web-security
Safeguard articles tagged "web-security" — guides, analysis, and best practices for software supply chain and application security.
90 articles
SSRF Examples and How They're Actually Exploited
Real SSRF examples, from cloud metadata theft to internal port scanning, showing exactly how a server-side request forgery bug gets turned into a full compromise.
CSRF Attacks: How They Work and How Tokens Stop Them
A CSRF attack rides a logged-in user's browser to forge requests they never meant to send. Here is the mechanism and why anti-CSRF tokens defeat it.
SQL Injection Basics for Engineers Who Aren't Security Specialists
SQL injection is still one of the most common ways applications get breached, and the fix is usually a one-line change — this walks through the basics with a real example.
Django Security Best Practices, 2024 Edition
From SECRET_KEY hygiene to middleware ordering, the Django security checklist worth actually following in 2024, grounded in real CVEs and production incidents.
WebSocket Security in Modern Applications
WebSockets enable real-time communication but introduce attack surfaces that traditional HTTP security controls miss entirely.
Prototype Pollution in JavaScript: Prevention Guide
Prototype pollution lets attackers modify the behavior of all JavaScript objects by injecting properties into Object.prototype. This guide covers exploitation techniques, real-world impact, and layered defenses.
XSS Script Examples, Annotated
Reading a real xss script example line by line makes cross-site scripting concrete in a way definitions rarely do — here are annotated examples across the three main XSS types.
XSS Attack Explained: How Cross-Site Scripting Works
An XSS attack lets an attacker run their JavaScript in your users' browsers. Here is how cross-site scripting works, the three types, and how to stop it.
XML External Entity (XXE) Prevention: Disabling the Features That Attack You
XXE attacks exploit XML parser features that most applications never need. Here is how to disable them across every major language and framework.
Service Worker Security Risks: The Persistent Threat in Your Browser
Service workers intercept network requests, cache content, and run in the background. When compromised, they become a persistent foothold in the browser.
Remix Framework Security Deep Dive
Remix's server-first architecture and loader/action primitives make for a distinctive security model. The framework encourages good patterns, but the places where it leaves choices to the developer are where I find the interesting bugs.
Privilege Escalation in Web Applications: Attacks and Defenses
Privilege escalation vulnerabilities let attackers elevate their access level within an application. This guide covers both vertical and horizontal escalation techniques, real-world patterns, and concrete defenses.