Security

Security

API Security: Key Protocols - APIDNA
API Security: Key Protocols - APIDNA
Here we go through some of the essential protocols required for robust API security.
·apidna.ai·
API Security: Key Protocols - APIDNA
Securing HTML fragments returned by API endpoints
Securing HTML fragments returned by API endpoints
A web application frontend often performs requests to a backend API. Even though this API is only supposed to be used by the frontend, it is usually also accessible with a browser. An attacker can use this to exploit vulnerabilities.
·sjoerdlangkemper.nl·
Securing HTML fragments returned by API endpoints
Secure Code Review Tips to Defend Against Vulnerable Node.js Code
Secure Code Review Tips to Defend Against Vulnerable Node.js Code
How do you identify vulnerable code patterns? Can you spot insufficient input validation? Enhance your Node.js development security with this guide to secure code review.
·nodejs-security.com·
Secure Code Review Tips to Defend Against Vulnerable Node.js Code
The reckoning on cloud container and serverless security
The reckoning on cloud container and serverless security
Ephemeral infrastructure's transient nature has afforded it a 'free pass' on forensic examination in the past, but that window is closing.
·technologydecisions.com.au·
The reckoning on cloud container and serverless security
What the !#@% is a Passkey?
What the !#@% is a Passkey?
A new login technique is becoming available in 2023: the passkey. The passkey promises to solve phishing and prevent password reuse. But lots of smart and security-oriented folks are confused about what exactly a passkey is. There’s a good reason for that. A passkey is in some sense one of two (or three) different things, depending on how it’s stored.
·eff.org·
What the !#@% is a Passkey?
Serverless Security: Protecting Functions in the Cloud
Serverless Security: Protecting Functions in the Cloud
Serverless computing has revolutionized the way applications are built and deployed in the cloud. By abstracting away servers, serverless…
·medium.com·
Serverless Security: Protecting Functions in the Cloud
Content Security Policy (CSP) - HTTP | MDN
Content Security Policy (CSP) - HTTP | MDN
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross-Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft, to site defacement, to malware distribution.
·developer.mozilla.org·
Content Security Policy (CSP) - HTTP | MDN
Securing Rails Applications — Ruby on Rails Guides
Securing Rails Applications — Ruby on Rails Guides
This manual describes common security problems in web applications and how to avoid them with Rails.After reading this guide, you will know: All countermeasures that are highlighted. The concept of sessions in Rails, what to put in there and popular attack methods. How just visiting a site can be a security problem (with CSRF). What you have to pay attention to when working with files or providing an administration interface. How to manage users: Logging in and out and attack methods on all layers. And the most popular injection attack methods.
·guides.rubyonrails.org·
Securing Rails Applications — Ruby on Rails Guides