Exploring a modern, tokenless approach to CSRF protection using the Sec-Fetch-Site header in web frameworks.
A retrospective on Let's Encrypt's 10-year impact, highlighting its growth to become the world's largest certificate authority and its role in securing the web.
Chrome, Firefox, and WebKit plan to remove XSLT from browsers by 2026, citing significant security risks in the aging codebase.
Analysis of CVE-2025-55315, a critical HTTP request smuggling vulnerability in ASP.NET Core with a CVSS 9.9 score, its impact, and mitigation.
Explains Cross-Site Request Forgery (CSRF) attacks, their impact on web applications using cookie authentication, and foundational defense concepts.
A guide to using a free, remote 'browser in browser' tool for safely testing suspicious links and checking website compatibility across different browsers.
Explains the complex interplay between CORS, SameSite cookies, and CSRF attacks in cookie-based web authentication systems.
A guide on securing static websites by implementing security-focused HTTP response headers using Cloudflare Pages and 11ty.
A deep dive into the privacy, security, and UX pitfalls of in-app browsers, inspired by a Frontend Masters blog post.
A developer shares two technical learnings: using GitHub Desktop as a CLI tool and the purpose of the Public Suffix List for web security.
Analyzes the security and implementation of storing access tokens in Cookies vs LocalStorage, providing a technical comparison for developers.
A CLI command to bypass CORS restrictions when fetching local files during localhost development in Chrome.
A developer shares their journey in open source, focusing on web security, Node.js contributions, and receiving the GitHub Stars 2023 award.
A guide to implementing HTTP security headers for web applications, using a festive-themed Azure example to improve website security posture.
A clear, step-by-step guide explaining what CSRF attacks are, how they work, and the prerequisites needed for them to succeed.
A guide to Django security, covering common vulnerabilities and how the framework helps protect web applications from threats.
A critical analysis of SAML security, arguing its design is inherently insecure due to malleable signature computation, with examples of real-world vulnerabilities.
A technical analysis of U.S. federal .gov domains, tracking changes in security, CMS usage, and open source adoption over a decade.
A developer shares their experience implementing Content Security Policies (CSP) on their website, fixing broken images and scripts while improving security.
A guide to improving website security using WebPageTest and Snyk, focusing on implementing HTTP headers like CSP and X-Frame-Options.
