Life is about deciding who we are: Join us and decide to be for environmental protection, free education and generous social security, human rights and international law, and, of course, action against oppression and violence (starting with helping the people of occupied Palestine 🇵🇸)! Hide

Frontend Dogma

“security” News Archive

Definition, related topics, and tag feed

Definition · Supertopics: user-experience · Subtopics: authentication, authorization, certificates, cors, cryptography, csp, csrf, hashing, malware, privacy, provenance, randomness, rate-limiting, sanitization, ssh, ssl, tls, validation, vulnerabilities, xss (non-exhaustive) · “security” RSS feed (per email)

Entry (Sources) and Additional TopicsDate#
Vercel April 2026 Security Incident534
vercel
AI Will Never Be Ethical or Safe (j9t)533
ai, ethics
No One Owes You Supply-Chain Security (pur)532
dependencies, rust
Someone Bought 30 WordPress Plugins and Planted a Backdoor in All of Them531
wordpress, plugins
Anthropic Debuts Preview of Powerful New AI Model Mythos in New Cybersecurity Initiative (tec)530
anthropic, ai
Attackers Are Hunting High-Impact Node.js Maintainers in a Coordinated Social Engineering Campaign (sar/soc)529
nodejs, foss
Post Mortem: Axios npm Supply Chain Compromise528
axios, npm
The Hidden Blast Radius of the Axios Compromise (ahm/soc)527
dependencies, npm, axios
Minimum Release Age Is an Underrated Supply Chain Defense (dan)526
dependencies, npm, bun, pnpm, yarn, deno, renovate, dependabot, axios
Prevent Claude Code From Accessing .env (jad)525
claude, anthropic, ai, environments
Axios Compromised on npm—Malicious Versions Drop Remote Access Trojan524
npm, dependencies, axios
Node.js Brotli UAF (mai)523
nodejs, permissions, brotli, compression, claude, ai
Malicious PyPI Package—LiteLLM Supply Chain Compromise522
dependencies, vulnerabilities
Developing a Minimally HashDoS Resistant, Yet Quickly Reversible Integer Hash for V8 (joy/nod)521
nodejs, hashing
Tuesday, March 24, 2026 Security Releases (nod)520
release-notes, nodejs
Supply-Chain Attack Using Invisible Code Hits GitHub and Other Repositories (dan/ars)519
github, dependencies
A GitHub Issue Title Compromised 4,000 Developer Machines518
github, ai
How to Steal npm Publish Tokens by Opening GitHub Issues (nec)517
npm, github, ai
MCP Servers and the Return of the Service Account Problem (aem)516
servers, mcp, ai
Security Advisory: Addressing Recent Vulnerabilities in Angular (ang)515
angular
An Exploit… in CSS?! (css)514
css
Goodbye “innerHTML”, Hello “setHTML”: Stronger XSS Protection in Firefox 148 (moz)513
javascript, methods, xss, firefox, mozilla, browsers
Europe Is Ready to Ditch US Tech for Private Alternatives (pro)512
tooling, privacy, metrics
WebSocket Penetration Testing: A Complete Guide to CSWSH511
guides, websockets, testing
Node.js Path Traversal: Prevention and Security Guide (loi)510
guides, nodejs
Cryptography Usage in Web Standards (w3c)509
standards, cryptography
OpenJS Foundation Security Program: Annual Report 2025 (ope)508
openjs
A Security Checklist for Your React and Next.js Apps (the)507
react, nextjs
How to Implement Rate Limiting in nginx (naw/one)506
how-tos, servers, nginx, rate-limiting
Securing npm Is Table Stakes (nza+/cha)505
podcasts, interviews, npm, ai
Security (vik+/htt)504
web-almanac, studies, research, metrics, tls, certificates, cookies, csp, http-headers, apis, sanitization, configuration
Node.js January 2026 Security Release: What Changed and Why It Matters (nod)503
nodejs
Tuesday, January 13, 2026 Security Releases (nod)502
release-notes, nodejs
Mitigating Denial-of-Service Vulnerability From Unrecoverable Stack Space Exhaustion for React, Next.js, and APM Users (mco+/nod)501
nodejs, vulnerabilities, react, nextjs, tooling, monitoring, performance
npm to Implement Staged Publishing After Turbulent Shift Off Classic Tokens (sar/soc)500
npm, dependencies, github
Security Basics for Vibe-Coders (owe/pro)499
fundamentals, vibe-coding, ai
Testing Methods: Accessible Authentication (Enhanced) (dec)498
accessibility, testing, wcag, authentication
Testing Methods: Accessible Authentication (Minimum) (dec)497
accessibility, testing, wcag, authentication
Denial of Service and Source Code Exposure in React Server Components (rea)496
react, components
Thursday, December 18, 2025 Security Releases (nod)495
release-notes, nodejs
How We’re Protecting Our Newsroom From npm Supply Chain Attacks (rya/pnp)494
npm, dependencies, case-studies
No More Tokens—Locking Down npm Publish Workflows (zac)493
npm, dependencies, github, processes
[Next.js] Security Advisory: CVE-2025-66478 (seb)492
nextjs
Critical Security Vulnerability in React Server Components (rea)491
react, components
Decreasing [Let’s Encrypt] Certificate Lifetimes to 45 Days (mat/let)490
http, certificates, lets-encrypt
Taking Down Next.js Servers for 0.0001 Cents a Pop489
servers, nextjs, vulnerabilities
The Shai-Hulud 2.0 npm Worm: Analysis, and What You Need to Know488
npm, dependencies
GitLab Discovers Widespread npm Supply Chain Attack (git)487
npm, dependencies, gitlab, github, aws, gcp, azure
Automated npm Secret Rotation in GitHub Actions (mhe)486
npm, automation, github-actions
What Developers Really Mean by “Bad Code” (jet)485
maintainability, scalability, consistency, quality
Introducing the OWASP Top 10:2025 (she+/owa)484
introductions, owasp, vulnerabilities
Removing XSLT for a More Secure Browser (dro)483
chromium, chrome, google, browsers, xsl, web-platform
Will npm’s New Security Steps Stop Attacks? (rev)482
npm, github, maintenance, foss
HTTPS by Default (jde+)481
http, chrome, google, browsers
Agentic AI and Security (ksi/mfo)480
ai, architecture
Octoverse: A New Developer Joins GitHub Every Second as AI Leads TypeScript to #1479
github, metrics, productivity, ai, foss, programming
Glassworm: First Self-Propagating Worm Using Invisible Code Hits OpenVSX Marketplace478
code-editors, vs-code, microsoft
Improving the Trustworthiness of JavaScript on the Web477
javascript, web-apps
Past Time for Passkeys (nor)476
videos, passkeys, passwords, authentication
Secure Coding in JavaScript475
javascript, frameworks
My Conclusions After Using Signed Exchanges on My Website for 2 Years (paw)474
signed-exchanges, performance
Lazy-Loading as a Security Measure473
lazy-loading, angular, react
Backend Concepts Every Experienced Developers Must Know472
concepts, network, concurrency, apis, databases, caching, scalability, observability, architecture
Fixing Safari Mixed Content Issues With Vite and mkcert471
safari, apple, browsers, vite, tooling
How Deno Protects Against npm Exploits (den)470
deno, npm
Strengthening npm Security: Important Changes to Authentication and Token Management469
npm
How Hackers Use AI to Find Vulnerabilities Faster468
ai
CAPTCHA, When Security Takes Precedence Over Accessibility467
captcha, accessibility
Our Plan for a More Secure npm Supply Chain (xco)466
npm, dependencies, foss
npm Security Best Practices465
npm, provenance, best-practices
This May Be the Worst One (the)464
videos, npm, dependencies
Ongoing Supply Chain Attack Targets CrowdStrike npm Packages (pvd+/soc)463
npm, dependencies
ctrl/tinycolor and 40+ npm Packages Compromised462
npm, dependencies
How Maintainer Burnout Is Causing a Kubernetes Security Disaster (the)461
kubernetes, maintenance, foss, economics
Oh No, Not Again… a Meditation on npm Supply Chain Attacks (tan)460
npm, dependencies, microsoft
Anatomy of a Billion-Download npm Supply-Chain Attack459
npm, dependencies
npm Author Qix Compromised via Phishing Email in Major Supply Chain Attack (bur+/soc)458
npm, dependencies
CORS Explained: Stop Struggling With Cross-Origin Errors457
cors, http-headers, http
How OpenJS-Hosted Projects Benefit From Security Support (ope)456
openjs, hosting, foss
Why You Absolutely Need to Have Automated Dependency Management in Place (j9t)455
dependencies, maintainability, maintenance, automation, tooling
What Your Website’s Style Says About You—and How Hackers Can Use It Against You (err)454
css, javascript
Hardening Node.js Apps in Production: 8 Layers of Practical Security453
nodejs, best-practices
eslint-config-prettier Compromised: How npm Package With 30 Million Downloads Spread Malware452
prettier, eslint, npm, malware
AI Agents Are Creating a New Security Nightmare for Enterprises and Startups (the)451
ai, apis
npm Phishing Email Targets Developers With Typosquatted Domain (sar/soc)450
npm
Tuesday, July 15, 2025 Security Releases (nod)449
release-notes, nodejs
Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader (soc)448
npm, dependencies
Dependabot Supports Configuration of a Minimum Package Age447
dependabot, configuration
MCP Security Vulnerabilities and Attack Vectors446
mcp, ai
A New Era of Code Quality445
quality
JWTs Are Not Session Tokens, Stop Using Them Like One444
json-web-tokens, authentication
Design Patterns for Securing LLM Agents Against Prompt Injections (sim)443
studies, research, ai, prompting, software-design-patterns
The Growing Risk of Malicious Browser Extensions (soc)442
browser-extensions
Escaping “<” and “>” in Attributes—How It Helps Protect Against Mutation XSS (sec)441
html, attributes, xss, escaping, chrome, google, browsers
HTML Spec Change: Escaping “<” and “>” in Attributes (sec)440
html, attributes, escaping, xss
Beware of End-of-Life Node.js Versions—Upgrade or Seek Post-EOL Support (mco/nod)439
nodejs, maintenance
How to Access Local MCP Servers Through a Secure Tunnel (the)438
how-tos, mcp, ai, servers, network
Docker Launches Hardened Images, Intensifying Secure Container Market (the)437
docker
Modernizing Security436
modernization, processes
Securing Your Node.js App From Command Injection435
nodejs
Passkeys for Normal People (tro)434
authentication, passkeys, examples, concepts
npm Targeted by Malware Campaign Mimicking Familiar Library Names (soc)433
npm, malware, dependencies, link-lists
What Is an Encryption Backdoor? (int)432
encryption, vulnerabilities, concepts
Cybersecurity Leaders Are Staying in the Shadows (ste)431
community, culture
Principles for Coding Securely With LLMs (sea)430
ai, principles
Threat Actors Misuse Node.js to Deliver Malware and Other Malicious Payloads429
nodejs, malware
TLS Certificate Lifetimes Will Officially Reduce to 47 Days428
tls, certificates
LLMs Can’t Stop Making Up Software Dependencies and Sabotaging Everything (tho/the)427
ai, dependencies, slop
Secure a Vue App With OpenID Connect and the BFF Pattern (due)426
vuejs, authentication, backend-for-frontend
Teaching Code in the AI Era: Why Fundamentals Still Matter (ali)425
training, ai, programming, vibe-coding, scalability, performance, quality, testing, documentation
Stop Using Jenkins in 2025 (oso)424
jenkins, github-actions, ci-cd
Node.js Test CI Security Incident (nod)423
nodejs, retrospectives
Website Hijack Campaign Now Impacting 150,000 Sites (gad)422
Malware Found on npm Infecting Local Package With Reverse Shell (rev)421
npm, dependencies
Five Things Vibe Coders Should Know (From a Software Engineer) (uxd)420
vibe-coding, sanitization, rate-limiting
GitHub Suffers a Cascading Supply Chain Attack Compromising CI/CD Secrets (inf)419
github, ci-cd
How to Prevent WordPress SQL Injection Attacks (sma)418
how-tos, wordpress, sql, databases
Lazarus Strikes npm Again With New Wave of Malicious Packages (soc)417
npm, dependencies
Updates on CVE for End-of-Life Versions (raf/nod)416
nodejs
What Is the OWASP Top 10 and How Can Your Team Benchmark Security? (jet)415
owasp, vulnerabilities, qodana, jetbrains
How to Protect Your Web Applications From XSS (tor/w3c)414
how-tos, web-apps, xss
In Tech, What Matters and What Is Dangerous (ham)413
community, foss, open-web
Secure UX: Building Cybersecurity and Privacy Into the UX Lifecycle (uxm)412
user-experience, processes
The Fallacy of Balance: Challenging the Notion of Security and Accessibility as Opposing Objectives (deq)411
videos, accessibility
It Is No Longer Safe to Move Our Governments and Societies to US Clouds (ber)410
cloud-computing, privacy, legal
How OWASP Helps You Secure Your Full-Stack Web Applications (eri/sma)409
owasp, monitoring, authentication, vulnerabilities, configuration, csrf, cryptography, authorization
10 Common Web Development Mistakes to Avoid Right Now408
mistakes, mobile, performance, accessibility, seo, navigation, analytics, testing
Tightening Every Bolt (bag)407
videos, processes, code-reviews, testing
On Generative AI Security (sch)406
ai, lessons, microsoft
Understanding CORS Errors in Signed Exchanges (paw)405
cors, errors, signed-exchanges
Keep Your Node.js Apps Secure With “npx is-my-node-vulnerable” (tre)404
packages, npm, nodejs
How I Open-Sourced My Secret Access Tokens From GitHub, Slack, and npm—and Who Actually Cares403
github, slack, npm
Node.js EOL Versions CVE Dubbed the “Worst CVE of the Year” by Security Experts (sar/soc)402
nodejs, documentation
Tuesday, January 21, 2025 Security Releases (raf/nod)401
release-notes, nodejs
APIs Are Quickly Becoming the Latest Security Battleground (and Nightmare) (the)400
apis
CDN-First Is No Longer a Performance Feature (osv)399
content-delivery, performance, caching, embed-code, privacy
The Cyber-Cleanse: Take Back Your Digital Footprint (cyb)398
privacy
15 Principles for Secure Programming (rak)397
principles, validation, testing
Important Topics for Frontend Developers to Master in 2025396
learning, javascript, typescript, css, frameworks, git, apis, testing, performance, ci-cd, websockets
Developer Guide: How to Implement Passkeys395
guides, how-tos, authentication, passkeys
How to Automate OWASP Security Reviews in Your Pull Requests? (cod)394
how-tos, owasp, automation, code-reviews, coderabbit
5 Technical Trends to Help Web Developers Stand Out in 2025 (the)393
trends, career, javascript, ai, low-and-no-code
Avoid Hotlinking Images With “Cross-Origin-Resource-Policy”392
images
Content Security Policy Level 3 (mik/w3c)391
standards, csp
Security (htt)390
web-almanac, studies, research, metrics
JavaScript Import Attributes (ES2025) (tre)389
javascript
Exploring Internet Traffic Shifts and Cyber Attacks During the 2024 US Election388
traffic
Cross-Site WebSocket Hijacking: Understanding and Exploiting CSWSH (pen)387
websockets
Securing Your Express REST API With Passport.js386
nodejs, express, json-web-tokens, apis, rest, tooling
SecretLint—a Linter for Preventing Committing Credentials (tre)385
tooling, linting
The Importance of UX in Cybersecurity (uxm)384
user-experience, usability
Understanding “npm audit” and Fixing Vulnerabilities383
npm, vulnerabilities, nodejs
Top 4 Web Vulnerabilities With Example and Mitigation382
vulnerabilities, sql, databases, xss, csrf
How to Implement Content Security Policy (CSP) Headers for Astro (tre)381
how-tos, http, http-headers, csp, astro, vercel, cloudflare
Why Code Security Matters—Even in Hardened Environments380
vulnerabilities, file-handling, nodejs
Database 101: SSL/TLS for Beginners379
introductions, databases, ssl, tls, authentication
Cloudflare Study: 39% of Companies Losing Control of Their IT and Security Environment (tre)378
studies, research, engineering-management
NIST Recommends Some Common-Sense Password Rules (sch)377
passwords, guidelines
I Finally Understand OAuth376
authorization, oauth, processes
Fake GitHub Site Targeting Developers (jul/san)375
github
Hacking Cars in JavaScript (Running Replay Attacks in the Browser With the HackRF) (dev)374
javascript
Gaining Access to Anyone’s Browser Without Them Even Visiting a Website373
arc, the-browser-company, browsers, vulnerabilities
10 AI Dangers and Risks and How to Manage Them (rin)372
ai, privacy, sustainability, legal
Web Security: Shaping the Secure Web (set/w3c)371
web, w3c
5 Wasm Use Cases for Frontend Development (ele/des)370
guest-posts, webassembly, performance
What Is Incident Response?369
incident-response, overviews
Migrating From Netlify to Cloudflare for AI Bot Protection (sia)368
migrating, netlify, cloudflare, ai
The Great npm Garbage Patch367
dependencies, npm, spam
Frontend Security Checklist (tre)366
checklists, react
Automated Ways to Security Audit Your Website365
auditing, automation, tooling
Secure Node.js Applications From Supply Chain Attacks364
nodejs, best-practices, dependencies
The Cloud Run Security Gap You Didn’t Know You Had (and How to Fix It)363
google, gcp
The Pitfalls of In-App Browsers (fro)362
browsers, mobile, privacy, user-experience
Supply Chain Security in npm—We Can Be Optimistic About the Future361
npm, dependencies, provenance
Script Integrity (chr/fro)360
embed-code, javascript
Introducing the MDN HTTP Observatory (mdn)359
introductions, mdn, mozilla, http
Tuesday, July 2, 2024 Security Releases (nod)358
release-notes, nodejs
WebAuthn: Enhancing Security With Minimal Effort (tbe)357
authentication, webauthn
RegreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH Server356
ssh, vulnerabilities
Polyfill Supply Chain Attack Embeds Malware in JavaScript CDN Assets355
malware, vulnerabilities
Catching Compromised Cookies354
cookies, testing
Backdoor Slipped Into Multiple WordPress Plugins in Ongoing Supply-Chain Attack (dan/ars)353
wordpress, plugins
The Hacking of Culture and the Creation of Socio-Technical Debt (sch)352
culture
OAuth Authentication (rya)351
authentication, authorization, oauth
Researchers Uncover npm Registry Vulnerability to Cache Poisoning and DoS Attacks (sar/soc)350
npm, dependencies, vulnerabilities, caching
What Is Mixed Content? (fre)349
http
The Ultimate Guide to Iframes (log)348
guides, iframes, html, javascript
How a Single Vulnerability Can Bring Down the JavaScript Ecosystem347
javascript, npm, dependencies, caching, vulnerabilities
JavaScript Security: Simple Practices to Secure Your Frontend346
javascript, dependencies, csp
Manifesto for a Humane Web (mic)345
websites, manifestos, web, principles, accessibility, dei, sustainability, user-experience
Securing Client-Side JavaScript (ada)344
javascript, graceful-degradation
Poor Express Authentication Patterns in Node.js and How to Avoid Them343
express, nodejs, authentication
Passkeys: A Shattered Dream (fir)342
authentication, passkeys
Using Legitimate GitHub URLs for Malware (sch)341
malware, github
When Security and Accessibility Clash: Why Are Banking Applications So Inaccessible? (nic)340
accessibility
Open Source Security (OpenSSF) and OpenJS Foundations Issue Alert for Social Engineering Takeovers of Open Source Projects (ope)339
foss, openjs
Wednesday, April 10, 2024 Security Releases (raf/nod)338
release-notes, nodejs
Node.js Secure Coding: Mitigate and Weaponize Code Injection Vulnerabilities337
books, nodejs, vulnerabilities
The Free Software Commons (jen)336
foss, community
The V8 Sandbox335
v8
Building a Digital Fortress: How to Strengthen DNS Against DDoS Attacks?334
dns
Using JSON Web Tokens With Node.js333
json-web-tokens, nodejs, authentication
Wednesday, April 3, 2024 Security Releases (nod)332
release-notes, nodejs
In-App Browsers Are Still a Privacy, Security, and Choice Problem (tho/the)331
browsers, mobile, privacy
How Does Single Sign-On (SSO) Work? (mil)330
authentication
CORS Finally Explained—Simply329
csrf, cors, concepts
How npm Install Scripts Can Be Weaponized: A Real-World Example of a Harmful npm Package (eth)328
npm, dependencies, examples
Preventing SQL Injection Attacks in Node.js327
nodejs, databases, sql
Frontend Application Security: Tips and Tricks326
web-apps, xss, csrf, authentication, dependencies, csp, validation, tips-and-tricks
Wednesday, February 14, 2024 Security Releases (raf+/nod)325
release-notes, nodejs
How to Boost WordPress Security and Protect Your SEO Ranking324
how-tos, wordpress, seo
Malicious npm Package Masquerades as Noblox.js, Targeting Roblox Users for Data Theft (sar/soc)323
npm, dependencies
Practice Safe DSD With “setHTMLUnsafe” (It’s Complicated) (jar/van)322
html, dom, shadow-dom, apis
Tuesday, February 6, 2024 Security Releases (raf/nod)321
release-notes, nodejs
JWT vs. Session Authentication320
authentication, json-web-tokens, comparisons
GitHub, npm Registry Abused to Host SSH Key-Stealing Malware319
github, npm, malware, foss
Navigating JavaScript Security: Recompiling Firefox to Bypass Anti-Debugger Techniques (gli)318
javascript, debugging, firefox, mozilla, browsers
Deceptive Deprecation: The Truth About npm Deprecated Packages317
deprecation, npm, dependencies, research
Safely Accessing the DOM With Angular SSR316
dom, javascript, angular, server-side-rendering
Node.js Security Progress Report—Progress on Permission Model, Fuzzer, and Connections With Community (ope)315
nodejs
I Hate CORS314
videos, cors
Secure Your Code: Auto-Fix Vulnerabilities With Dependabot (GitHub Tutorial)313
videos, dependencies, dependabot
Building Multiple Progressive Web Apps on the Same Domain312
videos, web-apps, progressive-web-apps, architecture
Session-Based vs. Token-Based Authentication: Which Is Better?311
authentication, json-web-tokens, comparisons
10 Best Practices for Secure Code Review of Node.js Code310
best-practices, code-reviews, nodejs
Security Headers Using “<meta>” (sap/mat)309
csp, html
Blind CSS Exfiltration: Exfiltrate Unknown Web Pages308
css
Mastering Cryptography Fundamentals With Node’s “crypto” Module307
cryptography, nodejs
Secure Code Review Tips to Defend Against Vulnerable Node.js Code306
nodejs, code-reviews
Understanding CORS305
cors
What the !#@% Is a Passkey? (eff)304
passkeys
Secret Scanning Scans Public npm Packages303
github, npm, dependencies
Local HTTPS for Next.js 13.5 (ami)302
testing, http, nextjs
Understanding XSS Attacks301
xss
A Comprehensive Guide to the Dangers of Regular Expressions in JavaScript (phi)300
guides, javascript, regex
Best Practices for Securing Node.js Applications in Production299
best-practices, nodejs
SSH Keys Stolen by Stream of Malicious PyPI and npm Packages (ble)298
ssh, dependencies, npm
npm Provenance General Availability297
github, npm, provenance
Open Source Trends to Look for in 2024296
foss, trends, outlooks, ai
The WebP 0-Day295
webp, google, apple
Securing Your Node.js Apps by Analyzing Real-World Command Injection Examples294
nodejs, history, examples
How to Implement SSL/TLS Pinning in Node.js293
how-tos, ssl, tls, nodejs
A More Intelligent and Secure Web (ple/w3c)292
videos, w3c, standards, web, web-platform
Demystifying CORS: Understanding How Cross-Origin Resource Sharing Works291
cors, javascript
Towards HTTPS by Default (jde)290
browsers, google, chrome, http, tls
Sophisticated, Highly-Targeted Attacks Continue to Plague npm289
npm
An Update on Chrome Security Updates—Shipping Security Fixes to You Faster288
browsers, google, chrome
Tuesday, August 8, 2023 Security Releases (raf/nod)287
release-notes, nodejs
SECURITY.md: Should I Have It? (mry/ecl)286
documentation
Publishing With npm Provenance From Private Source Repositories Is No Longer Supported285
github, npm, provenance, foss
Social Engineering Campaign Targeting Tech Employees Spreading Through npm Malware (soc)284
malware, npm
Securing the Web Forward: Addressing Developer Concerns in Web Security (tor/w3c)283
web, surveys
Encoding: A Brief History and Its Role in Cybersecurity282
encoding, unicode, history
User Input Sanitization and Validation: Securing Your App281
sanitization, validation, conformance
Node.js Security Progress Report—17 Reports Closed (ope)280
nodejs
The Importance of Verifying Webhook Signatures279
webhooks
The Massive Bug at the Heart of the npm Ecosystem278
npm, dependencies, bugs
All You Need to Know About CORS and CORS Errors277
cors, errors
Understanding Authorization Before Authentication: Enhancing Web API Security276
authorization, authentication, apis, comparisons
An Introduction to Command Injection Vulnerabilities in Node.js and JavaScript275
introductions, vulnerabilities, nodejs, javascript
Django: A Security Improvement Coming to “format_html()” (ada)274
django, html
Tuesday, June 20, 2023 Security Releases (raf/nod)273
release-notes, nodejs
security.txt Now Mandatory for Dutch Government Websites272
legal
File Upload Security and Malware Protection (aus)271
malware, file-handling, edge-computing
Security Implications of HTTP Response Headers270
http, http-headers
The Case Against Automatic Dependency Updates (ben)269
dependencies, automation, ci-cd, maintenance
Automating Dependency Updates: The Big Debate268
dependencies, automation, ci-cd
Introducing npm Package Provenance267
introductions, github, npm, provenance, foss
Generating Provenance Statements266
npm, provenance
8 Best Tools for Cryptography and Encryption (sta)265
link-lists, tooling, comparisons, cryptography, encryption, privacy
Dissecting npm Malware: Five Packages and Their Evil Install Scripts264
npm, malware
Passkeys: What the Heck and Why? (css)263
passkeys
Senior Engineering Strategies for Advanced React and TypeScript (tec)262
strategies, react, typescript, architecture, testing, performance, accessibility, maintenance
Cryptographically Protecting Your SPA261
single-page-apps, cryptography
Without Accessibility, There Is No Privacy or Security260
accessibility, privacy
Tips for Handling Dependabot, CodeQL, and Secret Scanning Alerts259
alerting, dependabot, tips-and-tricks
How to Password-Protect a Static HTML Page With No JS (ede)258
how-tos, css, fonts
SSL Certificates Explained257
videos, certificates, ssl, protocols
Quick Tip: How to Hash a Password in PHP256
how-tos, php, passwords, tips-and-tricks
Sandboxing JavaScript Code255
javascript
Unlocking Security Updates for Transitive Dependencies With npm254
npm, dependencies, maintenance
7 Required Steps to Secure Your Iframes Security253
iframes, xss, html, http-headers, csp
Conditional API Responses for JavaScript vs. HTML Forms (aus)252
javascript, html, forms, comparisons
Why Do We Need Authorization and Authentication?251
authorization, authentication
The Top 10 Security Vulnerabilities for Web Applications250
vulnerabilities, web-apps
Leaked a Secret? Check Your GitHub Alerts… for Free249
github
DOM Clobbering (fre/mat)248
dom
New npm Features for Secure Publishing and Safe Consumption247
npm, dependencies
Using SRI to Protect From Malicious JavaScript (mat)246
javascript
WordPress Versions 3.7–4.0 No Longer Get Security Updates (sar)245
wordpress
“Not Secure” Warning for IE Mode244
browsers, microsoft, edge, internet-explorer
Node.js Security Best Practices (nod)243
nodejs, best-practices
npm Security: Preventing Supply Chain Attacks242
npm, dependencies
Secure JavaScript URL Validation241
javascript, validation, urls
Create a Passkey for Passwordless Logins (age)240
authentication, passkeys
Designing a Secure API239
software-design, apis
Phylum Detects Active Typosquatting Campaign Targeting npm Developers238
npm, dependencies
Security (htt)237
web-almanac, studies, research, metrics
Continue Using .env Files as Usual236
environments
Quick Reminder: HTML5 “required” and “pattern” Are Not a Security Feature (cod)235
html, forms
Stop Using .env Files Now234
environments
Debunking Myths About HTTPS233
http, myths
Secure Your Node.js App With JSON Web Tokens (app)232
nodejs, json-web-tokens
Dependabot Unlocks Transitive Dependencies for npm Projects231
dependencies, npm, dependabot
JavaScript Bugs Aplenty in Node.js Ecosystem—Found Automatically230
studies, research, nodejs, javascript, dependencies, quality, bugs
Introducing Even More Security Enhancements to npm229
introductions, npm
Top 5 npm Vulnerability Scanners228
npm, vulnerabilities, tooling
What Is Passwordless Authentication and How to Implement It227
authentication, passwords
GA4 Is Being Blocked by Content Security Policy226
csp, metrics, google
Please Remove That .git Folder225
git
Should I Have Separate GitHub Accounts for Personal and Professional Projects?224
discussions, github, career
Understanding CSRF Attacks (zel)223
csrf
npm Security Update: Attack Campaign Using Stolen OAuth Tokens222
oauth, version-control, npm, github
Snyk Finds 200+ Malicious npm Packages, Including Cobalt Strike Dependency Confusion Attacks221
javascript, npm, dependencies
Unexpectedly HTTPS?220
http
How to Respond to Growing Supply Chain Security Risks?219
how-tos, dependencies, nodejs, npm
The Web Is for Everyone: Our Vision for the Evolution of the Web (moz)218
web, outlooks, privacy, accessibility, performance, user-experience
Using HTTPS in Your Development Environment217
http, environments
How to Prevent SQL Injection Attacks in Node.js216
how-tos, nodejs, databases, sql
Can You Get Pwned With CSS?215
css
How to Fix Your Security Vulnerabilities With npm Override214
how-tos, vulnerabilities, npm, dependencies
Never, Ever, Ever Use Pixelation for Redacting Text213
content, images, obfuscation
Accessibly Insecure212
accessibility
Lessons Learned From Publishing a Content Security Policy211
lessons, csp
Ain’t No Party Like a Third Party (ada/css)210
dependencies, embed-code
Security (htt)209
web-almanac, studies, research, metrics
GitHub’s Commitment to npm Ecosystem Security208
github, npm
Understanding and Implementing OAuth2 in Node.js (hon)207
nodejs, authorization, oauth
How to Win at CORS (jaf)206
how-tos, cors, html, http
The Options for Password-Revealing Inputs (chr/css)205
html, css, passwords, usability
npm Security Best Practices (owa)204
npm, best-practices
Encoding Data for POST Requests (jaf)203
javascript, encoding
NPM Global Audit202
packages, npm, quality, auditing
Understanding and Preventing Common Security Vulnerabilities201
vulnerabilities
Open Source Insights200
websites, foss, dependencies, licensing
I Learned to Love the Same-Origin Policy (eee/css)199
cors
Is Edge Computing Secure? Here Are 4 Security Risks to Be Aware Of198
edge-computing
TLS and mTLS Demystified197
tls, protocols
Best Practices for Inclusive Textual Websites196
performance, accessibility, best-practices
Clickjacking Attacks and How to Prevent Them195
how-tos
How to Safely Use GitHub Actions in Organizations (nza)194
how-tos, github-actions
What Is mTLS and How Does It Work?193
Mutual TLS: Stuff You Should Know192
tls, protocols
Don’t Try to Sanitize Input—Escape Output191
sanitization, escaping
Encrypting DNS Query Bad for Performance? (erw)190
performance, dns, http, encryption
Apple Joins FIDO Alliance, Commits to Getting Rid of Passwords (zdn)189
apple, fido, passwords, authentication
How to Automatically Update Your JavaScript Dependencies (spa/clo)188
how-tos, javascript, dependencies, automation, processes
What SSL Is, and Which Certificate Type Is Right for You187
ssl, certificates, privacy, concepts
Usability and Security; Better Together (24w)186
usability, user-experience
Server-Side Includes (SSI) Injection (owa)185
ssi
How Internet Security Works: TLS, SSL, and CA (osd)184
tls, ssl, protocols, certificates
Security and Privacy for Our Times (luk/w3c)183
privacy, web-platform
Web Feature Developers Told to Dial Up Attention on Privacy and Security (rip/tec)182
w3c, privacy, web-platform
CSS Security Vulnerabilities (chr/css)181
css, privacy, vulnerabilities
Understanding Subresource Integrity (dre/sma)180
hashing, embed-code
W3C Strategic Highlights: Web for All (Security, Privacy, Identity) (w3c)179
w3c, privacy, authentication
Guide to Web Authentication178
websites, authentication, webauthn, javascript
It’s Beginning to Look a Lot Like XSSmas (24w)177
vulnerabilities, csrf, xss
Protecting Your Site With Feature Policy (rac/sma)176
http-headers, http
AWS Security Guide: 7 Best Practices to Avoid Security Risks (wom)175
guides, aws, best-practices
WebAuthn, FIDO2 Infuse Browsers, Platforms With Strong Authentication (dar)174
w3c, fido, authentication, webauthn, browsers
In Your Face, Passwords: Big Three Browsers All Adopt Authentication API173
authentication, webauthn, apis, edge, microsoft, chrome, google, firefox, mozilla, browsers
HTTPS Is Easy (tro)172
websites, http
WordPress Security as a Process (sma)171
wordpress, processes
Making Your Website Faster and Safer With Cloudflare170
performance, caching, cloudflare
Validating Dependencies in the Project With npm-check and depcheck169
dependencies, maintenance, auditing, tooling, npm
Third Party CSS Is Not Safe (jaf)168
html, css, embed-code
Attackers Can Steal Sensitive Data by Abusing CSS—CSS Exfil Vulnerability167
css, csp
Building Secure JavaScript Applications166
javascript, xss, csrf, json-web-tokens, passwords
Creating Secure Password Resets With JSON Web Tokens (sma)165
passwords, json-web-tokens, nodejs
The Complete Guide to Switching From HTTP to HTTPS (sma)164
guides, http
Rate Limiting With nginx163
servers, nginx, rate-limiting
How (Not) to Control Your CDN (mno)162
content-delivery, caching, http
How to Secure WordPress With SSL161
how-tos, wordpress, ssl
Encrypting IP Addresses (ber)160
ip, network, privacy, encryption
How to Secure Your Web App With HTTP Headers (sma)159
how-tos, web-apps, http, http-headers, csp
Just Another HTTPS Nudge (chr/css)158
http
On EME in HTML5 (tim/w3c)157
eme, drm, html, legal, standards, w3c
Using SSH Securely (ann)156
ssh
More Than 300 Federal Gov Websites Fail to Meet Domain Encryption Deadline155
http, tls, protocols, encryption
Content Security Policy Level 2 (mik+/w3c)154
standards, csp
A Checklist for Website Reviews (hcr)153
checklists, performance, browsers, seo, accessibility
Content Security Policy, Your Future Best Friend (sma)152
csp, link-lists
A Refined Content Security Policy (web)151
html, csp, webkit, safari, apple, browsers
The Performance Benefits of “rel=noopener” (jaf)150
html, links, performance
Web Platform Security Boundaries (ann)149
web-platform
Subresource Integrity (dev+/w3c)148
hashing, html, standards
W3C Looks to Secure the Web (sdt)147
w3c, authentication
Distribution Packages Considered Insecure146
dependencies, unix-like
The Current State of Web Security (An Interview With Anselm Hannemann) (hel+/css)145
interviews, http, ssl, tls, encryption, cloudflare, lets-encrypt
Eliminating Known Vulnerabilities With Snyk (sma)144
vulnerabilities, tooling
10 Web Predictions for 2016 (cra)143
web, outlooks, site-generators, browsers, css, mobile, performance, webassembly, seo
HSTS and “Let’s Encrypt” (tka)142
http, http-headers, ssl, lets-encrypt
An in-Depth Look at CORS141
cors, javascript, php
Indexing HTTPS Pages by Default140
google, search, http
Why Passwordless Authentication Works (cra)139
authentication, passwords
Introduction to TLS and SSL (ope)138
introductions, tls, ssl, protocols, certificates
A Simple Developer Error Is Exposing Private Information on Thousands of Websites (owe)137
version-control, git, mistakes, vulnerabilities
More Tips to Further Secure WordPress (eli)136
wordpress, tips-and-tricks, plugins
Improving Web Security With the Content Security Policy135
csp, http
Deprecating HTTP134
http, protocols, deprecation
Mozilla Wants to Deprecate Non-Secure HTTP, Will Make Proposals to W3C “Soon” (epr/ven)133
mozilla, http, deprecation
Want Fancy Firefox Features? Secure Your Website (sts/cne)132
firefox, mozilla, browsers, http
WordPress Front End Security: CSRF and Nonces (css)131
wordpress, csrf
Introduction to WordPress Front End Security: Escaping the Things (css)130
introductions, wordpress, escaping
What Are the Security Risks of HTML5 Apps?129
web-apps, sanitization
Moving to HTTPS on WordPress (chr/css)128
wordpress, http
Same-Origin Policy (ann)127
cors, web-platform
Securing the Web (w3c)126
web-platform
What I’d Tell My Younger Self About Learning Development as a Web Designer125
learning, programming, javascript, databases, servers, preprocessors, version-control, performance, career
HTTPS as a Ranking Signal (met)124
google, search, http, seo
mXSS (gaz)123
xss, html
It’s Time to Encrypt the Entire Internet (kli/wir)122
web, http, ssl, encryption
3 Tips to Find Hacking on Your Site, and Ways to Prevent and Fix It121
search, google, tips-and-tricks
Cross-Origin Resource Sharing (ann/w3c)120
cors, standards
Despite Automatic Updates, Old Browsers Are Still a Problem (edb/zdn)119
browsers, web-platform, chrome, google, firefox, mozilla, internet-explorer, microsoft, safari, apple
Cross-Origin Resource Sharing on Track to Become a W3C Recommendation (sdt)118
w3c, cors, standards
Bid to Kill CAPTCHA Security Test Gains Momentum117
captcha, accessibility
We Should All Have Something to Hide116
privacy
Mobile Website Security115
mobile, hosting, policies
WordPress Security Tips114
wordpress, tips-and-tricks
Brad Hill: “HTML5 Security Realities” (chr/css)113
slides, xss, html
Bulletproof Your Drupal Website112
drupal
Top 10 PHP Security Vulnerabilities111
php, vulnerabilities
A Front End Engineer’s Manifesto (zac)110
websites, manifestos, user-experience, progressive-enhancement, simplicity, foss, accessibility, community, learning
A JavaScript Security Flaw109
javascript
The Secure Programmer’s Pledge108
manifestos
An Introduction to Content Security Policy (mik)107
introductions, csp
Rate Limiting With Apache and mod_security (joh)106
servers, apache, rate-limiting
Cross-Site Scripting Attacks (XSS)105
xss, examples
How to Secure Your WordPress Website (sma)104
how-tos, wordpress, link-lists
Using CORS103
cors
Some Notes on the Recent XML Encryption Attack (w3c)102
xml, encryption
XML Encryption Flaw Leaves Web Services Vulnerable (eur)101
web-services, xml, encryption
Notes From Writing HTML5 Media (bur)100
html, multimedia
HTTPS Is More Secure, So Why Isn’t the Web Using It? (ars)99
http, protocols, web
Web Cryptography: Salted Hash and Other Tasty Dishes (ali)98
cryptography
What Are the JSON Security Concerns in Web Development? (sim)97
json
What Is Cross Site Scripting or XSS? (chr/css)96
xss, javascript, concepts
Web Developers Accountable for HTML 5 Security95
html
HTML5 Raises New Security Issues94
html, browsers
10 Useful WordPress Security Tweaks (sma)93
wordpress
Web Security: Are You Part of the Problem? (cod/sma)92
vulnerabilities, php, javascript
Full Frontal ’09: Chris Heilmann on JavaScript Security (mic/aja)91
javascript
Cookies and Security (nza)90
cookies, xss, csrf
Finally Something to Get a Few More Users Off of IE 6? (dal/aja)89
internet-explorer, microsoft, browsers
The Internet Is Closing to Innovation (zit/new)88
web
You Could Be Getting Clickjacked (tec)87
vulnerabilities, frames, w3c
Video and Audio Tags and Cross Origin Access (dal/aja)86
html, multimedia
Dumb Security Tips: Think Before You Follow Online Guides (tan)85
tips-and-tricks
Alerting Webmasters to Webserver Vulnerabilities84
google
Simon Willison, @Media Ajax (mic/aja)83
ajax, xss, csrf, javascript, json
Frame-Busting Gadgets (mic)82
frames, iframes
Evil GIFs: Hiding Java in Your Image (dal/aja)81
gif, images, java
What’s in a “window.name”? (cod/aja)80
javascript
Internet Explorer 8 Promises Better Standards Compliance… and a Whole Lot More (est/cio)79
internet-explorer, microsoft, browsers, standards
Ajaxian Roundup for January 2008: JavaScript Turtles and IE 8 (dal/aja)78
javascript, prototypejs, dojo, extjs, jquery, gwt, yui, dwr, gears, flash, air, json, browsers, standards, css, design, comet, ajaxian, link-lists
Book Recommendation: “AJAX Security” by Hoffman and Sullivan77
books, ajax, javascript
Ajaxian Roundup for December 2007: It’s the End of the Year as We Know It (dal/aja)76
browsers, javascript, prototypejs, extjs, yui, jquery, microsoft, dwr, performance, gwt, comet, css, mobile, ajaxian, link-lists
Cross Site Scripting Joy (tri)75
xss
Making JavaScript Safe With No Script (dal/aja)74
javascript
Obscurity, Security, and Captcha (zac)73
captcha, accessibility
Automated Security Scanners Choke on AJAX (rey/aja)72
ajax, javascript
Quick Security Checklist for Webmasters71
checklists
How to Protect a JSON or JavaScript Service70
how-tos, json, javascript
Securing Your JSON69
json, javascript, arrays
CSRF Protection Idea (dal/aja)68
csrf
JavaScript Security Experiments (mar)67
javascript, experiments
Security vs. Usability (nza)66
usability
Prepare for Attack—Making Your Web Applications More Secure65
web-apps, sql, xss, examples
JSON vs. XML: Browser Security Model (car)64
browsers, json, xml, comparisons
The Dangers of Cross-Domain AJAX With Flash (shi)63
ajax, javascript, flash
DOM vs. Web (mno)62
http, dom
AJAX: Is Your Application Secure Enough?61
ajax, javascript, web-apps
AJAX, XHR, JavaScript, and Cross Domain Security Story60
ajax, javascript
Top 7 PHP Security Blunders59
php, databases, sql
How to Make “XMLHttpRequest” Calls to Another Server in Your Domain58
how-tos, javascript
IE Frame Bug (dal/aja)57
internet-explorer, microsoft, browsers, frames
Validate Your Input!56
validation
JavaScript Security55
javascript
File Upload Security (lac)54
html, file-handling
Spot the Security Hole53
php
JavaScript and Security (sim)52
javascript
Handling Content From Strangers51
content
Web Services Security Gets Serious50
web-services
Getting Started With XML Security49
introductions, xml
Sorting Out the Web Services Security Landscape (tec)48
web-services, ssl, w3c
Website Experience Analyzer47
tools, analysis, performance, user-experience
Server Port Scanner46
tools, analysis, network, servers
Abuse Contact Lookup45
tools, analysis, policies
Content Security Policy Validator (CSP Validator)44
tools, analysis, csp, conformance
Content Security Policy Validator (Google)43
tools, analysis, csp, conformance
Cookie Use Checker42
tools, analysis, cookies
DNSSEC Checker41
tools, analysis, dns
Domain or IP Spam Checker40
tools, analysis, domains, ip
Email Blacklist Checker39
tools, analysis, email
Malware and Security Scanner38
tools, analysis
Site and Origin Comparer37
tools, analysis, comparisons
SPF Record Checker36
tools, analysis, dns, domains
SSL Checker (Qualys)35
tools, analysis, ssl, certificates