Best of Web SecurityJanuary 2025

  1. 1
    Article
    Avatar of tcTechCrunch·1y

    How OpenAI’s bot crushed this seven-person company’s web site ‘like a DDoS attack’

    Triplegangers, a small company specializing in 3D image files, faced disruption when OpenAI's bot significantly overloaded their ecommerce site, akin to a DDoS attack. The bot attempted to download the company's extensive database of images, leading to site crashes and anticipated high server costs. This incident highlights the importance of properly configuring robot.txt files to block unwanted bots and the challenges small businesses face in protecting their data against AI scrapers.

  2. 2
    Article
    Avatar of securityboulevardSecurity Boulevard·1y

    Authentication and Single Sign-On: Essential Technical Foundations

    Authentication and Single Sign-On (SSO) are crucial for modern web security. Implementing these effectively requires understanding essential technologies and security concepts such as HTTP, cookies, session management, database security, XSS, CSRF, and CORS. By grasping the technical foundations and best practices in these areas, developers can create secure authentication systems. Key practices include using secure cookies, preventing SQL injection and XSS attacks, managing sessions properly, and configuring CORS correctly. Comprehensive security involves layered approaches, including strong password policies and regular security audits.

  3. 3
    Article
    Avatar of amandeep58Backend Developer·1y

    Database less OTP- A concept

    The post explains how an OTP system typically works and proposes a concept for a database-less OTP system using hashing and JSON Web Tokens (JWT) to reduce costs. It suggests creating a raw OTP sent to the user and a corresponding hashed OTP shared with the user's browser. This approach can prevent database dependency while maintaining security. A demo and GitHub repositories for the backend and frontend implementations are provided.

  4. 4
    Article
    Avatar of infosecwriteupsInfoSec Write-ups·1y

    BugBounty — Mastering the Basics (along with Resources)[Part-3]

    Bug Bounty Hunting requires the use of various security tools to find vulnerabilities in software, web, and mobile applications. Key tools include BurpSuite, ZAP, and Caido for application security testing, as well as a range of tools for subdomain enumeration like Sublist3r and Amass. The post also highlights tools for port scanning, screenshots, content discovery, and specific technologies such as Wappalyzer.

See all Web Security archives