@surabhisuman

Winning wmn; 2023

Dec 19, 2023 · 3 min read · Ah! This one has been pending on me for a long time. But as the cozy winters and holiday season are here I felt to wrap up things I wanted to finish this year. After all this year I was trying to push my boundaries and put myself in challenging situa...

CORS and Effect: HTTP Headers, Cross-Origin Style

Dec 18, 2023 · 5 min read · CORS refers to Cross-Origin Resource Sharing. It’s a terminology used in the context of browser requests. Now before we get deeper into CORS, we first need to understand origin and why the need for CORS Origin and same origin policy Origin is the sou...

XSS Demystified: Understanding and Preventing Cross-Site Scripting

Dec 18, 2023 · 2 min read · It allows an attacker to execute a malicious arbitrary Javascript code within the web browser of victim user. This gives the attacker’s script privileged access to make requests to the server (such as same-origin cookies and storage permissions) and ...

Deciphering CSRF

Dec 18, 2023 · 3 min read · CSRF refers to cross-site request forgery. It is an exploit on websites where an attacker is forging the identity of a trusted user to perform an action that the user didn’t intend to. Who is a trusted user? A trusted user for a website can be an aut...

Logging in Microservices: A developer's journey

Dec 14, 2023 · 5 min read · As software engineers, logs are our best friend for finding anything right/wrong with our services. Be it exception tracing, RCA for a bug, consumer claims, or user journey, logs are the tool to trace it. Yet, I feel as software engineers, we do not ...