Join 34,151 other Developers as we
Learn, Build, and Grow Together.
Connect with fellow developers and gain access to tools that will help you build a profitable SaaS 🚀
Sign Up
Security
Security posts, videos, courses, and more
Cross-site scripting (XSS) attack - part 3
By now you have an understanding of Stored XSS attack and Reflected XSS attack, and some measures to prevent it. Now we will look into the last type of XSS attack, DOM based XSS attack.
In the end, I will conclude with best practices to follow, testing XSS and references for reading.
3.DOM based Cross-site scripting
The differen...
4
Select One:
Cross-site scripting (XSS) attacks - part 2
In the last post I went through what is Cross-site scripting and Stored XSS attack, a type of cross-site scripting caused by stored javascript in database from user inputs. If you haven't read it, here is the link.
As frontend developers we are constantly adding and releasing new features or fixing bugs as per business requirem...
4
Select One:
Cross-site scripting (XSS) attacks - part 1
As frontend developers we are constantly adding and releasing new features or fixing bugs as per business requirements, and it's hard to keep vigilance on the security side of things. It has become a secondary concern and we are far behind the backend and Devops engineers for whom this is a primary and regular part of their thin...
7
Select One:
Top VS Code Extensions for Application Security in 2021
Companies are investing heavily in technologies to protect their users' data as part of policies. Hackers and other bad players will get more sophisticated in stealing information and infiltrating servers and programs.
Security all starts in the code. And software developers have a heavy burden on their shoulders to ensure that...
7
Select One:
How to invalidate a compromised JWT
In a past article, I wrote about JWTs, how to generate one and how to use them for authorization. JSON Web Tokens, however, have one major drawback. Once it is generated and submitted to the client, it can’t be easily made invalid. This is a big problem if the JWT got leaked and it did not expire (or worse, it does NOT have an e...
6
Select One:
Using “pepper” to increase password storing security
Article originally posted o my personal website under How to securely store the password using a salt and pepper
In a previous article I wrote how to securely store a password in the database. The article got the attention of many fellow developers and so I decided to improve it even more by writing this article. You see, even t...
8
Select One:
What is a DDoS Attack?
What is a DDoS Attack?
DDoS stands for distributed denial of service but is often referred to as a simple denial of service. A DDoS attack consists of a website being flooded by requests during a short period of time, with the aim of overwhelming the site and causing it to crash. The ‘distributed’ element means that these attack...
4
Select One:
Capturing 54 Million Passwords with a Docker SSH Honeypot
The last couple of days I observed thousands of SSH Brute Force Attacks, so I decided I will just revisit my SSH Server configuration, and change my SSH port to something else for the interim.
The dashboard that showed me the results at that point in time:
Then I decided I actually would like to set up an SSH Honeypot to listen...
5
Select One:
Encryption using PyCrypto in Python
While I'm learning a lot about encryption at the moment, I wanted to test out encryption with the PyCrypto module in Python using the Advanced Encryption Standard (AES) Symmetric Block Cipher.
Installing PyCrypto:
$ pip install pycrypto --user
PyCrypto Example:
Our AES Key needs to be either 16, 24 or 32 bytes long and our Init...
3
Select One:
You should always do server-side validation! Always!
Original article with another example on my personal website
Web technologies have evolved a lot in the past few years, both on the server-side as well as on the client’s side. There are many web frameworks, UI kits, JavaScript libraries and everything you need to easily and rapidly develop a website or web application. JavaScri...
4
Select One:
Setup AWS S3 Cross Account Access
In this tutorial, I will demonstrate how to set up cross-account access for S3, from using two AWS Accounts.
Scenario
We will have 2 AWS Accounts:
a Green AWS Account which will host the IAM Users, this account will only be used for our IAM Accounts.
a Blue AWS Account which will be the account that hosts our AWS Resources,...
1
Select One:
How to properly store a password in the Database
Article originally posted on my website un How to securely store the password in the Database
When I started LOGaritmical, one of the first functionalities that I implemented was registering a new user. This meant that I had to store the user’s password in the database in a secure way and I will need to be able to verify that th...
2
Select One:
How to encrypt and decrypt a string in Laravel?
Introduction
Encryption is the process of encoding information so that it can not be understood or intercepted.
Encryption has been used long ago before computers were invented; actually, the first known evidence dates back to 1900 BC in Egypt.
Another very popular encryption technique is the Caesar cipher. It is one of the simp...
6
Select One:
Loading More Content
