Phylum Detects Active Typosquatting Campaign Targeting npm Developers233
npm, dependencies
Security (htt)232
web-almanac, studies, research, metrics
Continue Using .env Files as Usual231
environments
Quick Reminder: HTML5 “required” and “pattern” Are Not a Security Feature (cod)230
html, forms
Stop Using .env Files Now229
environments
Debunking Myths About HTTPS228
http, myths
Secure Your Node.js App With JSON Web Tokens (app)227
nodejs, json-web-tokens
Dependabot Unlocks Transitive Dependencies for npm Projects (git)226
dependencies, npm, dependabot
JavaScript Bugs Aplenty in Node.js Ecosystem—Found Automatically225
studies, research, nodejs, javascript, dependencies, quality
Introducing Even More Security Enhancements to npm (git)224
introductions, npm
Top 5 npm Vulnerability Scanners223
npm, vulnerabilities, tooling
What Is Passwordless Authentication and How to Implement It222
authentication, passwords
GA4 Is Being Blocked by Content Security Policy221
csp, metrics, google
Please Remove That .git Folder220
git
Should I Have Separate GitHub Accounts for Personal and Professional Projects?219
discussions, github, career
Understanding CSRF Attacks (zel)218
csrf
npm Security Update: Attack Campaign Using Stolen OAuth Tokens (git)217
oauth, version-control, npm, github
Snyk Finds 200+ Malicious npm Packages, Including Cobalt Strike Dependency Confusion Attacks216
javascript, npm, dependencies
Unexpectedly HTTPS?215
http
How to Respond to Growing Supply Chain Security Risks?214
how-tos, dependencies, nodejs, npm
The Web Is for Everyone: Our Vision for the Evolution of the Web (moz)213
web, outlooks, privacy, accessibility, performance, user-experience
Using HTTPS in Your Development Environment212
http, environments
How to Prevent SQL Injection Attacks in Node.js211
how-tos, nodejs, databases, sql
Can You Get Pwned With CSS?210
css
How to Fix Your Security Vulnerabilities With npm Override209
how-tos, vulnerabilities, npm, dependencies
Never, Ever, Ever Use Pixelation for Redacting Text208
content, images, obfuscation
Accessibly Insecure207
accessibility
Lessons Learned From Publishing a Content Security Policy206
lessons, csp
Ain’t No Party Like a Third Party (ada/css)205
dependencies, embed-code
Security (htt)204
web-almanac, studies, research, metrics
GitHub’s Commitment to npm Ecosystem Security (git)203
github, npm
Understanding and Implementing OAuth2 in Node.js (hon)202
nodejs, authorization, oauth
How to Win at CORS (jaf)201
how-tos, cors, html, http
The Options for Password-Revealing Inputs (chr/css)200
html, css, passwords, usability
npm Security Best Practices (owa)199
npm, best-practices
Encoding Data for POST Requests (jaf)198
javascript, encoding
NPM Global Audit197
packages, npm, quality, auditing
Understanding and Preventing Common Security Vulnerabilities196
vulnerabilities
Open Source Insights195
websites, foss, dependencies, licensing
I Learned to Love the Same-Origin Policy (eee/css)194
cors
Is Edge Computing Secure? Here Are 4 Security Risks to Be Aware Of193
edge-computing
TLS and mTLS Demystified192
tls, protocols
Best Practices for Inclusive Textual Websites191
performance, accessibility, best-practices
Clickjacking Attacks and How to Prevent Them190
how-tos
How to Safely Use GitHub Actions in Organizations (nza)189
how-tos, github-actions
What Is mTLS and How Does It Work?188
Mutual TLS: Stuff You Should Know187
tls, protocols
Don’t Try to Sanitize Input—Escape Output186
sanitization, escaping
Encrypting DNS Query Bad for Performance? (erw)185
performance, dns, http, encryption
Apple Joins FIDO Alliance, Commits to Getting Rid of Passwords (zdn)184
apple, fido, passwords, authentication
How to Automatically Update Your JavaScript Dependencies (spa/clo)183
how-tos, javascript, dependencies, automation, processes
What SSL Is, and Which Certificate Type Is Right for You182
ssl, certificates, privacy, concepts
Usability and Security; Better Together (24w)181
usability, user-experience
Server-Side Includes (SSI) Injection (owa)180
ssi
How Internet Security Works: TLS, SSL, and CA (osd)179
tls, ssl, protocols, certificates
Security and Privacy for Our Times (luk/w3c)178
privacy, web-platform
Web Feature Developers Told to Dial Up Attention on Privacy and Security (rip/tec)177
w3c, privacy, web-platform
CSS Security Vulnerabilities (chr/css)176
css, privacy, vulnerabilities
Understanding Subresource Integrity (dre/sma)175
hashing, embed-code
W3C Strategic Highlights: Web for All (Security, Privacy, Identity) (w3c)174
w3c, privacy, authentication
Guide to Web Authentication173
websites, authentication, webauthn, javascript
It’s Beginning to Look a Lot Like XSSmas (24w)172
vulnerabilities, csrf, xss
Protecting Your Site With Feature Policy (rac/sma)171
http-headers, http
AWS Security Guide: 7 Best Practices to Avoid Security Risks (wom)170
guides, aws, best-practices
WebAuthn, FIDO2 Infuse Browsers, Platforms With Strong Authentication (dar)169
w3c, fido, authentication, webauthn, browsers
In Your Face, Passwords: Big Three Browsers All Adopt Authentication API168
authentication, webauthn, apis, edge, microsoft, chrome, google, firefox, mozilla, browsers
HTTPS Is Easy (tro)167
websites, http
WordPress Security as a Process (sma)166
wordpress, processes
Making Your Website Faster and Safer With Cloudflare165
performance, caching, cloudflare
Validating Dependencies in the Project With npm-check and depcheck164
dependencies, maintenance, auditing, tooling, npm
Third Party CSS Is Not Safe (jaf)163
html, css, embed-code
Attackers Can Steal Sensitive Data by Abusing CSS—CSS Exfil Vulnerability162
css, csp
Building Secure JavaScript Applications161
javascript, xss, csrf, json-web-tokens, passwords
Creating Secure Password Resets With JSON Web Tokens (sma)160
passwords, json-web-tokens, nodejs
The Complete Guide to Switching From HTTP to HTTPS (sma)159
guides, http
How (Not) to Control Your CDN (mno)158
content-delivery, caching, http
How to Secure WordPress With SSL157
how-tos, wordpress, ssl
Encrypting IP Addresses (ber)156
ip, network, privacy, encryption
How to Secure Your Web App With HTTP Headers (sma)155
how-tos, web-apps, http, http-headers, csp
Just Another HTTPS Nudge (chr/css)154
http
On EME in HTML5 (tim/w3c)153
eme, drm, html, legal, standards, w3c
Using SSH Securely (ann)152
ssh
More Than 300 Federal Gov Websites Fail to Meet Domain Encryption Deadline151
http, tls, protocols, encryption
Content Security Policy Level 2 (mik+/w3c)150
standards, csp
A Checklist for Website Reviews (hcr)149
checklists, performance, browsers, seo, accessibility
Content Security Policy, Your Future Best Friend (sma)148
csp, link-lists
A Refined Content Security Policy (web)147
html, csp, webkit, safari, apple, browsers
The Performance Benefits of “rel=noopener” (jaf)146
html, links, performance
Web Platform Security Boundaries (ann)145
web-platform
Subresource Integrity (dev+/w3c)144
hashing, html, standards
W3C Looks to Secure the Web (sdt)143
w3c, authentication
Distribution Packages Considered Insecure142
dependencies, unix-like
The Current State of Web Security (An Interview With Anselm Hannemann) (hel+/css)141
interviews, http, ssl, tls, encryption, cloudflare, lets-encrypt
Eliminating Known Vulnerabilities With Snyk (sma)140
vulnerabilities, tooling
10 Web Predictions for 2016 (cra)139
web, outlooks, site-generators, browsers, css, mobile, performance, webassembly, seo
HSTS and “Let’s Encrypt” (tka)138
http, http-headers, ssl, lets-encrypt
An in-Depth Look at CORS137
cors, javascript, php
Indexing HTTPS Pages by Default136
google, search, http
Why Passwordless Authentication Works (cra)135
authentication, passwords
Introduction to TLS and SSL (ope)134
introductions, tls, ssl, protocols, certificates
A Simple Developer Error Is Exposing Private Information on Thousands of Websites (owe)133
version-control, git, mistakes, vulnerabilities
More Tips to Further Secure WordPress (eli)132
wordpress, tips-and-tricks, plugins
Improving Web Security With the Content Security Policy131
csp, http
Deprecating HTTP130
http, protocols, deprecation
Mozilla Wants to Deprecate Non-Secure HTTP, Will Make Proposals to W3C “Soon” (epr/ven)129
mozilla, http, deprecation
Want Fancy Firefox Features? Secure Your Website (sts/cne)128
firefox, mozilla, browsers, http
WordPress Front End Security: CSRF and Nonces (css)127
wordpress, csrf
Introduction to WordPress Front End Security: Escaping the Things (css)126
introductions, wordpress, escaping
What Are the Security Risks of HTML5 Apps?125
web-apps, sanitization
Moving to HTTPS on WordPress (chr/css)124
wordpress, http
Same-Origin Policy (ann)123
cors, web-platform
Securing the Web (w3c)122
web-platform
HTTPS as a Ranking Signal (met)121
google, search, http, seo
mXSS (gaz)120
xss, html
It’s Time to Encrypt the Entire Internet (kli/wir)119
web, http, ssl, encryption
3 Tips to Find Hacking on Your Site, and Ways to Prevent and Fix It118
search, google, tips-and-tricks
Cross-Origin Resource Sharing (ann/w3c)117
cors, standards
Despite Automatic Updates, Old Browsers Are Still a Problem (edb/zdn)116
browsers, web-platform, chrome, google, firefox, mozilla, internet-explorer, microsoft, safari, apple
Cross-Origin Resource Sharing on Track to Become a W3C Recommendation (sdt)115
w3c, cors, standards
Bid to Kill CAPTCHA Security Test Gains Momentum114
captcha, accessibility
We Should All Have Something to Hide113
privacy
Mobile Website Security112
mobile, hosting, policies
WordPress Security Tips111
wordpress, tips-and-tricks
Brad Hill: “HTML5 Security Realities” (chr/css)110
slides, xss, html
Bulletproof Your Drupal Website109
drupal
Top 10 PHP Security Vulnerabilities108
php, vulnerabilities
A Front End Engineer’s Manifesto (zac)107
websites, manifestos, user-experience, progressive-enhancement, simplicity, foss, accessibility, community, learning
A JavaScript Security Flaw106
javascript
The Secure Programmer’s Pledge105
manifestos
An Introduction to Content Security Policy (mik/dev)104
introductions, csp
Cross-Site Scripting Attacks (XSS)103
xss, examples
How to Secure Your WordPress Website (sma)102
how-tos, wordpress, link-lists
Using CORS (dev)101
cors
Some Notes on the Recent XML Encryption Attack (w3c)100
xml, encryption
XML Encryption Flaw Leaves Web Services Vulnerable (eur)99
web-services, xml, encryption
HTTPS Is More Secure, So Why Isn’t the Web Using It? (ars)98
http, protocols, web
Web Cryptography: Salted Hash and Other Tasty Dishes (ali)97
cryptography
What Are the JSON Security Concerns in Web Development? (sim)96
json
What Is Cross Site Scripting or XSS? (chr/css)95
xss, javascript, concepts
Web Developers Accountable for HTML 5 Security94
html
HTML5 Raises New Security Issues93
html, browsers
10 Useful WordPress Security Tweaks (sma)92
wordpress
Web Security: Are You Part of the Problem? (cod/sma)91
vulnerabilities, php, javascript
Full Frontal ’09: Chris Heilmann on JavaScript Security (mic/aja)90
javascript
Cookies and Security (nza)89
cookies, xss, csrf
Finally Something to Get a Few More Users Off of IE 6? (dal/aja)88
internet-explorer, microsoft, browsers
The Internet Is Closing to Innovation (zit/new)87
web
You Could Be Getting Clickjacked (tec)86
vulnerabilities, frames, w3c
Video and Audio Tags and Cross Origin Access (dal/aja)85
html, multimedia
Dumb Security Tips: Think Before You Follow Online Guides (tan)84
tips-and-tricks
Simon Willison, @Media Ajax (mic/aja)83
ajax, xss, csrf, javascript, json
Frame-Busting Gadgets (mic)82
frames, iframes
Evil GIFs: Hiding Java in Your Image (dal/aja)81
gif, images, java
What’s in a “window.name”? (cod/aja)80
javascript
Internet Explorer 8 Promises Better Standards Compliance… and a Whole Lot More (est/cio)79
internet-explorer, microsoft, browsers, standards
Ajaxian Roundup for January 2008: JavaScript Turtles and IE 8 (dal/aja)78
javascript, prototypejs, dojo, extjs, jquery, gwt, yui, dwr, gears, flash, air, json, browsers, standards, css, design, comet, ajaxian, link-lists
Book Recommendation: AJAX Security by Hoffman and Sullivan77
books, ajax, javascript
Ajaxian Roundup for December 2007: It’s the End of the Year as We Know It (dal/aja)76
browsers, javascript, prototypejs, extjs, yui, jquery, microsoft, dwr, performance, gwt, comet, css, mobile, ajaxian, link-lists
Cross Site Scripting Joy (tri)75
xss
Making JavaScript Safe With No Script (dal/aja)74
javascript
Automated Security Scanners Choke on AJAX (rey/aja)73
ajax, javascript
Quick Security Checklist for Webmasters72
checklists
How to Protect a JSON or JavaScript Service71
how-tos, json, javascript
Securing Your JSON70
json, javascript, arrays
CSRF Protection Idea (dal/aja)69
csrf
JavaScript Security Experiments (mar)68
javascript, experiments
Security vs. Usability (nza)67
usability
Prepare for Attack—Making Your Web Applications More Secure66
web-apps, sql, xss, examples
JSON vs. XML: Browser Security Model (car)65
browsers, json, xml, comparisons
The Dangers of Cross-Domain AJAX With Flash (shi)64
ajax, javascript, flash
DOM vs. Web (mno)63
http, dom
AJAX: Is Your Application Secure Enough?62
ajax, javascript, web-apps
AJAX, XHR, JavaScript, and Cross Domain Security Story61
ajax, javascript
Top 7 PHP Security Blunders60
php, databases, sql
How to Make “XMLHttpRequest” Calls to Another Server in Your Domain59
how-tos, javascript
IE Frame Bug (dal/aja)58
internet-explorer, microsoft, browsers, frames
Validate Your Input!57
validation
JavaScript Security56
javascript
File Upload Security (lac)55
html, file-handling
Spot the Security Hole54
php
JavaScript and Security (sim)53
javascript
Handling Content From Strangers52
content
Web Services Security Gets Serious51
web-services
Getting Started With XML Security50
introductions, xml
Sorting Out the Web Services Security Landscape (tec)49
web-services, ssl, w3c
Website Experience Analyzer48
tools, analysis, performance, user-experience
Server Port Scanner47
tools, analysis, network, servers
Abuse Contact Lookup46
tools, analysis, policies
Content Security Policy Validator (CSP Validator)45
tools, analysis, csp, conformance
Content Security Policy Validator (Google)44
tools, analysis, csp, conformance
Cookie Use Checker43
tools, analysis, cookies
Cross-Site WebSocket Hijacking Tester42
tools, analysis
DNSSEC Checker41
tools, analysis, dns
Domain or IP Spam Checker40
tools, analysis, domains, ip
Email Blacklist Checker39
tools, analysis, email
Malware and Security Scanner38
tools, analysis
Site and Origin Comparer37
tools, analysis, comparisons
SPF Record Checker36
tools, analysis, dns, domains
SSL Checker (Qualys)35
tools, analysis, ssl, certificates
SSL Checker (SSL Shopper)34
tools, analysis, ssl, certificates
Virus Scanner33
tools, analysis
Website Certificate Fingerprint Checker32
tools, analysis, certificates
Website Headers Analyzer (Mozilla) (moz)31
tools, analysis, http, http-headers
Website Headers Analyzer (Security Headers)30
tools, analysis, http, http-headers
Website Scam Checker29
tools, analysis
Website Security Checker (Google)28
tools, analysis
Website Security Checker (Norton)27
tools, analysis
AES Encrypter and Decrypter26
tools, exploration, encryption
Blowfish Hash Generator25
tools, exploration, hashing
Browser Fingerprint Checker24
tools, exploration, browsers
“chmod” Calculator23
tools, exploration, permissions
CSR Decoder22
tools, exploration
Device Vulnerability Checker21
tools, exploration, vulnerabilities
Executable File Analyzer20
tools, exploration
Hash Generator19
tools, exploration, hashing
HMAC Checker18
tools, exploration
MD5 Hash Generator17
tools, exploration, hashing
Password Generator (Arantius.com)16
tools, exploration, passwords
Password Generator (Frontend Dogma) (fro)15
tools, exploration, frontend-dogma, passwords
Password Generator (Gibson Research Corporation)14
tools, exploration, passwords
Password Security Checker and Generator13
tools, exploration, passwords
Password Security Checker12
tools, exploration, passwords
Security Leak Victim Checker11
tools, exploration
SHA-512 Hash Generator10
tools, exploration, hashing
SPF Record Generator9
tools, exploration, dns, domains
SSL Client Checker8
tools, exploration, ssl, tls
Subresource Integrity Hash Generator (moz)7
tools, exploration, hashing
User Identity Generator6
tools, exploration, placeholders, randomness
Website Headers Analyzer (Dries Buytaert) (dri)5
tools, analysis, http, http-headers
WebRTC and IP Address Leak Checker4
tools, exploration, network, webrtc, ip, protocols
security.txt Generator3
tools, exploration, content
ASCII to Unicode Encoder and Decoder2
tools, exploration, conversion, ascii, unicode, encoding
SSL Checker (EXPERTE.com)1
tools, analysis, ssl, certificates