Join 34,151 other Developers as we Learn, Build, and Grow Together.

Connect with fellow developers and gain access to tools that will help you build a profitable SaaS 🚀

Sign Up

Security

Security posts, videos, courses, and more

Cross-site scripting (XSS) attack - part 3

Cross-site scripting (XSS) attack - part 3

By now you have an understanding of Stored XSS attack and Reflected XSS attack, and some measures to prevent it. Now we will look into the last type of XSS attack, DOM based XSS attack. In the end, I will conclude with best practices to follow, testing XSS and references for reading. 3.DOM based Cross-site scripting The differen...
4
Select One:
Cross-site scripting (XSS) attacks - part 2

Cross-site scripting (XSS) attacks - part 2

In the last post I went through what is Cross-site scripting and Stored XSS attack, a type of cross-site scripting caused by stored javascript in database from user inputs. If you haven't read it, here is the link. As frontend developers we are constantly adding and releasing new features or fixing bugs as per business requirem...
4
Select One:
Cross-site scripting (XSS) attacks - part 1

Cross-site scripting (XSS) attacks - part 1

As frontend developers we are constantly adding and releasing new features or fixing bugs as per business requirements, and it's hard to keep vigilance on the security side of things. It has become a secondary concern and we are far behind the backend and Devops engineers for whom this is a primary and regular part of their thin...
7
Select One:
Top VS Code Extensions for Application Security in 2021

Top VS Code Extensions for Application Security in 2021

Companies are investing heavily in technologies to protect their users' data as part of policies. Hackers and other bad players will get more sophisticated in stealing information and infiltrating servers and programs. Security all starts in the code. And software developers have a heavy burden on their shoulders to ensure that...

Dev Yoda

2 months ago

7
Select One:
How to invalidate a compromised JWT

How to invalidate a compromised JWT

In a past article, I wrote about JWTs, how to generate one and how to use them for authorization. JSON Web Tokens, however, have one major drawback. Once it is generated and submitted to the client, it can’t be easily made invalid. This is a big problem if the JWT got leaked and it did not expire (or worse, it does NOT have an e...

Petre Popescu

3 months ago

6
Select One:
Using “pepper” to increase password storing security

Using “pepper” to increase password storing security

Article originally posted o my personal website under How to securely store the password using a salt and pepper In a previous article I wrote how to securely store a password in the database. The article got the attention of many fellow developers and so I decided to improve it even more by writing this article. You see, even t...

Petre Popescu

5 months ago

8
Select One:
What is a DDoS Attack?

What is a DDoS Attack?

What is a DDoS Attack? DDoS stands for distributed denial of service but is often referred to as a simple denial of service. A DDoS attack consists of a website being flooded by requests during a short period of time, with the aim of overwhelming the site and causing it to crash. The ‘distributed’ element means that these attack...

Joshua Arulsamy

6 months ago

4
Select One:
Capturing 54 Million Passwords with a Docker SSH Honeypot

Capturing 54 Million Passwords with a Docker SSH Honeypot

The last couple of days I observed thousands of SSH Brute Force Attacks, so I decided I will just revisit my SSH Server configuration, and change my SSH port to something else for the interim. The dashboard that showed me the results at that point in time: Then I decided I actually would like to set up an SSH Honeypot to listen...

Ruan Bekker

6 months ago

5
Select One:
Encryption using PyCrypto in Python

Encryption using PyCrypto in Python

While I'm learning a lot about encryption at the moment, I wanted to test out encryption with the PyCrypto module in Python using the Advanced Encryption Standard (AES) Symmetric Block Cipher. Installing PyCrypto: $ pip install pycrypto --user PyCrypto Example: Our AES Key needs to be either 16, 24 or 32 bytes long and our Init...

Ruan Bekker

6 months ago

3
Select One:
You should always do server-side validation! Always!

You should always do server-side validation! Always!

Original article with another example on my personal website Web technologies have evolved a lot in the past few years, both on the server-side as well as on the client’s side. There are many web frameworks, UI kits, JavaScript libraries and everything you need to easily and rapidly develop a website or web application. JavaScri...

Petre Popescu

6 months ago

4
Select One:
Setup AWS S3 Cross Account Access

Setup AWS S3 Cross Account Access

In this tutorial, I will demonstrate how to set up cross-account access for S3, from using two AWS Accounts. Scenario We will have 2 AWS Accounts: a Green AWS Account which will host the IAM Users, this account will only be used for our IAM Accounts. a Blue AWS Account which will be the account that hosts our AWS Resources,...

Ruan Bekker

6 months ago

1
Select One:
How to properly store a password in the Database

How to properly store a password in the Database

Article originally posted on my website un How to securely store the password in the Database When I started LOGaritmical, one of the first functionalities that I implemented was registering a new user. This meant that I had to store the user’s password in the database in a secure way and I will need to be able to verify that th...

Petre Popescu

6 months ago

2
Select One:
How to encrypt and decrypt a string in Laravel?

How to encrypt and decrypt a string in Laravel?

Introduction Encryption is the process of encoding information so that it can not be understood or intercepted. Encryption has been used long ago before computers were invented; actually, the first known evidence dates back to 1900 BC in Egypt. Another very popular encryption technique is the Caesar cipher. It is one of the simp...

Bobby Iliev

10 months ago

6
Select One:

Loading More Content