| MCP Security Vulnerabilities and Attack Vectors | | 390 |
| mcp, ai |
| A New Era of Code Quality | | 389 |
| quality |
| The Growing Risk of Malicious Browser Extensions (soc) | | 388 |
| browser-extensions |
| Design Patterns for Securing LLM Agents Against Prompt Injections (sim) | | 387 |
| studies, research, ai, prompting, software-design-patterns |
| HTML Spec Change: Escaping “<” and “>” in Attributes (sec/dev) | | 386 |
| html, attributes, escaping, xss |
| Escaping “<” and “>” in Attributes—How It Helps Protect Against Mutation XSS (sec) | | 385 |
| html, attributes, xss, escaping, chrome, google, browsers |
| Beware of End-of-Life Node.js Versions—Upgrade or Seek Post-EOL Support (mco/nod) | | 384 |
| nodejs, maintenance |
| How to Access Local MCP Servers Through a Secure Tunnel (the) | | 383 |
| how-tos, mcp, ai, servers, network |
| Docker Launches Hardened Images, Intensifying Secure Container Market (the) | | 382 |
| docker |
| Securing Your Node.js App From Command Injection | | 381 |
| nodejs |
| Passkeys for Normal People (tro) | | 380 |
| authentication, passkeys, examples, concepts |
| npm Targeted by Malware Campaign Mimicking Familiar Library Names (soc) | | 379 |
| npm, malware, dependencies, link-lists |
| Threat Actors Misuse Node.js to Deliver Malware and Other Malicious Payloads (mic) | | 378 |
| nodejs, malware |
| Principles for Coding Securely With LLMs | | 377 |
| ai, principles |
| TLS Certificate Lifetimes Will Officially Reduce to 47 Days | | 376 |
| tls |
| LLMs Can’t Stop Making Up Software Dependencies and Sabotaging Everything (tho/the) | | 375 |
| ai, dependencies |
| Secure a Vue App With OpenID Connect and the BFF Pattern (due) | | 374 |
| vuejs, authentication, backend-for-frontend |
| Teaching Code in the AI Era: Why Fundamentals Still Matter (ali) | | 373 |
| training, ai, programming, vibe-coding, scalability, performance, quality, testing, documentation |
| Stop Using Jenkins in 2025 (oso) | | 372 |
| jenkins, github-actions, ci-cd |
| Node.js Test CI Security Incident (nod) | | 371 |
| nodejs, retrospectives |
| Website Hijack Campaign Now Impacting 150,000 Sites (gad) | | 370 |
|
| Malware Found on npm Infecting Local Package With Reverse Shell (rev) | | 369 |
| npm, dependencies |
| Five Things Vibe Coders Should Know (From a Software Engineer) (uxd) | | 368 |
| vibe-coding, sanitization |
| GitHub Suffers a Cascading Supply Chain Attack Compromising CI/CD Secrets (inf) | | 367 |
| github, ci-cd |
| How to Prevent WordPress SQL Injection Attacks (sma) | | 366 |
| how-tos, wordpress, sql, databases |
| Lazarus Strikes npm Again With New Wave of Malicious Packages (soc) | | 365 |
| npm, dependencies |
| What Is the OWASP Top 10 and How Can Your Team Benchmark Security? (jet) | | 364 |
| owasp, vulnerabilities, qodana, jetbrains |
| Updates on CVE for End-of-Life Versions (raf/nod) | | 363 |
| nodejs |
| How to Protect Your Web Applications From XSS (tor/w3c) | | 362 |
| how-tos, web-apps, xss |
| Secure UX: Building Cybersecurity and Privacy Into the UX Lifecycle (uxm) | | 361 |
| user-experience, processes |
| The Fallacy of Balance: Challenging the Notion of Security and Accessibility as Opposing Objectives (deq) | | 360 |
| videos, accessibility |
| It Is No Longer Safe to Move Our Governments and Societies to U.S. Clouds (ber) | | 359 |
| cloud-computing, privacy, legal |
| How OWASP Helps You Secure Your Full-Stack Web Applications (eri/sma) | | 358 |
| owasp, monitoring, authentication, vulnerabilities, configuration, csrf, cryptography, authorization |
| 10 Common Web Development Mistakes to Avoid Right Now | | 357 |
| mistakes, mobile, performance, accessibility, seo, navigation, analytics, testing |
| Tightening Every Bolt (bag) | | 356 |
| videos, processes, code-reviews, testing |
| On Generative AI Security (sch) | | 355 |
| ai, lessons, microsoft |
| Understanding CORS Errors in Signed Exchanges (paw) | | 354 |
| cors, errors, signed-exchanges |
| Keep Your Node.js Apps Secure With “npx is-my-node-vulnerable” (tre) | | 353 |
| packages, npm, nodejs |
| How I Open-Sourced My Secret Access Tokens From GitHub, Slack, and npm—and Who Actually Cares | | 352 |
| github, slack, npm |
| Node.js EOL Versions CVE Dubbed the “Worst CVE of the Year” by Security Experts (sar/soc) | | 351 |
| nodejs, documentation |
| Tuesday, January 21, 2025 Security Releases (raf/nod) | | 350 |
| release-notes, nodejs |
| APIs Are Quickly Becoming the Latest Security Battleground (and Nightmare) (the) | | 349 |
| apis |
| CDN-First Is No Longer a Performance Feature (osv) | | 348 |
| content-delivery, performance, caching, embed-code, privacy |
| The Cyber-Cleanse: Take Back Your Digital Footprint (cyb) | | 347 |
| privacy |
| 15 Principles for Secure Programming (rak) | | 346 |
| principles, validation, testing |
| Important Topics for Frontend Developers to Master in 2025 | | 345 |
| learning, javascript, typescript, css, frameworks, git, apis, testing, performance, ci-cd, websockets |
| How to Automate OWASP Security Reviews in Your Pull Requests? (cod) | | 344 |
| how-tos, owasp, automation, code-reviews, coderabbit |
| Developer Guide: How to Implement Passkeys | | 343 |
| guides, how-tos, authentication, passkeys |
| 5 Technical Trends to Help Web Developers Stand Out in 2025 (the) | | 342 |
| trends, career, javascript, ai, low-and-no-code |
| Avoid Hotlinking Images With “Cross-Origin-Resource-Policy” | | 341 |
| images |
| Content Security Policy Level 3 (mik/w3c) | | 340 |
| standards, csp |
| Security (htt) | | 339 |
| web-almanac, studies, research, metrics |
| JavaScript Import Attributes (ES2025) (tre) | | 338 |
| javascript |
| Exploring Internet Traffic Shifts and Cyber Attacks During the 2024 U.S. Election (clo) | | 337 |
| traffic |
| Securing Your Express REST API With Passport.js | | 336 |
| nodejs, express, json-web-tokens, apis, rest, tooling |
| SecretLint—a Linter for Preventing Committing Credentials (tre) | | 335 |
| tooling, linting |
| Top 4 Web Vulnerabilities With Example and Mitigation | | 334 |
| vulnerabilities, sql, databases, xss, csrf |
| The Importance of UX in Cybersecurity (uxm) | | 333 |
| user-experience, usability |
| Understanding “npm audit” and Fixing Vulnerabilities | | 332 |
| npm, vulnerabilities, nodejs |
| How to Implement Content Security Policy (CSP) Headers for Astro (tre) | | 331 |
| how-tos, http, http-headers, csp, astro, vercel, cloudflare |
| Why Code Security Matters—Even in Hardened Environments | | 330 |
| vulnerabilities, file-handling, nodejs |
| Database 101: SSL/TLS for Beginners | | 329 |
| introductions, databases, ssl, tls, authentication |
| Cloudflare Study: 39% of Companies Losing Control of Their IT and Security Environment (tre) | | 328 |
| studies, research, engineering-management |
| NIST Recommends Some Common-Sense Password Rules (sch) | | 327 |
| passwords, guidelines |
| I Finally Understand OAuth | | 326 |
| authorization, oauth, processes |
| Fake GitHub Site Targeting Developers (jul/san) | | 325 |
| github |
| Hacking Cars in JavaScript (Running Replay Attacks in the Browser With the HackRF) (dev) | | 324 |
| javascript |
| Gaining Access to Anyone’s Browser Without Them Even Visiting a Website | | 323 |
| arc, the-browser-company, browsers, vulnerabilities |
| 5 Wasm Use Cases for Frontend Development (des) | | 322 |
| guest-posts, webassembly, performance |
| Web Security: Shaping the Secure Web (set/w3c) | | 321 |
| web, w3c |
| What Is Incident Response? | | 320 |
| incident-response, overviews |
| Migrating From Netlify to Cloudflare for AI Bot Protection (sia) | | 319 |
| migrating, netlify, cloudflare, ai |
| The Great npm Garbage Patch | | 318 |
| dependencies, npm, spam |
| Frontend Security Checklist (tre) | | 317 |
| checklists, react |
| Automated Ways to Security Audit Your Website | | 316 |
| auditing, automation, tooling |
| Secure Node.js Applications From Supply Chain Attacks | | 315 |
| nodejs, best-practices, dependencies |
| The Cloud Run Security Gap You Didn’t Know You Had (and How to Fix It) | | 314 |
| google, gcp |
| The Pitfalls of In-App Browsers (fro) | | 313 |
| browsers, mobile, privacy, user-experience |
| Supply Chain Security in npm—We Can Be Optimistic About the Future | | 312 |
| npm, dependencies, provenance |
| Script Integrity (chr/fro) | | 311 |
| embed-code, javascript |
| WebAuthn: Enhancing Security With Minimal Effort (tbe) | | 310 |
| authentication, webauthn |
| Introducing the MDN HTTP Observatory (mdn) | | 309 |
| introductions, mdn, mozilla, http |
| Tuesday, July 2, 2024 Security Releases (nod) | | 308 |
| release-notes, nodejs |
| RegreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH Server | | 307 |
| ssh, vulnerabilities |
| Polyfill Supply Chain Attack Embeds Malware in JavaScript CDN Assets (sny) | | 306 |
| malware, vulnerabilities |
| Catching Compromised Cookies | | 305 |
| cookies, testing |
| Backdoor Slipped Into Multiple WordPress Plugins in Ongoing Supply-Chain Attack (dan/ars) | | 304 |
| wordpress, plugins |
| The Hacking of Culture and the Creation of Socio-Technical Debt (sch) | | 303 |
| culture |
| OAuth Authentication (rya) | | 302 |
| authentication, authorization, oauth |
| What Is Mixed Content? (fre) | | 301 |
| http |
| Researchers Uncover npm Registry Vulnerability to Cache Poisoning and DoS Attacks (sar/soc) | | 300 |
| npm, dependencies, vulnerabilities, caching |
| The Ultimate Guide to Iframes (log) | | 299 |
| guides, iframes, html, javascript |
| How a Single Vulnerability Can Bring Down the JavaScript Ecosystem | | 298 |
| javascript, npm, dependencies, caching, vulnerabilities |
| JavaScript Security: Simple Practices to Secure Your Frontend | | 297 |
| javascript, dependencies, csp |
| Manifesto for a Humane Web (mic) | | 296 |
| websites, manifestos, web, principles, accessibility, dei, sustainability, user-experience |
| Securing Client-Side JavaScript (ada) | | 295 |
| javascript, graceful-degradation |
| Poor Express Authentication Patterns in Node.js and How to Avoid Them | | 294 |
| express, nodejs, authentication |
| Passkeys: A Shattered Dream (fir) | | 293 |
| authentication, passkeys |
| Using Legitimate GitHub URLs for Malware (sch) | | 292 |
| malware, github |
| When Security and Accessibility Clash: Why Are Banking Applications So Inaccessible? (nic) | | 291 |
| accessibility |
| Open Source Security (OpenSSF) and OpenJS Foundations Issue Alert for Social Engineering Takeovers of Open Source Projects (ope) | | 290 |
| foss |
| Wednesday, April 10, 2024 Security Releases (raf/nod) | | 289 |
| release-notes, nodejs |
| Node.js Secure Coding: Mitigate and Weaponize Code Injection Vulnerabilities | | 288 |
| books, nodejs, vulnerabilities |
| The Free Software Commons (jen) | | 287 |
| foss, community |
| The V8 Sandbox | | 286 |
| v8 |
| Building a Digital Fortress: How to Strengthen DNS Against DDoS Attacks? | | 285 |
| dns |
| Using JSON Web Tokens With Node.js | | 284 |
| json-web-tokens, nodejs, authentication |
| Wednesday, April 3, 2024 Security Releases (nod) | | 283 |
| release-notes, nodejs |
| In-App Browsers Are Still a Privacy, Security, and Choice Problem (tho/the) | | 282 |
| browsers, mobile, privacy |
| CORS Finally Explained—Simply | | 281 |
| csrf, cors, concepts |
| How Does Single Sign-On (SSO) Work? (mil) | | 280 |
| authentication |
| How npm Install Scripts Can Be Weaponized: A Real-World Example of a Harmful npm Package (eth) | | 279 |
| npm, dependencies, examples |
| Preventing SQL Injection Attacks in Node.js (sny) | | 278 |
| nodejs, databases, sql |
| Frontend Application Security: Tips and Tricks | | 277 |
| web-apps, xss, csrf, authentication, dependencies, csp, validation, tips-and-tricks |
| Wednesday, February 14, 2024 Security Releases (raf+/nod) | | 276 |
| release-notes, nodejs |
| How to Boost WordPress Security and Protect Your SEO Ranking | | 275 |
| how-tos, wordpress, seo |
| Malicious npm Package Masquerades as Noblox.js, Targeting Roblox Users for Data Theft (sar/soc) | | 274 |
| npm, dependencies |
| Practice Safe DSD With “setHTMLUnsafe” (It’s Complicated) (jar/van) | | 273 |
| html, dom, shadow-dom, apis |
| Tuesday, February 6, 2024 Security Releases (raf/nod) | | 272 |
| release-notes, nodejs |
| JWT vs. Session Authentication | | 271 |
| authentication, json-web-tokens, comparisons |
| GitHub, npm Registry Abused to Host SSH Key-Stealing Malware | | 270 |
| github, npm, malware, foss |
| Deceptive Deprecation: The Truth About npm Deprecated Packages | | 269 |
| npm, dependencies, research |
| Safely Accessing the DOM With Angular SSR (dev) | | 268 |
| dom, javascript, angular, server-side-rendering |
| Node.js Security Progress Report—Progress on Permission Model, Fuzzer, and Connections With Community (ope) | | 267 |
| nodejs |
| I Hate CORS | | 266 |
| videos, cors |
| Building Multiple Progressive Web Apps on the Same Domain (dev) | | 265 |
| videos, web-apps, progressive-web-apps, architecture |
| Session-Based vs. Token-Based Authentication: Which Is Better? | | 264 |
| authentication, json-web-tokens, comparisons |
| 10 Best Practices for Secure Code Review of Node.js Code | | 263 |
| best-practices, code-reviews, nodejs |
| Security Headers Using “<meta>” (sap/mat) | | 262 |
| csp, html |
| Blind CSS Exfiltration: Exfiltrate Unknown Web Pages | | 261 |
| css |
| Mastering Cryptography Fundamentals With Node’s “crypto” Module | | 260 |
| cryptography, nodejs |
| Secure Code Review Tips to Defend Against Vulnerable Node.js Code | | 259 |
| nodejs, code-reviews |
| Understanding CORS | | 258 |
| cors |
| What the !#@% Is a Passkey? (eff) | | 257 |
| passkeys |
| Secret Scanning Scans Public npm Packages (git) | | 256 |
| github, npm, dependencies |
| Local HTTPS for Next.js 13.5 (ami) | | 255 |
| testing, http, nextjs |
| Understanding XSS Attacks (ver) | | 254 |
| xss |
| A Comprehensive Guide to the Dangers of Regular Expressions in JavaScript (phi) | | 253 |
| guides, javascript, regex |
| SSH Keys Stolen by Stream of Malicious PyPI and npm Packages (ble) | | 252 |
| ssh, dependencies, npm |
| Best Practices for Securing Node.js Applications in Production | | 251 |
| best-practices, nodejs |
| npm Provenance General Availability (git) | | 250 |
| github, npm, provenance |
| Open Source Trends to Look for in 2024 | | 249 |
| foss, trends, outlooks, ai |
| The WebP 0-Day | | 248 |
| webp, google, apple |
| Securing Your Node.js Apps by Analyzing Real-World Command Injection Examples | | 247 |
| nodejs, history, examples |
| How to Implement SSL/TLS Pinning in Node.js (sny) | | 246 |
| how-tos, ssl, tls, nodejs |
| A More Intelligent and Secure Web (ple/w3c) | | 245 |
| videos, w3c, standards, web, web-platform |
| Demystifying CORS: Understanding How Cross-Origin Resource Sharing Works | | 244 |
| cors, javascript |
| Towards HTTPS by Default (jde/dev) | | 243 |
| browsers, google, chrome, http, tls |
| Sophisticated, Highly-Targeted Attacks Continue to Plague npm | | 242 |
| npm |
| An Update on Chrome Security Updates—Shipping Security Fixes to You Faster | | 241 |
| browsers, google, chrome |
| Tuesday, August 8, 2023 Security Releases (raf/nod) | | 240 |
| release-notes, nodejs |
| Publishing With npm Provenance From Private Source Repositories Is No Longer Supported (git) | | 239 |
| github, npm, provenance, foss |
| Social Engineering Campaign Targeting Tech Employees Spreading Through npm Malware (soc) | | 238 |
| malware, npm |
| Securing the Web Forward: Addressing Developer Concerns in Web Security (tor/w3c) | | 237 |
| web, surveys |
| Encoding: A Brief History and Its Role in Cybersecurity | | 236 |
| encoding, unicode, history |
| User Input Sanitization and Validation: Securing Your App | | 235 |
| sanitization, validation, conformance |
| Node.js Security Progress Report—17 Reports Closed (ope) | | 234 |
| nodejs |
| The Importance of Verifying Webhook Signatures (sny) | | 233 |
| webhooks |
| The Massive Bug at the Heart of the npm Ecosystem | | 232 |
| npm, dependencies |
| An Introduction to Command Injection Vulnerabilities in Node.js and JavaScript | | 231 |
| introductions, vulnerabilities, nodejs, javascript |
| Understanding Authorization Before Authentication: Enhancing Web API Security | | 230 |
| authorization, authentication, apis, comparisons |
| All You Need to Know About CORS and CORS Errors | | 229 |
| cors, errors |
| Django: A Security Improvement Coming to “format_html()” (ada) | | 228 |
| django, html |
| Tuesday, June 20, 2023 Security Releases (raf/nod) | | 227 |
| release-notes, nodejs |
| security.txt Now Mandatory for Dutch Government Websites | | 226 |
| legal |
| File Upload Security and Malware Protection (aus) | | 225 |
| malware, file-handling, edge-computing |
| Security Implications of HTTP Response Headers (sny) | | 224 |
| http, http-headers |
| Generating Provenance Statements | | 223 |
| npm, provenance |
| Introducing npm Package Provenance (git) | | 222 |
| introductions, github, npm, provenance, foss |
| 8 Best Tools for Cryptography and Encryption (sta) | | 221 |
| link-lists, tooling, comparisons, cryptography, encryption, privacy |
| Dissecting npm Malware: Five Packages and Their Evil Install Scripts | | 220 |
| npm, malware |
| Passkeys: What the Heck and Why? (css) | | 219 |
| passkeys |
| Senior Engineering Strategies for Advanced React and TypeScript (tec) | | 218 |
| strategies, react, typescript, architecture, testing, performance, accessibility, maintenance |
| Cryptographically Protecting Your SPA | | 217 |
| single-page-apps, cryptography |
| Without Accessibility, There Is No Privacy or Security | | 216 |
| accessibility, privacy |
| How to Password-Protect a Static HTML Page With No JS (ede) | | 215 |
| how-tos, css, fonts |
| Quick Tip: How to Hash a Password in PHP | | 214 |
| how-tos, php, passwords, tips-and-tricks |
| Sandboxing JavaScript Code | | 213 |
| javascript |
| Unlocking Security Updates for Transitive Dependencies With npm (git) | | 212 |
| npm, dependencies, maintenance |
| 7 Required Steps to Secure Your Iframes Security | | 211 |
| iframes, xss, html, http-headers, csp |
| Conditional API Responses for JavaScript vs. HTML Forms (aus) | | 210 |
| javascript, html, forms, comparisons |
| Why Do We Need Authorization and Authentication? | | 209 |
| authorization, authentication |
| The Top 10 Security Vulnerabilities for Web Applications | | 208 |
| vulnerabilities, web-apps |
| Leaked a Secret? Check Your GitHub Alerts… for Free (git) | | 207 |
| github |
| DOM Clobbering (fre/mat) | | 206 |
| dom |
| New npm Features for Secure Publishing and Safe Consumption (git) | | 205 |
| npm, dependencies |
| Using SRI to Protect From Malicious JavaScript (mat) | | 204 |
| javascript |
| WordPress Versions 3.7–4.0 No Longer Get Security Updates (sar) | | 203 |
| wordpress |
| “Not Secure” Warning for IE Mode | | 202 |
| browsers, microsoft, edge, internet-explorer |
| Node.js Security Best Practices (nod) | | 201 |
| nodejs, best-practices |
| npm Security: Preventing Supply Chain Attacks (sny) | | 200 |
| npm, dependencies |
| Secure JavaScript URL Validation (sny) | | 199 |
| javascript, validation, urls |
| Create a Passkey for Passwordless Logins (age/dev) | | 198 |
| authentication, passkeys |
| Designing a Secure API | | 197 |
| software-design, apis |
| Phylum Detects Active Typosquatting Campaign Targeting npm Developers | | 196 |
| npm, dependencies |
| Security (htt) | | 195 |
| web-almanac, studies, research, metrics |
| Continue Using .env Files as Usual | | 194 |
| environments |
| Quick Reminder: HTML5 “required” and “pattern” Are Not a Security Feature (cod) | | 193 |
| html, forms |
| Stop Using .env Files Now | | 192 |
| environments |
| Debunking Myths About HTTPS | | 191 |
| http, myths |
| Secure Your Node.js App With JSON Web Tokens (app) | | 190 |
| nodejs, json-web-tokens |
| Dependabot Unlocks Transitive Dependencies for npm Projects (git) | | 189 |
| dependencies, npm |
| JavaScript Bugs Aplenty in Node.js Ecosystem—Found Automatically | | 188 |
| studies, research, nodejs, javascript, dependencies, quality |
| Introducing Even More Security Enhancements to npm (git) | | 187 |
| introductions, npm |
| Top 5 npm Vulnerability Scanners | | 186 |
| npm, vulnerabilities, tooling |
| What Is Passwordless Authentication and How to Implement It | | 185 |
| authentication, passwords |
| GA4 Is Being Blocked by Content Security Policy | | 184 |
| csp, metrics, google |
| Please Remove That .git Folder | | 183 |
| git |
| Should I Have Separate GitHub Accounts for Personal and Professional Projects? | | 182 |
| discussions, github, career |
| Understanding CSRF Attacks (zel) | | 181 |
| csrf |
| npm Security Update: Attack Campaign Using Stolen OAuth Tokens (git) | | 180 |
| oauth, version-control, npm, github |
| Snyk Finds 200+ Malicious npm Packages, Including Cobalt Strike Dependency Confusion Attacks (sny) | | 179 |
| javascript, npm, dependencies |
| Unexpectedly HTTPS? | | 178 |
| http |
| How to Respond to Growing Supply Chain Security Risks? | | 177 |
| how-tos, dependencies, nodejs, npm |
| The Web Is for Everyone: Our Vision for the Evolution of the Web (moz) | | 176 |
| web, outlooks, privacy, accessibility, performance, user-experience |
| Using HTTPS in Your Development Environment | | 175 |
| http, environments |
| How to Prevent SQL Injection Attacks in Node.js | | 174 |
| how-tos, nodejs, databases, sql |
| How to Fix Your Security Vulnerabilities With npm Override | | 173 |
| how-tos, vulnerabilities, npm, dependencies |
| Can You Get Pwned With CSS? | | 172 |
| css |
| Never, Ever, Ever Use Pixelation for Redacting Text | | 171 |
| content, images, obfuscation |
| Accessibly Insecure | | 170 |
| accessibility |
| Lessons Learned From Publishing a Content Security Policy | | 169 |
| lessons, csp |
| Ain’t No Party Like a Third Party (ada/css) | | 168 |
| dependencies, embed-code |
| Security (htt) | | 167 |
| web-almanac, studies, research, metrics |
| GitHub’s Commitment to npm Ecosystem Security (git) | | 166 |
| github, npm |
| Understanding and Implementing OAuth2 in Node.js (hon) | | 165 |
| nodejs, authorization, oauth |
| How to Win at CORS (jaf) | | 164 |
| how-tos, cors, html, http |
| The Options for Password-Revealing Inputs (chr/css) | | 163 |
| html, css, passwords, usability |
| npm Security Best Practices (owa) | | 162 |
| npm, best-practices |
| Encoding Data for POST Requests (jaf) | | 161 |
| javascript, encoding |
| NPM Global Audit | | 160 |
| packages, npm, quality, auditing |
| Understanding and Preventing Common Security Vulnerabilities | | 159 |
| vulnerabilities |
| Open Source Insights | | 158 |
| websites, foss, dependencies, licensing |
| I Learned to Love the Same-Origin Policy (eee/css) | | 157 |
| cors |
| Is Edge Computing Secure? Here Are 4 Security Risks to Be Aware Of | | 156 |
| edge-computing |
| TLS and mTLS Demystified | | 155 |
| tls, protocols |
| Best Practices for Inclusive Textual Websites | | 154 |
| performance, accessibility, best-practices |
| What Is mTLS and How Does It Work? | | 153 |
|
| Mutual TLS: Stuff You Should Know | | 152 |
| tls, protocols |
| Don’t Try to Sanitize Input—Escape Output | | 151 |
| sanitization, escaping |
| Apple Joins FIDO Alliance, Commits to Getting Rid of Passwords (zdn) | | 150 |
| apple, fido, passwords, authentication |
| How to Automatically Update Your JavaScript Dependencies (spa/clo) | | 149 |
| how-tos, javascript, dependencies, automation, processes |
| Usability and Security; Better Together (24w) | | 148 |
| usability, user-experience |
| Server-Side Includes (SSI) Injection (owa) | | 147 |
| ssi |
| Web Feature Developers Told to Dial Up Attention on Privacy and Security (rip/tec) | | 146 |
| w3c, privacy, web-platform |
| Security and Privacy for Our Times (luk/w3c) | | 145 |
| privacy, web-platform |
| CSS Security Vulnerabilities (chr/css) | | 144 |
| css, privacy, vulnerabilities |
| Understanding Subresource Integrity (dre/sma) | | 143 |
| hashing, embed-code |
| W3C Strategic Highlights: Web for All (Security, Privacy, Identity) (w3c) | | 142 |
| w3c, privacy, authentication |
| Guide to Web Authentication | | 141 |
| websites, authentication, webauthn, javascript |
