Community Picks·2yBest Practices for Storing Access Tokens in the Browser
Web applications often use OAuth 2.0 for data security, which involves storing access tokens. This piece examines various browser storage solutions like local storage, session storage, and cookies, highlighting their vulnerabilities to XSS and CSRF attacks. The token handler pattern is recommended for enhancing security, suggesting encrypted tokens stored in secure cookies and managed by backend components.
System Weakness·2yTurning Your Server into a High-Security Server with a Free WAF
SafeLine WAF is a powerful web application firewall designed to protect servers from various cyber attacks. It offers dynamic protection, low false positives, and is easy to install with one-click setup. The configuration includes setting up a dedicated server, applying for SSL certificates, and configuring domain bindings to ensure secure traffic filtering. SafeLine WAF also supports dynamic encryption for high-security needs, making it an effective solution for safeguarding web applications.
Community Picks·2yNGINX Tutorial - What is Nginx
NGINX is a versatile software used as a web server, load balancer, and proxy server. It handles large volumes of requests efficiently by distributing them across multiple servers. Key functionalities include load balancing, caching to save server resources, enhanced security measures, and compression of large files for bandwidth optimization. NGINX is also prominently used in container environments, such as Kubernetes, to manage inbound traffic with advanced load balancing. Its flexible configuration and efficiency have made it a popular choice over Apache in various applications.
Web Dev Cody·2yHow web applications are secured
Web application security involves protecting backend code and databases by using a server-side component such as a REST API. Authentication is key to verifying user identities through tokens or session IDs. Authorization ensures users have proper permissions to access data. Middleware functions check token validity to prevent unauthorized access. Rate limiting can protect servers from being overwhelmed by repeated requests. Input validation and sanitization are crucial to prevent storing malicious data that could harm the application or other users.
System Weakness·2yDefending Against CSS-Based Attacks: Best Practices for Web Security
Front-end technologies like CSS and JavaScript enhance user experience but also present security risks. CSS, traditionally for styling, can be exploited for data exfiltration to steal sensitive information such as keystrokes. This tutorial explains how CSS-based attacks work, presents real-world cases, and provides best practices to mitigate these vulnerabilities including implementing Content Security Policies (CSP), validating input, and conducting regular reviews of stylesheets.
Community Picks·2yWordPress Security - is it really that bad?
WordPress' security reputation is often criticized due to its low barrier of entry and reliance on plugins and themes, which generate most vulnerabilities. Despite this, the core WordPress CMS is relatively secure, and recent years have seen significant improvements in finding and addressing security issues. The market is also evolving, with larger companies investing more in security. Areas that need attention include better visibility for closed plugins and security researchers, and cleaning up some legacy code quirks. Overall, while there is still work to be done, the security landscape for WordPress is improving.