ByteGrad·1yNext.js Top 7 Security Best Practices (Checklist)
Ensure the security of your Next.js applications by following a comprehensive checklist that includes dependency management, data validation, and setting up content security policies. Learn how to use tools like arcjet to protect against common vulnerabilities and automate security checks efficiently.
freeCodeCamp·1yBuilding a Simple Web Application Security Scanner with Python: A Beginner's Guide
Learn how to build a basic Python-based web application security scanner to detect common vulnerabilities like XSS, SQL injection, and sensitive information exposure. This guide covers setting up your development environment, writing the core scanning class, implementing a web crawler, and performing security checks. The tutorial also highlights how to extend the scanner with additional features.
Planet Python·1yNew Article: Essential Python Web Security Part 1
Part one of 'Essential Python Web Security' series, published by the Open Source Initiative, covers fundamental security best practices for Python web applications. Using the Defence in Depth approach, it explores key security principles and specific Python-related techniques. Part two, focusing on cryptographic algorithms, will follow soon.
David Bombal·1yHacking websites (great demos) with XML External Entities (XXE)
David Bumble hosts Tiberius, a well-known web app pentester and content creator, to discuss and demonstrate XML External Entities (XXE) vulnerabilities. Tiberius explains the basics of XXE, its potential risks such as server-side request forgery (SSRF) and file inclusion, and shares practical demonstrations including error-based and out-of-band XXE exploitation. The session also covers the use of Dynamic DTD for easier exploitation and the importance of proper XML parser configuration to mitigate these vulnerabilities. Links to Tiberius's YouTube channel and GitHub repository are provided for further learning and tool access.
InfoSec Write-ups·1yHow Black Hat Use Cookies to Steal Your Identity
Cookies are small files that store information about you, such as session details. Attackers can steal your cookies through methods like accessing your device, phishing scams, or purchasing them from third parties. To protect yourself, avoid using public networks, consider more secure browsers like Brave instead of Chrome, delete browsing sessions and cookies often, and limit the permission websites have to save your information.