| It’s Beginning to Look a Lot Like XSSmas (24w) | | 140 |
| vulnerabilities, csrf, xss |
| Protecting Your Site With Feature Policy (rac/sma) | | 139 |
| http-headers, http |
| AWS Security Guide: 7 Best Practices to Avoid Security Risks | | 138 |
| guides, aws, best-practices |
| WebAuthn, FIDO2 Infuse Browsers, Platforms With Strong Authentication (dar) | | 137 |
| w3c, fido, authentication, webauthn, browsers |
| In Your Face, Passwords: Big Three Browsers All Adopt Authentication API | | 136 |
| authentication, webauthn, apis, edge, microsoft, chrome, google, firefox, mozilla, browsers |
| HTTPS Is Easy (tro) | | 135 |
| websites, http |
| WordPress Security as a Process (sma) | | 134 |
| wordpress, processes |
| Making Your Website Faster and Safer With Cloudflare | | 133 |
| performance, caching, cloudflare |
| Validating Dependencies in the Project With npm-check and depcheck | | 132 |
| dependencies, maintenance, auditing, tooling, npm |
| Third Party CSS Is Not Safe (jaf) | | 131 |
| html, css, embed-code |
| Attackers Can Steal Sensitive Data by Abusing CSS—CSS Exfil Vulnerability | | 130 |
| css, csp |
| Building Secure JavaScript Applications | | 129 |
| javascript, xss, csrf, json-web-tokens, passwords |
| Creating Secure Password Resets With JSON Web Tokens (sma) | | 128 |
| passwords, json-web-tokens, nodejs |
| The Complete Guide to Switching From HTTP to HTTPS (sma) | | 127 |
| guides, http |
| How (Not) to Control Your CDN (mno) | | 126 |
| content-delivery, caching, http |
| How to Secure WordPress With SSL | | 125 |
| how-tos, wordpress, ssl |
| Encrypting IP Addresses (ber) | | 124 |
| ip, network, privacy, encryption |
| How to Secure Your Web App With HTTP Headers (sma) | | 123 |
| how-tos, web-apps, http, http-headers, csp |
| Just Another HTTPS Nudge (chr/css) | | 122 |
| http |
| On EME in HTML5 (tim/w3c) | | 121 |
| eme, drm, html, legal, standards, w3c |
| Using SSH Securely (ann) | | 120 |
| ssh |
| More Than 300 Federal Gov Websites Fail to Meet Domain Encryption Deadline | | 119 |
| http, tls, protocols, encryption |
| Content Security Policy Level 2 (mik+/w3c) | | 118 |
| standards, csp |
| Content Security Policy, Your Future Best Friend (sma) | | 117 |
| csp, link-lists |
| A Refined Content Security Policy (web) | | 116 |
| html, csp, webkit, safari, apple, browsers |
| The Performance Benefits of “rel=noopener” (jaf) | | 115 |
| html, links, performance |
| Web Platform Security Boundaries (ann) | | 114 |
| web-platform |
| Subresource Integrity (dev+/w3c) | | 113 |
| hashing, html, standards |
| W3C Looks to Secure the Web (sdt) | | 112 |
| w3c, authentication |
| Distribution Packages Considered Insecure | | 111 |
| dependencies, unix-like |
| The Current State of Web Security (An Interview With Anselm Hannemann) (hel+/css) | | 110 |
| interviews, http, ssl, tls, encryption, cloudflare |
| Eliminating Known Vulnerabilities With Snyk (sma) | | 109 |
| vulnerabilities, tooling |
| 10 Web Predictions for 2016 (cra) | | 108 |
| web, outlooks, site-generators, browsers, css, mobile, performance, webassembly, seo |
| HSTS and “Let’s Encrypt” (tka) | | 107 |
| http, http-headers, ssl |
| An in-Depth Look at CORS | | 106 |
| cors, javascript, php |
| Why Passwordless Authentication Works (cra) | | 105 |
| authentication, passwords |
| A Simple Developer Error Is Exposing Private Information on Thousands of Websites (owe) | | 104 |
| version-control, git, mistakes, vulnerabilities |
| More Tips to Further Secure WordPress (eli) | | 103 |
| wordpress, tips-and-tricks, plugins |
| Improving Web Security With the Content Security Policy | | 102 |
| csp, http |
| Deprecating HTTP (yoa) | | 101 |
| http, protocols |
| Mozilla Wants to Deprecate Non-Secure HTTP, Will Make Proposals to W3C “Soon” (epr/ven) | | 100 |
| mozilla, http |
| Want Fancy Firefox Features? Secure Your Website (sts/cne) | | 99 |
| firefox, mozilla, browsers, http |
| WordPress Front End Security: CSRF and Nonces (css) | | 98 |
| wordpress, csrf |
| Introduction to WordPress Front End Security: Escaping the Things (css) | | 97 |
| introductions, wordpress, escaping |
| What Are the Security Risks of HTML5 Apps? | | 96 |
| web-apps, sanitization |
| Moving to HTTPS on WordPress (chr/css) | | 95 |
| wordpress, http |
| Same-Origin Policy (ann) | | 94 |
| cors, web-platform |
| Securing the Web (w3c) | | 93 |
| web-platform |
| It’s Time to Encrypt the Entire Internet (kli/wir) | | 92 |
| web, http, ssl, encryption |
| Cross-Origin Resource Sharing (ann/w3c) | | 91 |
| cors, standards |
| Despite Automatic Updates, Old Browsers Are Still a Problem (edb/zdn) | | 90 |
| browsers, web-platform, chrome, google, firefox, mozilla, internet-explorer, microsoft, safari, apple |
| Cross-Origin Resource Sharing on Track to Become a W3C Recommendation (sdt) | | 89 |
| w3c, cors, standards |
| Bid to Kill CAPTCHA Security Test Gains Momentum | | 88 |
| captcha, accessibility |
| We Should All Have Something to Hide | | 87 |
| privacy |
| Mobile Website Security | | 86 |
| mobile, hosting, policies |
| WordPress Security Tips | | 85 |
| wordpress, tips-and-tricks |
| Brad Hill: “HTML5 Security Realities” (chr/css) | | 84 |
| slides, xss, html |
| Bulletproof Your Drupal Website | | 83 |
| drupal |
| Top 10 PHP Security Vulnerabilities | | 82 |
| php, vulnerabilities |
| A Front End Engineer’s Manifesto (zac) | | 81 |
| websites, manifestos, user-experience, progressive-enhancement, simplicity, foss, accessibility, community, learning |
| A JavaScript Security Flaw | | 80 |
| javascript |
| The Secure Programmer’s Pledge | | 79 |
| manifestos |
| An Introduction to Content Security Policy (mik/dev) | | 78 |
| introductions, csp |
| Cross-Site Scripting Attacks (XSS) | | 77 |
| xss, examples |
| How to Secure Your WordPress Website (sma) | | 76 |
| how-tos, wordpress, link-lists |
| Using CORS (dev) | | 75 |
| cors |
| XML Encryption Flaw Leaves Web Services Vulnerable (eur) | | 74 |
| web-services, xml, encryption |
| Some Notes on the Recent XML Encryption Attack (w3c) | | 73 |
| xml, encryption |
| HTTPS Is More Secure, So Why Isn’t the Web Using It? (ars) | | 72 |
| http, protocols, web |
| Web Cryptography: Salted Hash and Other Tasty Dishes (ali) | | 71 |
| cryptography |
| What Are the JSON Security Concerns in Web Development? (sim) | | 70 |
| json |
| What Is Cross Site Scripting or XSS? (chr/css) | | 69 |
| xss, javascript, concepts |
| Web Developers Accountable for HTML 5 Security | | 68 |
| html |
| HTML5 Raises New Security Issues | | 67 |
| html, browsers |
| 10 Useful WordPress Security Tweaks (sma) | | 66 |
| wordpress |
| Web Security: Are You Part of the Problem? (cod/sma) | | 65 |
| vulnerabilities, php, javascript |
| The Internet Is Closing to Innovation (zit/new) | | 64 |
| web |
| You Could Be Getting Clickjacked (tec) | | 63 |
| vulnerabilities, frames, w3c |
| Dumb Security Tips: Think Before You Follow Online Guides (tan) | | 62 |
| tips-and-tricks |
| Internet Explorer 8 Promises Better Standards Compliance… and a Whole Lot More (est/cio) | | 61 |
| internet-explorer, microsoft, browsers, standards |
| JavaScript Security Experiments (mar) | | 60 |
| javascript, experiments |
| DOM vs. Web (mno) | | 59 |
| http, dom |
| Top 7 PHP Security Blunders | | 58 |
| php, databases, sql |
| Validate Your Input! | | 57 |
| validation |
| JavaScript Security | | 56 |
| javascript |
| File Upload Security (lac) | | 55 |
| html, file-handling |
| Spot the Security Hole | | 54 |
| php |
| JavaScript and Security (sim) | | 53 |
| javascript |
| Handling Content From Strangers | | 52 |
| content |
| Web Services Security Gets Serious | | 51 |
| web-services |
| Getting Started With XML Security | | 50 |
| introductions, xml |
| Sorting Out the Web Services Security Landscape | | 49 |
| web-services, ssl, w3c |
| SSL Checker (EXPERTE.com) | | 48 |
| tools, analysis, ssl |
| ASCII to Unicode Encoder and Decoder | | 47 |
| tools, exploration, conversion, unicode, encoding |
| security.txt Generator | | 46 |
| tools, exploration, content |
| WebRTC and IP Address Leak Checker | | 45 |
| tools, exploration, network, webrtc, ip, protocols |
| Website Headers Analyzer (Dries Buytaert) (dri) | | 44 |
| tools, analysis, http, http-headers |
| User Identity Generator | | 43 |
| tools, exploration, placeholders, randomness |
| Subresource Integrity Hash Generator (moz) | | 42 |
| tools, exploration, hashing |
| SSL Client Checker | | 41 |
| tools, exploration, ssl |
| SPF Record Generator | | 40 |
| tools, exploration, dns, domains |
| SHA-512 Hash Generator | | 39 |
| tools, exploration, hashing |
| Security Leak Victim Checker | | 38 |
| tools, exploration |
| Password Security Checker | | 37 |
| tools, exploration, passwords |
| Password Security Checker and Generator | | 36 |
| tools, exploration, passwords |
| Password Generator (Gibson Research Corporation) | | 35 |
| tools, exploration, passwords |
| Password Generator (Frontend Dogma) (fro) | | 34 |
| tools, exploration, frontend-dogma, passwords |
| Password Generator (Arantius.com) | | 33 |
| tools, exploration, passwords |
| MD5 Hash Generator | | 32 |
| tools, exploration, hashing |
| HMAC Checker | | 31 |
| tools, exploration |
| Hash Generator | | 30 |
| tools, exploration, hashing |
| Executable File Analyzer | | 29 |
| tools, exploration |
| Device Vulnerability Checker | | 28 |
| tools, exploration, vulnerabilities |
| CSR Decoder | | 27 |
| tools, exploration |
| “chmod” Calculator | | 26 |
| tools, exploration, permissions |
| Browser Fingerprint Checker | | 25 |
| tools, exploration, browsers |
| Blowfish Hash Generator | | 24 |
| tools, exploration, hashing |
| AES Encrypter and Decrypter | | 23 |
| tools, exploration, encryption |
| Website Security Checker (Norton) | | 22 |
| tools, analysis |
| Website Security Checker (Google) | | 21 |
| tools, analysis |
| Website Scam Checker | | 20 |
| tools, analysis |
| Website Headers Analyzer (Security Headers) | | 19 |
| tools, analysis, http, http-headers |
| Website Headers Analyzer (Mozilla) (moz) | | 18 |
| tools, analysis, http, http-headers |
| Website Certificate Fingerprint Checker | | 17 |
| tools, analysis |
| Virus Scanner | | 16 |
| tools, analysis |
| SSL Checker (SSL Shopper) | | 15 |
| tools, analysis, ssl |
| SSL Checker (Qualys) | | 14 |
| tools, analysis, ssl |
| SPF Record Checker | | 13 |
| tools, analysis, dns, domains |
| Site and Origin Comparer | | 12 |
| tools, analysis, comparisons |
| Malware and Security Scanner | | 11 |
| tools, analysis |
| Email Blacklist Checker | | 10 |
| tools, analysis, email |
| Domain or IP Spam Checker | | 9 |
| tools, analysis, domains |
| DNSSEC Checker | | 8 |
| tools, analysis, dns |
| Cross-Site WebSocket Hijacking Tester | | 7 |
| tools, analysis |
| Cookie Use Checker | | 6 |
| tools, analysis, cookies |
| Content Security Policy Validator (Google) | | 5 |
| tools, analysis, csp, conformance |
| Content Security Policy Validator (CSP Validator) | | 4 |
| tools, analysis, csp, conformance |
| Abuse Contact Lookup | | 3 |
| tools, analysis, policies |
| Server Port Scanner | | 2 |
| tools, analysis, network, servers |
| Website Experience Analyzer | | 1 |
| tools, analysis, performance, user-experience |
