Best of Web SecurityJuly 2024

  1. 1
    Article
    Avatar of communityCommunity Picks·2y

    CORS: the ultimate guide

    CORS (Cross-Origin Resource Sharing) is a security mechanism that protects users' data from being accessed by malicious websites when different origins interact. AJAX (Asynchronous JavaScript And XML) requests from web browsers are controlled by CORS rules, ensuring data confidentiality and security. This guide explains how CORS policies are configured via HTTP response headers to allow or deny access based on origin and credentials. It also highlights the dangers of misconfigured CORS policies and provides steps to define a secure CORS policy effectively.

  2. 2
    Article
    Avatar of newstackThe New Stack·2y

    5 JavaScript Security Best Practices for 2024

    JavaScript applications face numerous cyber threats in 2024, including cross-site scripting (XSS), man-in-the-middle (MitM) attacks, and denial of service (DoS) attacks. Key security best practices include securing APIs, implementing Content Security Policies (CSP), input sanitization, and performing regular security audits. Tools like Snyk, ZAP by OWASP, and the Cypress Testing Framework are essential for maintaining robust security in JavaScript development.

  3. 3
    Article
    Avatar of faunFaun·2y

    Spring Boot 3.1 JWT Authentication &Authorization: Secure Your APIs Like a Pro🔒

    Learn how to secure your Spring Boot 3.1 applications using JWT authentication and authorization. This guide covers creating a Spring Boot project, setting up dependencies, creating secure endpoints, and configuring JWT tokens for user authentication. Includes practical examples and code snippets to help you implement security measures swiftly.

  4. 4
    Article
    Avatar of communityCommunity Picks·2y

    SSL Problem “Unable To Get Local Issuer Certificate”

    SSL/TLS certificates are crucial for secure internet communication, but misconfigurations can lead to errors like 'Unable to Get Local Issuer Certificate.' This error is often caused by missing intermediate certificates, server misconfigurations, or outdated certificate stores. Resolving it involves updating the certificate store, configuring the server correctly, or handling self-signed certificates properly.

  5. 5
    Article
    Avatar of webkitWebKit·2y

    Private Browsing 2.0

    Safari's Private Browsing has been significantly enhanced with added privacy protections, including Link Tracking Protection, blocking network loads of known trackers, advanced fingerprinting protection, and improved handling of network privacy. Notably, Safari now prevents third-party scripts from reading the full URL and employs Web AdAttributionKit in Private Browsing for privacy-preserving ad attribution. With these updates, Safari aims to set a new industry standard for user privacy.

  6. 6
    Article
    Avatar of wpbeginnerWordPress Beginner·2y

    How to Create a WordPress Maintenance Report for Clients

    Creating WordPress maintenance reports is crucial for client communication, showcasing your expertise, and building trust. Important elements to include are security updates, backups, performance optimization, uptime monitoring, and manual tasks performed. Using the WP Client Reports plugin simplifies the process, allowing you to track updates, display stats, and send customized reports to clients. For those looking to outsource, partnering with professional agencies can save time and provide expert maintenance services.

  7. 7
    Article
    Avatar of systemweaknessSystem Weakness·2y

    How to check what technologies the web application is using?

    Learn several methods to identify the technologies used in a web application. You can check for readme or license files, analyze the page source, or use third-party tools like BuiltWith, Wappalyzer, WhatRuns, and Whatweb. Extensions and the WayBack Machine can also provide useful insights.

  8. 8
    Article
    Avatar of systemweaknessSystem Weakness·2y

    How to Improve WordPress Security

    WordPress, being a popular CMS, is frequently targeted by cyberattacks. Key strategies to secure your WordPress site include keeping it updated, using strong passwords and two-factor authentication, limiting login attempts, choosing secure hosting, implementing SSL encryption, utilizing security plugins, performing regular backups, securing the wp-config.php file, disabling file editing, and monitoring for unusual activities. These measures help protect your site from common threats and enhance its overall security.

  9. 9
    Article
    Avatar of systemweaknessSystem Weakness·2y

    CSP vs CORS: Quick Guide on Essential Web Security Headers

    Content Security Policy (CSP) and Cross-Origin Resource Sharing (CORS) are both essential web security features, serving different purposes. CSP focuses on controlling what your website can load to prevent XSS and data injection attacks, while CORS manages who can access resources from your domain to prevent CSRF and data theft. Understanding and implementing both headers correctly enhances web application security.

See all Web Security archives