Your website needs a CSP. Here’s why

7 years ago

Here's a scenario: You create a website and make it available online. Your website ends up getting hacked (it happens…

Your website has assets – You need SRI

7 years ago

All websites have something worth protecting. Those valuable things are frequently loaded from a CDN (Content Delivery Network) which is a…

The path to a custom Firewall and a Content Security Policy on a Blog

7 years ago

Few years ago I found myself looking for a firewall. I've looked at various options from various security companies, but…

Creating a Secure Login Page

7 years ago

Login pages - they're everywhere. Almost every website has a login page - from big companies to discussion forums. In…

To padlock or not to padlock? SSL Explained

7 years ago

You visited a website, you saw a green padlock saying "Secure". Cool. But what does that actually mean? Does that…

Understanding & Mitigating Cross-Site Request Forgery (CSRF)

7 years ago

CSRF. Easy, enormously effective, frequently misunderstood. This attack can be called a sleeping lion because it is not taken as…

SQL Injection – What it is, how it works & how it can be mitigated

7 years ago

SQL Injection. If You're decently security-minded, You've probably heard of it. But what is it exactly? How does it work and,…

How I could have pwned my highschool (SQLi, CSRF, Hardcoded Passwords & XSS) – Part 1

7 years ago

Introduction It happened. Someone told me a website was invulnerable. Coincidentally, since it also happened to belong to a highschool,…