Tech does not just watch: Take action against Russia’s war on Ukraine 🇺🇦, and take action against Israel’s occupation, destruction, and ethnic cleansing of Palestine (history) 🇵🇸 Hide

Frontend Dogma

“security” News Archive

Definition, related topics, and tag feed

Definition · Supertopics: user-experience · Subtopics: authentication, authorization, certificates, cors, cryptography, csp, csrf, hashing, malware, privacy, provenance, randomness, sanitization, ssh, ssl, tls, validation, vulnerabilities, xss (non-exhaustive) · “security” RSS feed (per email)

Entry (Sources) and Other Related TopicsDate#
[Next.js] Security Advisory: CVE-2025-66478 (seb)476
nextjs
Critical Security Vulnerability in React Server Components (rea)475
react, components
Decreasing [Let’s Encrypt] Certificate Lifetimes to 45 Days (mat/let)474
http, certificates, lets-encrypt
The Shai-Hulud 2.0 npm Worm: Analysis, and What You Need to Know473
npm, dependencies
GitLab Discovers Widespread npm Supply Chain Attack (git)472
npm, dependencies, gitlab, github, aws, gcp, azure
Automated npm Secret Rotation in GitHub Actions (mhe)471
npm, automation, github-actions
Introducing the OWASP Top 10:2025 (she+/owa)470
introductions, owasp, vulnerabilities
Removing XSLT for a More Secure Browser (dro/dev)469
chromium, chrome, google, browsers, xsl, web-platform
Will npm’s New Security Steps Stop Attacks? (rev)468
npm, github, maintenance, foss
HTTPS by Default (jde+)467
http, chrome, google, browsers
Agentic AI and Security (ksi/mfo)466
ai, architecture
Octoverse: A New Developer Joins GitHub Every Second as AI Leads TypeScript to #1 (git)465
github, metrics, productivity, ai, foss, programming
Glassworm: First Self-Propagating Worm Using Invisible Code Hits OpenVSX Marketplace464
code-editors, vs-code, microsoft
Improving the Trustworthiness of JavaScript on the Web (clo)463
javascript, web-apps
Past Time for Passkeys (nor)462
videos, passkeys, passwords, authentication
Secure Coding in JavaScript461
javascript, frameworks
My Conclusions After Using Signed Exchanges on My Website for 2 Years (paw)460
signed-exchanges, performance
Lazy-Loading as a Security Measure459
lazy-loading, angular, react
Backend Concepts Every Experienced Developers Must Know458
concepts, network, concurrency, apis, databases, caching, scalability, observability, architecture
How Deno Protects Against npm Exploits (den)457
deno, npm
Strengthening npm Security: Important Changes to Authentication and Token Management (git)456
npm
How Hackers Use AI to Find Vulnerabilities Faster455
ai
CAPTCHA, When Security Takes Precedence Over Accessibility454
captcha, accessibility
Our Plan for a More Secure npm Supply Chain (xco/git)453
npm, dependencies, foss
npm Security Best Practices452
npm, provenance, best-practices
This May Be the Worst One (the)451
videos, npm, dependencies
Ongoing Supply Chain Attack Targets CrowdStrike npm Packages (pvd+/soc)450
npm, dependencies
ctrl/tinycolor and 40+ npm Packages Compromised449
npm, dependencies
How Maintainer Burnout Is Causing a Kubernetes Security Disaster (the)448
kubernetes, maintenance, foss, economics
Oh No, Not Again… a Meditation on npm Supply Chain Attacks (tan)447
npm, dependencies, microsoft
Anatomy of a Billion-Download npm Supply-Chain Attack446
npm, dependencies
npm Author Qix Compromised via Phishing Email in Major Supply Chain Attack (bur+/soc)445
npm, dependencies
CORS Explained: Stop Struggling With Cross-Origin Errors444
cors, http-headers, http
How OpenJS-Hosted Projects Benefit From Security Support (ope)443
openjs, hosting, foss
Why You Absolutely Need to Have Automated Dependency Management in Place (j9t)442
dependencies, maintainability, maintenance, automation, tooling
What Your Website’s Style Says About You—and How Hackers Can Use It Against You (err)441
css, javascript
Hardening Node.js Apps in Production: 8 Layers of Practical Security440
nodejs, best-practices
eslint-config-prettier Compromised: How npm Package With 30 Million Downloads Spread Malware439
prettier, eslint, npm, malware
AI Agents Are Creating a New Security Nightmare for Enterprises and Startups (the)438
ai, apis
npm Phishing Email Targets Developers With Typosquatted Domain (sar/soc)437
npm
Tuesday, July 15, 2025 Security Releases (nod)436
release-notes, nodejs
Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader (soc)435
npm, dependencies
MCP Security Vulnerabilities and Attack Vectors434
mcp, ai
A New Era of Code Quality433
quality
JWTs Are Not Session Tokens, Stop Using Them Like One432
json-web-tokens, authentication
Design Patterns for Securing LLM Agents Against Prompt Injections (sim)431
studies, research, ai, prompting, software-design-patterns
The Growing Risk of Malicious Browser Extensions (soc)430
browser-extensions
Escaping “<” and “>” in Attributes—How It Helps Protect Against Mutation XSS (sec)429
html, attributes, xss, escaping, chrome, google, browsers
HTML Spec Change: Escaping “<” and “>” in Attributes (sec/dev)428
html, attributes, escaping, xss
Beware of End-of-Life Node.js Versions—Upgrade or Seek Post-EOL Support (mco/nod)427
nodejs, maintenance
How to Access Local MCP Servers Through a Secure Tunnel (the)426
how-tos, mcp, ai, servers, network
Docker Launches Hardened Images, Intensifying Secure Container Market (the)425
docker
Modernizing Security424
modernization, processes
Securing Your Node.js App From Command Injection423
nodejs
Passkeys for Normal People (tro)422
authentication, passkeys, examples, concepts
npm Targeted by Malware Campaign Mimicking Familiar Library Names (soc)421
npm, malware, dependencies, link-lists
What Is an Encryption Backdoor? (int)420
encryption, vulnerabilities, concepts
Cybersecurity Leaders Are Staying in the Shadows (ste)419
community, culture
Threat Actors Misuse Node.js to Deliver Malware and Other Malicious Payloads (mic)418
nodejs, malware
Principles for Coding Securely With LLMs (sea)417
ai, principles
TLS Certificate Lifetimes Will Officially Reduce to 47 Days416
tls, certificates
LLMs Can’t Stop Making Up Software Dependencies and Sabotaging Everything (tho/the)415
ai, dependencies
Secure a Vue App With OpenID Connect and the BFF Pattern (due)414
vuejs, authentication, backend-for-frontend
Teaching Code in the AI Era: Why Fundamentals Still Matter (ali)413
training, ai, programming, vibe-coding, scalability, performance, quality, testing, documentation
Stop Using Jenkins in 2025 (oso)412
jenkins, github-actions, ci-cd
Node.js Test CI Security Incident (nod)411
nodejs, retrospectives
Website Hijack Campaign Now Impacting 150,000 Sites (gad)410
Malware Found on npm Infecting Local Package With Reverse Shell (rev)409
npm, dependencies
Five Things Vibe Coders Should Know (From a Software Engineer) (uxd)408
vibe-coding, sanitization
GitHub Suffers a Cascading Supply Chain Attack Compromising CI/CD Secrets (inf)407
github, ci-cd
How to Prevent WordPress SQL Injection Attacks (sma)406
how-tos, wordpress, sql, databases
Lazarus Strikes npm Again With New Wave of Malicious Packages (soc)405
npm, dependencies
Updates on CVE for End-of-Life Versions (raf/nod)404
nodejs
What Is the OWASP Top 10 and How Can Your Team Benchmark Security? (jet)403
owasp, vulnerabilities, qodana, jetbrains
How to Protect Your Web Applications From XSS (tor/w3c)402
how-tos, web-apps, xss
In Tech, What Matters and What Is Dangerous (ham)401
community, foss, open-web
Secure UX: Building Cybersecurity and Privacy Into the UX Lifecycle (uxm)400
user-experience, processes
The Fallacy of Balance: Challenging the Notion of Security and Accessibility as Opposing Objectives (deq)399
videos, accessibility
It Is No Longer Safe to Move Our Governments and Societies to U.S. Clouds (ber)398
cloud-computing, privacy, legal
How OWASP Helps You Secure Your Full-Stack Web Applications (eri/sma)397
owasp, monitoring, authentication, vulnerabilities, configuration, csrf, cryptography, authorization
10 Common Web Development Mistakes to Avoid Right Now396
mistakes, mobile, performance, accessibility, seo, navigation, analytics, testing
Tightening Every Bolt (bag)395
videos, processes, code-reviews, testing
On Generative AI Security (sch)394
ai, lessons, microsoft
Understanding CORS Errors in Signed Exchanges (paw)393
cors, errors, signed-exchanges
Keep Your Node.js Apps Secure With “npx is-my-node-vulnerable” (tre)392
packages, npm, nodejs
How I Open-Sourced My Secret Access Tokens From GitHub, Slack, and npm—and Who Actually Cares391
github, slack, npm
Node.js EOL Versions CVE Dubbed the “Worst CVE of the Year” by Security Experts (sar/soc)390
nodejs, documentation
Tuesday, January 21, 2025 Security Releases (raf/nod)389
release-notes, nodejs
APIs Are Quickly Becoming the Latest Security Battleground (and Nightmare) (the)388
apis
CDN-First Is No Longer a Performance Feature (osv)387
content-delivery, performance, caching, embed-code, privacy
The Cyber-Cleanse: Take Back Your Digital Footprint (cyb)386
privacy
15 Principles for Secure Programming (rak)385
principles, validation, testing
Important Topics for Frontend Developers to Master in 2025384
learning, javascript, typescript, css, frameworks, git, apis, testing, performance, ci-cd, websockets
Developer Guide: How to Implement Passkeys383
guides, how-tos, authentication, passkeys
How to Automate OWASP Security Reviews in Your Pull Requests? (cod)382
how-tos, owasp, automation, code-reviews, coderabbit
5 Technical Trends to Help Web Developers Stand Out in 2025 (the)381
trends, career, javascript, ai, low-and-no-code
Avoid Hotlinking Images With “Cross-Origin-Resource-Policy”380
images
Content Security Policy Level 3 (mik/w3c)379
standards, csp
Security (htt)378
web-almanac, studies, research, metrics
JavaScript Import Attributes (ES2025) (tre)377
javascript
Exploring Internet Traffic Shifts and Cyber Attacks During the 2024 U.S. Election (clo)376
traffic
Securing Your Express REST API With Passport.js375
nodejs, express, json-web-tokens, apis, rest, tooling
SecretLint—a Linter for Preventing Committing Credentials (tre)374
tooling, linting
The Importance of UX in Cybersecurity (uxm)373
user-experience, usability
Understanding “npm audit” and Fixing Vulnerabilities372
npm, vulnerabilities, nodejs
Top 4 Web Vulnerabilities With Example and Mitigation371
vulnerabilities, sql, databases, xss, csrf
How to Implement Content Security Policy (CSP) Headers for Astro (tre)370
how-tos, http, http-headers, csp, astro, vercel, cloudflare
Why Code Security Matters—Even in Hardened Environments369
vulnerabilities, file-handling, nodejs
Database 101: SSL/TLS for Beginners368
introductions, databases, ssl, tls, authentication
Cloudflare Study: 39% of Companies Losing Control of Their IT and Security Environment (tre)367
studies, research, engineering-management
NIST Recommends Some Common-Sense Password Rules (sch)366
passwords, guidelines
I Finally Understand OAuth365
authorization, oauth, processes
Fake GitHub Site Targeting Developers (jul/san)364
github
Hacking Cars in JavaScript (Running Replay Attacks in the Browser With the HackRF) (dev)363
javascript
Gaining Access to Anyone’s Browser Without Them Even Visiting a Website362
arc, the-browser-company, browsers, vulnerabilities
10 AI Dangers and Risks and How to Manage Them (rin)361
ai, privacy, sustainability, legal
Web Security: Shaping the Secure Web (set/w3c)360
web, w3c
5 Wasm Use Cases for Frontend Development (des)359
guest-posts, webassembly, performance
What Is Incident Response?358
incident-response, overviews
Migrating From Netlify to Cloudflare for AI Bot Protection (sia)357
migrating, netlify, cloudflare, ai
The Great npm Garbage Patch356
dependencies, npm, spam
Frontend Security Checklist (tre)355
checklists, react
Automated Ways to Security Audit Your Website354
auditing, automation, tooling
Secure Node.js Applications From Supply Chain Attacks353
nodejs, best-practices, dependencies
The Cloud Run Security Gap You Didn’t Know You Had (and How to Fix It)352
google, gcp
The Pitfalls of In-App Browsers (fro)351
browsers, mobile, privacy, user-experience
Supply Chain Security in npm—We Can Be Optimistic About the Future350
npm, dependencies, provenance
Script Integrity (chr/fro)349
embed-code, javascript
Introducing the MDN HTTP Observatory (mdn)348
introductions, mdn, mozilla, http
Tuesday, July 2, 2024 Security Releases (nod)347
release-notes, nodejs
WebAuthn: Enhancing Security With Minimal Effort (tbe)346
authentication, webauthn
RegreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH Server345
ssh, vulnerabilities
Polyfill Supply Chain Attack Embeds Malware in JavaScript CDN Assets344
malware, vulnerabilities
Catching Compromised Cookies343
cookies, testing
Backdoor Slipped Into Multiple WordPress Plugins in Ongoing Supply-Chain Attack (dan/ars)342
wordpress, plugins
The Hacking of Culture and the Creation of Socio-Technical Debt (sch)341
culture
OAuth Authentication (rya)340
authentication, authorization, oauth
Researchers Uncover npm Registry Vulnerability to Cache Poisoning and DoS Attacks (sar/soc)339
npm, dependencies, vulnerabilities, caching
What Is Mixed Content? (fre)338
http
The Ultimate Guide to Iframes (log)337
guides, iframes, html, javascript
How a Single Vulnerability Can Bring Down the JavaScript Ecosystem336
javascript, npm, dependencies, caching, vulnerabilities
JavaScript Security: Simple Practices to Secure Your Frontend335
javascript, dependencies, csp
Manifesto for a Humane Web (mic)334
websites, manifestos, web, principles, accessibility, dei, sustainability, user-experience
Securing Client-Side JavaScript (ada)333
javascript, graceful-degradation
Poor Express Authentication Patterns in Node.js and How to Avoid Them332
express, nodejs, authentication
Passkeys: A Shattered Dream (fir)331
authentication, passkeys
Using Legitimate GitHub URLs for Malware (sch)330
malware, github
When Security and Accessibility Clash: Why Are Banking Applications So Inaccessible? (nic)329
accessibility
Open Source Security (OpenSSF) and OpenJS Foundations Issue Alert for Social Engineering Takeovers of Open Source Projects (ope)328
foss, openjs
Wednesday, April 10, 2024 Security Releases (raf/nod)327
release-notes, nodejs
Node.js Secure Coding: Mitigate and Weaponize Code Injection Vulnerabilities326
books, nodejs, vulnerabilities
The Free Software Commons (jen)325
foss, community
The V8 Sandbox324
v8
Building a Digital Fortress: How to Strengthen DNS Against DDoS Attacks?323
dns
Using JSON Web Tokens With Node.js322
json-web-tokens, nodejs, authentication
Wednesday, April 3, 2024 Security Releases (nod)321
release-notes, nodejs
In-App Browsers Are Still a Privacy, Security, and Choice Problem (tho/the)320
browsers, mobile, privacy
CORS Finally Explained—Simply319
csrf, cors, concepts
How Does Single Sign-On (SSO) Work? (mil)318
authentication
How npm Install Scripts Can Be Weaponized: A Real-World Example of a Harmful npm Package (eth)317
npm, dependencies, examples
Preventing SQL Injection Attacks in Node.js316
nodejs, databases, sql
Frontend Application Security: Tips and Tricks315
web-apps, xss, csrf, authentication, dependencies, csp, validation, tips-and-tricks
Wednesday, February 14, 2024 Security Releases (raf+/nod)314
release-notes, nodejs
How to Boost WordPress Security and Protect Your SEO Ranking313
how-tos, wordpress, seo
Malicious npm Package Masquerades as Noblox.js, Targeting Roblox Users for Data Theft (sar/soc)312
npm, dependencies
Practice Safe DSD With “setHTMLUnsafe” (It’s Complicated) (jar/van)311
html, dom, shadow-dom, apis
Tuesday, February 6, 2024 Security Releases (raf/nod)310
release-notes, nodejs
JWT vs. Session Authentication309
authentication, json-web-tokens, comparisons
GitHub, npm Registry Abused to Host SSH Key-Stealing Malware308
github, npm, malware, foss
Deceptive Deprecation: The Truth About npm Deprecated Packages307
deprecation, npm, dependencies, research
Safely Accessing the DOM With Angular SSR (dev)306
dom, javascript, angular, server-side-rendering
Node.js Security Progress Report—Progress on Permission Model, Fuzzer, and Connections With Community (ope)305
nodejs
I Hate CORS304
videos, cors
Building Multiple Progressive Web Apps on the Same Domain (dev)303
videos, web-apps, progressive-web-apps, architecture
Session-Based vs. Token-Based Authentication: Which Is Better?302
authentication, json-web-tokens, comparisons
10 Best Practices for Secure Code Review of Node.js Code301
best-practices, code-reviews, nodejs
Security Headers Using “<meta>” (sap/mat)300
csp, html
Blind CSS Exfiltration: Exfiltrate Unknown Web Pages299
css
Mastering Cryptography Fundamentals With Node’s “crypto” Module298
cryptography, nodejs
Secure Code Review Tips to Defend Against Vulnerable Node.js Code297
nodejs, code-reviews
Understanding CORS296
cors
Secret Scanning Scans Public npm Packages (git)295
github, npm, dependencies
What the !#@% Is a Passkey? (eff)294
passkeys
Local HTTPS for Next.js 13.5 (ami)293
testing, http, nextjs
Understanding XSS Attacks292
xss
A Comprehensive Guide to the Dangers of Regular Expressions in JavaScript (phi)291
guides, javascript, regex
Best Practices for Securing Node.js Applications in Production290
best-practices, nodejs
SSH Keys Stolen by Stream of Malicious PyPI and npm Packages (ble)289
ssh, dependencies, npm
npm Provenance General Availability (git)288
github, npm, provenance
Open Source Trends to Look for in 2024287
foss, trends, outlooks, ai
The WebP 0-Day286
webp, google, apple
Securing Your Node.js Apps by Analyzing Real-World Command Injection Examples285
nodejs, history, examples
How to Implement SSL/TLS Pinning in Node.js284
how-tos, ssl, tls, nodejs
A More Intelligent and Secure Web (ple/w3c)283
videos, w3c, standards, web, web-platform
Demystifying CORS: Understanding How Cross-Origin Resource Sharing Works282
cors, javascript
Towards HTTPS by Default (jde/dev)281
browsers, google, chrome, http, tls
Sophisticated, Highly-Targeted Attacks Continue to Plague npm280
npm
An Update on Chrome Security Updates—Shipping Security Fixes to You Faster279
browsers, google, chrome
Tuesday, August 8, 2023 Security Releases (raf/nod)278
release-notes, nodejs
Publishing With npm Provenance From Private Source Repositories Is No Longer Supported (git)277
github, npm, provenance, foss
Social Engineering Campaign Targeting Tech Employees Spreading Through npm Malware (soc)276
malware, npm
Securing the Web Forward: Addressing Developer Concerns in Web Security (tor/w3c)275
web, surveys
Encoding: A Brief History and Its Role in Cybersecurity274
encoding, unicode, history
User Input Sanitization and Validation: Securing Your App273
sanitization, validation, conformance
Node.js Security Progress Report—17 Reports Closed (ope)272
nodejs
The Importance of Verifying Webhook Signatures271
webhooks
The Massive Bug at the Heart of the npm Ecosystem270
npm, dependencies
All You Need to Know About CORS and CORS Errors269
cors, errors
Understanding Authorization Before Authentication: Enhancing Web API Security268
authorization, authentication, apis, comparisons
An Introduction to Command Injection Vulnerabilities in Node.js and JavaScript267
introductions, vulnerabilities, nodejs, javascript
Django: A Security Improvement Coming to “format_html()” (ada)266
django, html
Tuesday, June 20, 2023 Security Releases (raf/nod)265
release-notes, nodejs
security.txt Now Mandatory for Dutch Government Websites264
legal
File Upload Security and Malware Protection (aus)263
malware, file-handling, edge-computing
Security Implications of HTTP Response Headers262
http, http-headers
The Case Against Automatic Dependency Updates (ben)261
dependencies, automation, ci-cd, maintenance
Automating Dependency Updates: The Big Debate260
dependencies, automation, ci-cd
Generating Provenance Statements259
npm, provenance
Introducing npm Package Provenance (git)258
introductions, github, npm, provenance, foss
8 Best Tools for Cryptography and Encryption (sta)257
link-lists, tooling, comparisons, cryptography, encryption, privacy
Dissecting npm Malware: Five Packages and Their Evil Install Scripts256
npm, malware
Passkeys: What the Heck and Why? (css)255
passkeys
Senior Engineering Strategies for Advanced React and TypeScript (tec)254
strategies, react, typescript, architecture, testing, performance, accessibility, maintenance
Cryptographically Protecting Your SPA253
single-page-apps, cryptography
Without Accessibility, There Is No Privacy or Security252
accessibility, privacy
Tips for Handling Dependabot, CodeQL, and Secret Scanning Alerts251
alerting, dependabot, tips-and-tricks
How to Password-Protect a Static HTML Page With No JS (ede)250
how-tos, css, fonts
SSL Certificates Explained249
videos, certificates, ssl, protocols
Quick Tip: How to Hash a Password in PHP248
how-tos, php, passwords, tips-and-tricks
Sandboxing JavaScript Code247
javascript
Unlocking Security Updates for Transitive Dependencies With npm (git)246
npm, dependencies, maintenance
7 Required Steps to Secure Your Iframes Security245
iframes, xss, html, http-headers, csp
Conditional API Responses for JavaScript vs. HTML Forms (aus)244
javascript, html, forms, comparisons
Why Do We Need Authorization and Authentication?243
authorization, authentication
The Top 10 Security Vulnerabilities for Web Applications242
vulnerabilities, web-apps
Leaked a Secret? Check Your GitHub Alerts… for Free (git)241
github
DOM Clobbering (fre/mat)240
dom
New npm Features for Secure Publishing and Safe Consumption (git)239
npm, dependencies
Using SRI to Protect From Malicious JavaScript (mat)238
javascript
WordPress Versions 3.7–4.0 No Longer Get Security Updates (sar)237
wordpress
“Not Secure” Warning for IE Mode236
browsers, microsoft, edge, internet-explorer
Node.js Security Best Practices (nod)235
nodejs, best-practices
npm Security: Preventing Supply Chain Attacks234
npm, dependencies
Secure JavaScript URL Validation233
javascript, validation, urls
Create a Passkey for Passwordless Logins (age/dev)232
authentication, passkeys
Designing a Secure API231
software-design, apis
Phylum Detects Active Typosquatting Campaign Targeting npm Developers230
npm, dependencies
Security (htt)229
web-almanac, studies, research, metrics
Continue Using .env Files as Usual228
environments
Quick Reminder: HTML5 “required” and “pattern” Are Not a Security Feature (cod)227
html, forms
Stop Using .env Files Now226
environments
Debunking Myths About HTTPS225
http, myths
Secure Your Node.js App With JSON Web Tokens (app)224
nodejs, json-web-tokens
Dependabot Unlocks Transitive Dependencies for npm Projects (git)223
dependencies, npm, dependabot
JavaScript Bugs Aplenty in Node.js Ecosystem—Found Automatically222
studies, research, nodejs, javascript, dependencies, quality
Introducing Even More Security Enhancements to npm (git)221
introductions, npm
Top 5 npm Vulnerability Scanners220
npm, vulnerabilities, tooling
What Is Passwordless Authentication and How to Implement It219
authentication, passwords
GA4 Is Being Blocked by Content Security Policy218
csp, metrics, google
Please Remove That .git Folder217
git
Should I Have Separate GitHub Accounts for Personal and Professional Projects?216
discussions, github, career
Understanding CSRF Attacks (zel)215
csrf
npm Security Update: Attack Campaign Using Stolen OAuth Tokens (git)214
oauth, version-control, npm, github
Snyk Finds 200+ Malicious npm Packages, Including Cobalt Strike Dependency Confusion Attacks213
javascript, npm, dependencies
Unexpectedly HTTPS?212
http
How to Respond to Growing Supply Chain Security Risks?211
how-tos, dependencies, nodejs, npm
The Web Is for Everyone: Our Vision for the Evolution of the Web (moz)210
web, outlooks, privacy, accessibility, performance, user-experience
Using HTTPS in Your Development Environment209
http, environments
How to Prevent SQL Injection Attacks in Node.js208
how-tos, nodejs, databases, sql
Can You Get Pwned With CSS?207
css
How to Fix Your Security Vulnerabilities With npm Override206
how-tos, vulnerabilities, npm, dependencies
Never, Ever, Ever Use Pixelation for Redacting Text205
content, images, obfuscation
Accessibly Insecure204
accessibility
Lessons Learned From Publishing a Content Security Policy203
lessons, csp
Ain’t No Party Like a Third Party (ada/css)202
dependencies, embed-code
Security (htt)201
web-almanac, studies, research, metrics
GitHub’s Commitment to npm Ecosystem Security (git)200
github, npm
Understanding and Implementing OAuth2 in Node.js (hon)199
nodejs, authorization, oauth
How to Win at CORS (jaf)198
how-tos, cors, html, http
The Options for Password-Revealing Inputs (chr/css)197
html, css, passwords, usability
npm Security Best Practices (owa)196
npm, best-practices
Encoding Data for POST Requests (jaf)195
javascript, encoding
NPM Global Audit194
packages, npm, quality, auditing
Understanding and Preventing Common Security Vulnerabilities193
vulnerabilities
Open Source Insights192
websites, foss, dependencies, licensing
I Learned to Love the Same-Origin Policy (eee/css)191
cors
Is Edge Computing Secure? Here Are 4 Security Risks to Be Aware Of190
edge-computing
TLS and mTLS Demystified189
tls, protocols
Best Practices for Inclusive Textual Websites188
performance, accessibility, best-practices
Clickjacking Attacks and How to Prevent Them187
how-tos
What Is mTLS and How Does It Work?186
Mutual TLS: Stuff You Should Know185
tls, protocols
Don’t Try to Sanitize Input—Escape Output184
sanitization, escaping
Encrypting DNS Query Bad for Performance? (erw)183
performance, dns, http, encryption
Apple Joins FIDO Alliance, Commits to Getting Rid of Passwords (zdn)182
apple, fido, passwords, authentication
How to Automatically Update Your JavaScript Dependencies (spa/clo)181
how-tos, javascript, dependencies, automation, processes
What SSL Is, and Which Certificate Type Is Right for You180
ssl, certificates, privacy, concepts
Usability and Security; Better Together (24w)179
usability, user-experience
Server-Side Includes (SSI) Injection (owa)178
ssi
How Internet Security Works: TLS, SSL, and CA (osd)177
tls, ssl, protocols, certificates
Security and Privacy for Our Times (luk/w3c)176
privacy, web-platform
Web Feature Developers Told to Dial Up Attention on Privacy and Security (rip/tec)175
w3c, privacy, web-platform
CSS Security Vulnerabilities (chr/css)174
css, privacy, vulnerabilities
Understanding Subresource Integrity (dre/sma)173
hashing, embed-code
W3C Strategic Highlights: Web for All (Security, Privacy, Identity) (w3c)172
w3c, privacy, authentication
Guide to Web Authentication171
websites, authentication, webauthn, javascript
It’s Beginning to Look a Lot Like XSSmas (24w)170
vulnerabilities, csrf, xss
Protecting Your Site With Feature Policy (rac/sma)169
http-headers, http
AWS Security Guide: 7 Best Practices to Avoid Security Risks (wom)168
guides, aws, best-practices
WebAuthn, FIDO2 Infuse Browsers, Platforms With Strong Authentication (dar)167
w3c, fido, authentication, webauthn, browsers
In Your Face, Passwords: Big Three Browsers All Adopt Authentication API166
authentication, webauthn, apis, edge, microsoft, chrome, google, firefox, mozilla, browsers
HTTPS Is Easy (tro)165
websites, http
WordPress Security as a Process (sma)164
wordpress, processes
Making Your Website Faster and Safer With Cloudflare163
performance, caching, cloudflare
Validating Dependencies in the Project With npm-check and depcheck162
dependencies, maintenance, auditing, tooling, npm
Third Party CSS Is Not Safe (jaf)161
html, css, embed-code
Attackers Can Steal Sensitive Data by Abusing CSS—CSS Exfil Vulnerability160
css, csp
Building Secure JavaScript Applications159
javascript, xss, csrf, json-web-tokens, passwords
Creating Secure Password Resets With JSON Web Tokens (sma)158
passwords, json-web-tokens, nodejs
The Complete Guide to Switching From HTTP to HTTPS (sma)157
guides, http
How (Not) to Control Your CDN (mno)156
content-delivery, caching, http
How to Secure WordPress With SSL155
how-tos, wordpress, ssl
Encrypting IP Addresses (ber)154
ip, network, privacy, encryption
How to Secure Your Web App With HTTP Headers (sma)153
how-tos, web-apps, http, http-headers, csp
Just Another HTTPS Nudge (chr/css)152
http
On EME in HTML5 (tim/w3c)151
eme, drm, html, legal, standards, w3c
Using SSH Securely (ann)150
ssh
More Than 300 Federal Gov Websites Fail to Meet Domain Encryption Deadline149
http, tls, protocols, encryption
Content Security Policy Level 2 (mik+/w3c)148
standards, csp
A Checklist for Website Reviews (hcr)147
checklists, performance, browsers, seo, accessibility
Content Security Policy, Your Future Best Friend (sma)146
csp, link-lists
A Refined Content Security Policy (web)145
html, csp, webkit, safari, apple, browsers
The Performance Benefits of “rel=noopener” (jaf)144
html, links, performance
Web Platform Security Boundaries (ann)143
web-platform
Subresource Integrity (dev+/w3c)142
hashing, html, standards
W3C Looks to Secure the Web (sdt)141
w3c, authentication
Distribution Packages Considered Insecure140
dependencies, unix-like
The Current State of Web Security (An Interview With Anselm Hannemann) (hel+/css)139
interviews, http, ssl, tls, encryption, cloudflare, lets-encrypt
Eliminating Known Vulnerabilities With Snyk (sma)138
vulnerabilities, tooling
10 Web Predictions for 2016 (cra)137
web, outlooks, site-generators, browsers, css, mobile, performance, webassembly, seo
HSTS and “Let’s Encrypt” (tka)136
http, http-headers, ssl, lets-encrypt
An in-Depth Look at CORS135
cors, javascript, php
Indexing HTTPS Pages by Default134
google, search, http
Why Passwordless Authentication Works (cra)133
authentication, passwords
Introduction to TLS and SSL (ope)132
introductions, tls, ssl, protocols, certificates
A Simple Developer Error Is Exposing Private Information on Thousands of Websites (owe)131
version-control, git, mistakes, vulnerabilities
More Tips to Further Secure WordPress (eli)130
wordpress, tips-and-tricks, plugins
Improving Web Security With the Content Security Policy129
csp, http
Deprecating HTTP (yoa)128
http, protocols, deprecation
Mozilla Wants to Deprecate Non-Secure HTTP, Will Make Proposals to W3C “Soon” (epr/ven)127
mozilla, http, deprecation
Want Fancy Firefox Features? Secure Your Website (sts/cne)126
firefox, mozilla, browsers, http
WordPress Front End Security: CSRF and Nonces (css)125
wordpress, csrf
Introduction to WordPress Front End Security: Escaping the Things (css)124
introductions, wordpress, escaping
What Are the Security Risks of HTML5 Apps?123
web-apps, sanitization
Moving to HTTPS on WordPress (chr/css)122
wordpress, http
Same-Origin Policy (ann)121
cors, web-platform
Securing the Web (w3c)120
web-platform
HTTPS as a Ranking Signal (met)119
google, search, http, seo
mXSS (gaz)118
xss, html
It’s Time to Encrypt the Entire Internet (kli/wir)117
web, http, ssl, encryption
3 Tips to Find Hacking on Your Site, and Ways to Prevent and Fix It116
search, google, tips-and-tricks
Cross-Origin Resource Sharing (ann/w3c)115
cors, standards
Despite Automatic Updates, Old Browsers Are Still a Problem (edb/zdn)114
browsers, web-platform, chrome, google, firefox, mozilla, internet-explorer, microsoft, safari, apple
Cross-Origin Resource Sharing on Track to Become a W3C Recommendation (sdt)113
w3c, cors, standards
Bid to Kill CAPTCHA Security Test Gains Momentum112
captcha, accessibility
We Should All Have Something to Hide111
privacy
Mobile Website Security110
mobile, hosting, policies
WordPress Security Tips109
wordpress, tips-and-tricks
Brad Hill: “HTML5 Security Realities” (chr/css)108
slides, xss, html
Bulletproof Your Drupal Website107
drupal
Top 10 PHP Security Vulnerabilities106
php, vulnerabilities
A Front End Engineer’s Manifesto (zac)105
websites, manifestos, user-experience, progressive-enhancement, simplicity, foss, accessibility, community, learning
A JavaScript Security Flaw104
javascript
The Secure Programmer’s Pledge103
manifestos
An Introduction to Content Security Policy (mik/dev)102
introductions, csp
Cross-Site Scripting Attacks (XSS)101
xss, examples
How to Secure Your WordPress Website (sma)100
how-tos, wordpress, link-lists
Using CORS (dev)99
cors
Some Notes on the Recent XML Encryption Attack (w3c)98
xml, encryption
XML Encryption Flaw Leaves Web Services Vulnerable (eur)97
web-services, xml, encryption
HTTPS Is More Secure, So Why Isn’t the Web Using It? (ars)96
http, protocols, web
Web Cryptography: Salted Hash and Other Tasty Dishes (ali)95
cryptography
What Are the JSON Security Concerns in Web Development? (sim)94
json
What Is Cross Site Scripting or XSS? (chr/css)93
xss, javascript, concepts
Web Developers Accountable for HTML 5 Security92
html
HTML5 Raises New Security Issues91
html, browsers
10 Useful WordPress Security Tweaks (sma)90
wordpress
Web Security: Are You Part of the Problem? (cod/sma)89
vulnerabilities, php, javascript
Full Frontal ’09: Chris Heilmann on JavaScript Security (mic/aja)88
javascript
Finally Something to Get a Few More Users Off of IE 6? (dal/aja)87
internet-explorer, microsoft, browsers
The Internet Is Closing to Innovation (zit/new)86
web
You Could Be Getting Clickjacked (tec)85
vulnerabilities, frames, w3c
Video and Audio Tags and Cross Origin Access (dal/aja)84
html, multimedia
Dumb Security Tips: Think Before You Follow Online Guides (tan)83
tips-and-tricks
Simon Willison, @Media Ajax (mic/aja)82
ajax, xss, csrf, javascript, json
Frame-Busting Gadgets (mic)81
frames, iframes
Evil GIFs: Hiding Java in Your Image (dal/aja)80
gif, images, java
What’s in a “window.name”? (cod/aja)79
javascript
Internet Explorer 8 Promises Better Standards Compliance… and a Whole Lot More (est/cio)78
internet-explorer, microsoft, browsers, standards
Ajaxian Roundup for January 2008: JavaScript Turtles and IE 8 (dal/aja)77
javascript, prototypejs, dojo, extjs, jquery, gwt, yui, dwr, gears, flash, air, json, browsers, standards, css, design, comet, ajaxian, link-lists
Book Recommendation: AJAX Security by Hoffman and Sullivan76
books, ajax, javascript
Ajaxian Roundup for December 2007: It’s the End of the Year as We Know It (dal/aja)75
browsers, javascript, prototypejs, extjs, yui, jquery, microsoft, dwr, performance, gwt, comet, css, mobile, ajaxian, link-lists
Cross Site Scripting Joy (tri)74
xss
Making JavaScript Safe With No Script (dal/aja)73
javascript
Automated Security Scanners Choke on AJAX (rey/aja)72
ajax, javascript
Quick Security Checklist for Webmasters71
checklists
How to Protect a JSON or JavaScript Service70
how-tos, json, javascript
Securing Your JSON69
json, javascript, arrays
CSRF Protection Idea (dal/aja)68
csrf
JavaScript Security Experiments (mar)67
javascript, experiments
Prepare for Attack—Making Your Web Applications More Secure66
web-apps, sql, xss, examples
JSON vs. XML: Browser Security Model (car)65
browsers, json, xml, comparisons
The Dangers of Cross-Domain AJAX With Flash (shi)64
ajax, javascript, flash
DOM vs. Web (mno)63
http, dom
AJAX: Is Your Application Secure Enough?62
ajax, javascript, web-apps
AJAX, XHR, JavaScript, and Cross Domain Security Story61
ajax, javascript
Top 7 PHP Security Blunders60
php, databases, sql
How to Make “XMLHttpRequest” Calls to Another Server in Your Domain59
how-tos, javascript
IE Frame Bug (dal/aja)58
internet-explorer, microsoft, browsers, frames
Validate Your Input!57
validation
JavaScript Security56
javascript
File Upload Security (lac)55
html, file-handling
Spot the Security Hole54
php
JavaScript and Security (sim)53
javascript
Handling Content From Strangers52
content
Web Services Security Gets Serious51
web-services
Getting Started With XML Security50
introductions, xml
Sorting Out the Web Services Security Landscape (tec)49
web-services, ssl, w3c
Website Experience Analyzer48
tools, analysis, performance, user-experience
Server Port Scanner47
tools, analysis, network, servers
Abuse Contact Lookup46
tools, analysis, policies
Content Security Policy Validator (CSP Validator)45
tools, analysis, csp, conformance
Content Security Policy Validator (Google)44
tools, analysis, csp, conformance
Cookie Use Checker43
tools, analysis, cookies
Cross-Site WebSocket Hijacking Tester42
tools, analysis
DNSSEC Checker41
tools, analysis, dns
Domain or IP Spam Checker40
tools, analysis, domains, ip
Email Blacklist Checker39
tools, analysis, email
Malware and Security Scanner38
tools, analysis
Site and Origin Comparer37
tools, analysis, comparisons
SPF Record Checker36
tools, analysis, dns, domains
SSL Checker (Qualys)35
tools, analysis, ssl, certificates
SSL Checker (SSL Shopper)34
tools, analysis, ssl, certificates
Virus Scanner33
tools, analysis
Website Certificate Fingerprint Checker32
tools, analysis, certificates
Website Headers Analyzer (Mozilla) (moz)31
tools, analysis, http, http-headers
Website Headers Analyzer (Security Headers)30
tools, analysis, http, http-headers
Website Scam Checker29
tools, analysis
Website Security Checker (Google)28
tools, analysis
Website Security Checker (Norton)27
tools, analysis
AES Encrypter and Decrypter26
tools, exploration, encryption
Blowfish Hash Generator25
tools, exploration, hashing
Browser Fingerprint Checker24
tools, exploration, browsers
“chmod” Calculator23
tools, exploration, permissions
CSR Decoder22
tools, exploration
Device Vulnerability Checker21
tools, exploration, vulnerabilities
Executable File Analyzer20
tools, exploration
Hash Generator19
tools, exploration, hashing
HMAC Checker18
tools, exploration
MD5 Hash Generator17
tools, exploration, hashing
Password Generator (Arantius.com)16
tools, exploration, passwords
Password Generator (Frontend Dogma) (fro)15
tools, exploration, frontend-dogma, passwords
Password Generator (Gibson Research Corporation)14
tools, exploration, passwords
Password Security Checker and Generator13
tools, exploration, passwords
Password Security Checker12
tools, exploration, passwords
Security Leak Victim Checker11
tools, exploration
SHA-512 Hash Generator10
tools, exploration, hashing
SPF Record Generator9
tools, exploration, dns, domains
SSL Client Checker8
tools, exploration, ssl, tls
Subresource Integrity Hash Generator (moz)7
tools, exploration, hashing
User Identity Generator6
tools, exploration, placeholders, randomness
Website Headers Analyzer (Dries Buytaert) (dri)5
tools, analysis, http, http-headers
WebRTC and IP Address Leak Checker4
tools, exploration, network, webrtc, ip, protocols
security.txt Generator3
tools, exploration, content
ASCII to Unicode Encoder and Decoder2
tools, exploration, conversion, unicode, encoding
SSL Checker (EXPERTE.com)1
tools, analysis, ssl, certificates