Best of Security — January 2024

1. 1
   Article

   ITNEXT·2y

   Understanding CORS

   A post explaining CORS (Cross-Origin Resource Sharing) and its relevance in web development. It covers real-life examples, CSRF attacks, and provides code samples for implementing CORS in a backend API and frontend application.

   291

   17
2. 2
   Article

   DEV·2y

   7 Common Front End security attacks

   Web applications are becoming more attractive targets for cyber attacks, and front-end security is often neglected. This post discusses seven common front-end attacks and emphasizes the importance of stepping up security practices in front-end development.

   248

   5
3. 3
   Article

   GitHub Blog·2y

   GitHub Certifications are generally available

   GitHub Certifications are now available to all customers worldwide. The available certifications include GitHub Foundations, GitHub Actions, GitHub Advanced Security, and GitHub Administration. Study guides and verified credentials are provided for each certification.

   214

   9
4. 4
   Article

   GitGuardian·2y

   Secure Your Secrets with .env

   Using a .env file to store secrets provides a layer of protection in projects by keeping the secrets separate from the code and preventing them from being committed to version control.

   102

   5
5. 5
   Article

   Bits and Pieces·2y

   Top 7 Common Frontend Security Attacks

   Learn about the top 7 common frontend security attacks and how to protect your application from them.

   88

   1
6. 6
   Article

   Community Picks·2y

   Are you using JWTs for user sessions in the correct way?

   This post discusses the pros and cons of using JSON Web Tokens (JWTs) for user sessions and proposes a session management flow that combines JWTs and server sessions for optimal security and scalability.

   78

   3
7. 7
   Article

   asayer·2y

   The Ultimate Guide to API Keys

   Learn about the purpose of API keys, how to secure them, and authentication methods to ensure authorized access to software or services.

   46
8. 8
   Article

   freeCodeCamp·2y

   How to Secure Your Web Server with Continuous Integration Using NGINX and CircleCI

   Learn how to secure your web server using NGINX and CircleCI by implementing Continuous Integration (CI), configuring SSL/TLS encryption and security headers, creating a GitHub repository and CircleCI project, defining a CI pipeline, and verifying the deployment and security of your web server.

   41
9. 9
   Article

   freeCodeCamp·2y

   How to Set Up Authentication in Your Apps with Supabase Auth

   Learn about authentication and authorization concepts, session management with tokens and cookies, common authentication strategies, and how to use Supabase Auth.

   28

   1
10. 10
    Article

    Security Boulevard·2y

    How to secure APIs built with Express.js

    Learn how to secure your Express.js APIs with tips on handling user input, implementing authentication and authorization, preventing security threats like XSS and SQL injection, and following best practices for Express.js security.

    28

    1
11. 11
    Article

    AWS in Plain English·2y

    Setting Up a Free VPN Server in AWS

    Learn how to set up a free VPN server on AWS and enjoy a secure and private internet connection.

    26

    1
12. 12
    Article

    freeCodeCamp·2y

    How to Defend Against Server-Side Request Forgery

    Learn about Server-Side Request Forgery (SSRF) and how it differs from CSRF. Discover methods to defend against SSRF attacks

    26
13. 13
    Article

    Permit.io·2y

    The Definitive Guide to OAuth Tokens

    Explore the guide to OAuth Tokens and learn about Access Tokens and Refresh Tokens for secure user authentication and authorization.

    19
14. 14
    Article

    Community Picks·2y

    End-to-End Encryption in the Browser

    This post explores end-to-end encryption in the browser, explaining how traditional website architecture works, the concept of end-to-end encryption, and how the hash part of the URL can be used for encryption in a website.

    19
15. 15
    Article

    Permit.io·2y

    An Introduction to Role Based Access Control (RBAC): From Basics to Advanced Implementation

    Explore the fundamentals of Role Based Access Control (RBAC), its benefits, challenges, and alternatives for effective user permission management and application security.

    16
16. 16
    Article

    freeCodeCamp·2y

    How to Use SonarLint to Write Cleaner Code

    SonarLint is an open-source code analysis tool that helps you find and resolve security and code quality problems in your source code. It catches mistakes early, helps you follow coding standards, keeps your code secure, enables collaboration, saves time and effort, and helps you learn and improve. This post explains how to use SonarLint, its usefulness in web development, and how to set it up and integrate with your IDE.

    15

    1
17. 17
    Article

    Bits and Pieces·2y

    10 Ways To Securing Microservices in 2024

    Explore common threats to microservice architectures and discover strategies to secure microservices, including secure by design, zero trust architectures, access control, threat modeling, vulnerability management, incident response, secrets management, container security, service mesh, and circuit breaker patterns for availability.

    15
18. 18
    Article

    Cerbos·2y

    Cerbos achieves SOC 2 Type II compliance

    Cerbos has achieved SOC 2 Type II compliance, demonstrating their commitment to data security and compliance. This achievement benefits customers by ensuring their sensitive information and access controls are handled securely.

    14

    6
19. 19
    Article

    FREEK.DEV·2y

    Making sure Laravel's debug mode is always disabled in production

    Recent discussions about the 'Androxgh0st' malware targeting Laravel apps and the importance of disabling debug mode in production. Learn how Oh Dear's application monitoring feature can help ensure debug mode is always disabled.

    11