Understanding CSRF Attacks zel )May 29, 2022 205 csrf npm Security Update: Attack Campaign Using Stolen OAuth Tokens git )May 26, 2022 204 oauth , version-control , npm , github Snyk Finds 200+ Malicious npm Packages, Including Cobalt Strike Dependency Confusion Attacks sny )May 24, 2022 203 javascript , npm , dependencies Unexpectedly HTTPS? May 16, 2022 202 http How to Respond to Growing Supply Chain Security Risks? Apr 3, 2022 201 how-tos , dependencies , nodejs , npm The Web Is for Everyone: Our Vision for the Evolution of the Web moz )Mar 23, 2022 200 web , outlooks , privacy , accessibility , performance , user-experience Using HTTPS in Your Development Environment Mar 7, 2022 199 http , environments How to Prevent SQL Injection Attacks in Node.js Mar 3, 2022 198 how-tos , nodejs , databases , sql Can You Get Pwned With CSS? Feb 23, 2022 197 css How to Fix Your Security Vulnerabilities With npm Override Feb 23, 2022 196 how-tos , vulnerabilities , npm , dependencies Never, Ever, Ever Use Pixelation for Redacting Text Feb 15, 2022 195 content , images , obfuscation Accessibly Insecure Jan 31, 2022 194 accessibility Lessons Learned From Publishing a Content Security Policy Dec 14, 2021 193 lessons , csp Ain’t No Party Like a Third Party ada /css )Dec 3, 2021 192 dependencies , embed-code Security htt )Dec 1, 2021 191 web-almanac , studies , research , metrics GitHub’s Commitment to npm Ecosystem Security git )Nov 15, 2021 190 github , npm Understanding and Implementing OAuth2 in Node.js hon )Oct 18, 2021 189 nodejs , authorization , oauth How to Win at CORS jaf )Oct 12, 2021 188 how-tos , cors , html , http The Options for Password-Revealing Inputs chr /css )Oct 6, 2021 187 html , css , passwords , usability npm Security Best Practices owa )Aug 3, 2021 186 npm , best-practices Encoding Data for POST Requests jaf )Jun 30, 2021 185 javascript , encoding NPM Global Audit Jun 16, 2021 184 packages , npm , quality , auditing Understanding and Preventing Common Security Vulnerabilities Jun 15, 2021 183 vulnerabilities Open Source Insights Jun 3, 2021 182 websites , foss , dependencies , licensing I Learned to Love the Same-Origin Policy eee /css )Dec 17, 2020 181 cors Is Edge Computing Secure? Here Are 4 Security Risks to Be Aware Of Dec 9, 2020 180 edge-computing TLS and mTLS Demystified Dec 9, 2020 179 tls , protocols Best Practices for Inclusive Textual Websites Nov 23, 2020 178 performance , accessibility , best-practices What Is mTLS and How Does It Work? Apr 30, 2020 177 Mutual TLS: Stuff You Should Know Mar 19, 2020 176 tls , protocols Don’t Try to Sanitize Input—Escape Output Feb 27, 2020 175 sanitization , escaping Encrypting DNS Query Bad for Performance? erw )Feb 20, 2020 174 performance , dns , http , encryption Apple Joins FIDO Alliance, Commits to Getting Rid of Passwords zdn )Feb 12, 2020 173 apple , fido , passwords , authentication How to Automatically Update Your JavaScript Dependencies spa /clo )Jan 30, 2020 172 how-tos , javascript , dependencies , automation , processes What SSL Is, and Which Certificate Type Is Right for You Jan 29, 2020 171 ssl , certificates , privacy , concepts Usability and Security; Better Together 24w )Dec 22, 2019 170 usability , user-experience Server-Side Includes (SSI) Injection owa )Dec 4, 2019 169 ssi How Internet Security Works: TLS, SSL, and CA osd )Nov 18, 2019 168 tls , ssl , protocols , certificates Security and Privacy for Our Times luk /w3c )Sep 11, 2019 167 privacy , web-platform Web Feature Developers Told to Dial Up Attention on Privacy and Security rip /tec )Sep 11, 2019 166 w3c , privacy , web-platform CSS Security Vulnerabilities chr /css )Sep 9, 2019 165 css , privacy , vulnerabilities Understanding Subresource Integrity dre /sma )Apr 9, 2019 164 hashing , embed-code W3C Strategic Highlights: Web for All (Security, Privacy, Identity) w3c )Mar 18, 2019 163 w3c , privacy , authentication Guide to Web Authentication Jan 24, 2019 162 websites , authentication , webauthn , javascript It’s Beginning to Look a Lot Like XSSmas 24w )Dec 17, 2018 161 vulnerabilities , csrf , xss Protecting Your Site With Feature Policy rac /sma )Dec 12, 2018 160 http-headers , http AWS Security Guide: 7 Best Practices to Avoid Security Risks wom )Oct 31, 2018 159 guides , aws , best-practices WebAuthn, FIDO2 Infuse Browsers, Platforms With Strong Authentication dar )Sep 19, 2018 158 w3c , fido , authentication , webauthn , browsers In Your Face, Passwords: Big Three Browsers All Adopt Authentication API Aug 1, 2018 157 authentication , webauthn , apis , edge , microsoft , chrome , google , firefox , mozilla , browsers HTTPS Is Easy tro )Jun 27, 2018 156 websites , http WordPress Security as a Process sma )Jun 21, 2018 155 wordpress , processes Making Your Website Faster and Safer With Cloudflare Jun 12, 2018 154 performance , caching , cloudflare Validating Dependencies in the Project With npm-check and depcheck Jun 1, 2018 153 dependencies , maintenance , auditing , tooling , npm Third Party CSS Is Not Safe jaf )Feb 27, 2018 152 html , css , embed-code Attackers Can Steal Sensitive Data by Abusing CSS—CSS Exfil Vulnerability Feb 7, 2018 151 css , csp Building Secure JavaScript Applications Jan 18, 2018 150 javascript , xss , csrf , json-web-tokens , passwords Creating Secure Password Resets With JSON Web Tokens sma )Nov 9, 2017 149 passwords , json-web-tokens , nodejs The Complete Guide to Switching From HTTP to HTTPS sma )Jun 12, 2017 148 guides , http How (Not) to Control Your CDN mno )Jun 7, 2017 147 content-delivery , caching , http How to Secure WordPress With SSL May 10, 2017 146 how-tos , wordpress , ssl Encrypting IP Addresses ber )May 7, 2017 145 ip , network , privacy , encryption How to Secure Your Web App With HTTP Headers sma )Apr 3, 2017 144 how-tos , web-apps , http , http-headers , csp Just Another HTTPS Nudge chr /css )Mar 3, 2017 143 http On EME in HTML5 tim /w3c )Feb 28, 2017 142 eme , drm , html , legal , standards , w3c Using SSH Securely ann )Jan 24, 2017 141 ssh More Than 300 Federal Gov Websites Fail to Meet Domain Encryption Deadline Jan 4, 2017 140 http , tls , protocols , encryption Content Security Policy Level 2 mik +/w3c )Dec 15, 2016 139 standards , csp Content Security Policy, Your Future Best Friend sma )Sep 12, 2016 138 csp , link-lists A Refined Content Security Policy web )Aug 5, 2016 137 html , csp , webkit , safari , apple , browsers The Performance Benefits of “rel=noopener” jaf )Jul 21, 2016 136 html , links , performance Web Platform Security Boundaries ann )Jun 24, 2016 135 web-platform Subresource Integrity dev +/w3c )Jun 23, 2016 134 hashing , html , standards W3C Looks to Secure the Web sdt )Feb 17, 2016 133 w3c , authentication Distribution Packages Considered Insecure Feb 13, 2016 132 dependencies , unix-like The Current State of Web Security (An Interview With Anselm Hannemann) hel +/css )Jan 18, 2016 131 interviews , http , ssl , tls , encryption , cloudflare Eliminating Known Vulnerabilities With Snyk sma )Jan 13, 2016 130 vulnerabilities , tooling 10 Web Predictions for 2016 cra )Jan 6, 2016 129 web , outlooks , site-generators , browsers , css , mobile , performance , webassembly , seo HSTS and “Let’s Encrypt” tka )Jan 4, 2016 128 http , http-headers , ssl An in-Depth Look at CORS Dec 17, 2015 127 cors , javascript , php Why Passwordless Authentication Works cra )Nov 10, 2015 126 authentication , passwords Introduction to TLS and SSL ope )Aug 22, 2015 125 introductions , tls , ssl , protocols , certificates A Simple Developer Error Is Exposing Private Information on Thousands of Websites owe )Jul 27, 2015 124 version-control , git , mistakes , vulnerabilities More Tips to Further Secure WordPress eli )Jul 9, 2015 123 wordpress , tips-and-tricks , plugins Improving Web Security With the Content Security Policy Jun 24, 2015 122 csp , http Deprecating HTTP yoa )May 11, 2015 121 http , protocols , deprecation Mozilla Wants to Deprecate Non-Secure HTTP, Will Make Proposals to W3C “Soon” epr /ven )Apr 30, 2015 120 mozilla , http , deprecation Want Fancy Firefox Features? Secure Your Website sts /cne )Apr 14, 2015 119 firefox , mozilla , browsers , http WordPress Front End Security: CSRF and Nonces css )Mar 24, 2015 118 wordpress , csrf Introduction to WordPress Front End Security: Escaping the Things css )Mar 23, 2015 117 introductions , wordpress , escaping What Are the Security Risks of HTML5 Apps? Mar 18, 2015 116 web-apps , sanitization Moving to HTTPS on WordPress chr /css )Mar 6, 2015 115 wordpress , http Same-Origin Policy ann )Feb 23, 2015 114 cors , web-platform Securing the Web w3c )Jan 23, 2015 113 web-platform mXSS gaz )May 6, 2014 112 xss , html It’s Time to Encrypt the Entire Internet kli /wir )Apr 17, 2014 111 web , http , ssl , encryption Cross-Origin Resource Sharing ann /w3c )Jan 16, 2014 110 cors , standards Despite Automatic Updates, Old Browsers Are Still a Problem edb /zdn )Jan 6, 2014 109 browsers , web-platform , chrome , google , firefox , mozilla , internet-explorer , microsoft , safari , apple Cross-Origin Resource Sharing on Track to Become a W3C Recommendation sdt )Jan 3, 2014 108 w3c , cors , standards Bid to Kill CAPTCHA Security Test Gains Momentum Aug 5, 2013 107 captcha , accessibility We Should All Have Something to Hide Jun 12, 2013 106 privacy Mobile Website Security May 14, 2013 105 mobile , hosting , policies WordPress Security Tips Apr 17, 2013 104 wordpress , tips-and-tricks Brad Hill: “HTML5 Security Realities” chr /css )Feb 22, 2013 103 slides , xss , html Bulletproof Your Drupal Website Jan 21, 2013 102 drupal Top 10 PHP Security Vulnerabilities Oct 15, 2012 101 php , vulnerabilities A Front End Engineer’s Manifesto zac )Aug 24, 2012 100 websites , manifestos , user-experience , progressive-enhancement , simplicity , foss , accessibility , community , learning A JavaScript Security Flaw Aug 9, 2012 99 javascript The Secure Programmer’s Pledge Jul 16, 2012 98 manifestos An Introduction to Content Security Policy mik /dev )Jun 15, 2012 97 introductions , csp Cross-Site Scripting Attacks (XSS) Apr 30, 2012 96 xss , examples How to Secure Your WordPress Website sma )Nov 10, 2011 95 how-tos , wordpress , link-lists Using CORS dev )Oct 26, 2011 94 cors Some Notes on the Recent XML Encryption Attack w3c )Oct 24, 2011 93 xml , encryption XML Encryption Flaw Leaves Web Services Vulnerable eur )Oct 24, 2011 92 web-services , xml , encryption HTTPS Is More Secure, So Why Isn’t the Web Using It? ars )Mar 20, 2011 91 http , protocols , web Web Cryptography: Salted Hash and Other Tasty Dishes ali )Feb 22, 2011 90 cryptography What Are the JSON Security Concerns in Web Development? sim )Jan 6, 2011 89 json What Is Cross Site Scripting or XSS? chr /css )Nov 19, 2010 88 xss , javascript , concepts Web Developers Accountable for HTML 5 Security Oct 5, 2010 87 html HTML5 Raises New Security Issues Aug 20, 2010 86 html , browsers 10 Useful WordPress Security Tweaks sma )Jul 1, 2010 85 wordpress Web Security: Are You Part of the Problem? cod /sma )Jan 14, 2010 84 vulnerabilities , php , javascript Full Frontal ’09: Chris Heilmann on JavaScript Security mic /aja )Nov 20, 2009 83 javascript Finally Something to Get a Few More Users Off of IE 6? dal /aja )Dec 17, 2008 82 internet-explorer , microsoft , browsers The Internet Is Closing to Innovation zit /new )Nov 28, 2008 81 web You Could Be Getting Clickjacked tec )Nov 21, 2008 80 vulnerabilities , frames , w3c Video and Audio Tags and Cross Origin Access dal /aja )Nov 10, 2008 79 html , multimedia Dumb Security Tips: Think Before You Follow Online Guides tan )Oct 26, 2008 78 tips-and-tricks Simon Willison, @Media Ajax mic /aja )Sep 16, 2008 77 ajax , xss , csrf , javascript , json Evil GIFs: Hiding Java in Your Image dal /aja )Jul 4, 2008 76 gif , images , java What’s in a “window.name”? cod /aja )May 13, 2008 75 javascript Internet Explorer 8 Promises Better Standards Compliance… and a Whole Lot More est /cio )Mar 6, 2008 74 internet-explorer , microsoft , browsers , standards Ajaxian Roundup for January 2008: JavaScript Turtles and IE 8 dal /aja )Feb 2, 2008 73 javascript , prototypejs , dojo , extjs , jquery , gwt , yui , dwr , gears , flash , air , json , browsers , standards , css , design , comet , ajaxian , link-lists Book Recommendation: AJAX Security by Hoffman and Sullivan Jan 16, 2008 72 books , ajax , javascript Ajaxian Roundup for December 2007: It’s the End of the Year as We Know It dal /aja )Jan 1, 2008 71 browsers , javascript , prototypejs , extjs , yui , jquery , microsoft , dwr , performance , gwt , comet , css , mobile , ajaxian , link-lists Cross Site Scripting Joy tri )Dec 4, 2007 70 xss Making JavaScript Safe With No Script dal /aja )Nov 8, 2007 69 javascript Automated Security Scanners Choke on AJAX rey /aja )Oct 8, 2007 68 ajax , javascript How to Protect a JSON or JavaScript Service Apr 4, 2007 67 how-tos , json , javascript Securing Your JSON Mar 13, 2007 66 json , javascript , arrays CSRF Protection Idea dal /aja )Feb 8, 2007 65 csrf JavaScript Security Experiments mar )Feb 7, 2007 64 javascript , experiments Prepare for Attack—Making Your Web Applications More Secure Jan 16, 2007 63 web-apps , sql , xss , examples JSON vs. XML: Browser Security Model car )Jan 2, 2007 62 browsers , json , xml , comparisons The Dangers of Cross-Domain AJAX With Flash shi )Sep 24, 2006 61 ajax , javascript , flash DOM vs. Web mno )Apr 20, 2006 60 http , dom AJAX: Is Your Application Secure Enough? Apr 5, 2006 59 ajax , javascript , web-apps Top 7 PHP Security Blunders Dec 21, 2005 58 php , databases , sql Validate Your Input! May 9, 2005 57 validation JavaScript Security Oct 4, 2004 56 javascript File Upload Security lac )Sep 8, 2004 55 html , file-handling Spot the Security Hole Jul 3, 2004 54 php JavaScript and Security sim )Apr 19, 2004 53 javascript Handling Content From Strangers Mar 26, 2004 52 content Web Services Security Gets Serious Apr 23, 2003 51 web-services Getting Started With XML Security Nov 28, 2002 50 introductions , xml Sorting Out the Web Services Security Landscape tec )Aug 28, 2002 49 web-services , ssl , w3c Website Experience Analyzer 48 tools , analysis , performance , user-experience Server Port Scanner 47 tools , analysis , network , servers Abuse Contact Lookup 46 tools , analysis , policies Content Security Policy Validator (CSP Validator) 45 tools , analysis , csp , conformance Content Security Policy Validator (Google) 44 tools , analysis , csp , conformance Cookie Use Checker 43 tools , analysis , cookies Cross-Site WebSocket Hijacking Tester 42 tools , analysis DNSSEC Checker 41 tools , analysis , dns Domain or IP Spam Checker 40 tools , analysis , domains , ip Email Blacklist Checker 39 tools , analysis , email Malware and Security Scanner 38 tools , analysis Site and Origin Comparer 37 tools , analysis , comparisons SPF Record Checker 36 tools , analysis , dns , domains SSL Checker (Qualys) 35 tools , analysis , ssl , certificates SSL Checker (SSL Shopper) 34 tools , analysis , ssl , certificates Virus Scanner 33 tools , analysis Website Certificate Fingerprint Checker 32 tools , analysis , certificates Website Headers Analyzer (Mozilla) moz )31 tools , analysis , http , http-headers Website Headers Analyzer (Security Headers) 30 tools , analysis , http , http-headers Website Scam Checker 29 tools , analysis Website Security Checker (Google) 28 tools , analysis Website Security Checker (Norton) 27 tools , analysis AES Encrypter and Decrypter 26 tools , exploration , encryption Blowfish Hash Generator 25 tools , exploration , hashing Browser Fingerprint Checker 24 tools , exploration , browsers “chmod” Calculator 23 tools , exploration , permissions CSR Decoder 22 tools , exploration Device Vulnerability Checker 21 tools , exploration , vulnerabilities Executable File Analyzer 20 tools , exploration Hash Generator 19 tools , exploration , hashing HMAC Checker 18 tools , exploration MD5 Hash Generator 17 tools , exploration , hashing Password Generator (Arantius.com) 16 tools , exploration , passwords Password Generator (Frontend Dogma) fro )15 tools , exploration , frontend-dogma , passwords Password Generator (Gibson Research Corporation) 14 tools , exploration , passwords Password Security Checker and Generator 13 tools , exploration , passwords Password Security Checker 12 tools , exploration , passwords Security Leak Victim Checker 11 tools , exploration SHA-512 Hash Generator 10 tools , exploration , hashing SPF Record Generator 9 tools , exploration , dns , domains SSL Client Checker 8 tools , exploration , ssl , tls Subresource Integrity Hash Generator moz )7 tools , exploration , hashing User Identity Generator 6 tools , exploration , placeholders , randomness Website Headers Analyzer (Dries Buytaert) dri )5 tools , analysis , http , http-headers WebRTC and IP Address Leak Checker 4 tools , exploration , network , webrtc , ip , protocols security.txt Generator 3 tools , exploration , content ASCII to Unicode Encoder and Decoder 2 tools , exploration , conversion , unicode , encoding SSL Checker (EXPERTE.com) 1 tools , analysis , ssl , certificates 