Abishek Kafledevops.abisec.xyz·Oct 19, 2024Mapping LLM API attack surfaceIntroduction Organizations are quickly integrating Large Language Models (LLMs) to enhance their online customer experience. However, this exposes them to web LLM attacks, which exploit the model's access to data, APIs, or user information that an at...DiscussInfosecllm
Abishek Kafledevops.abisec.xyz·Oct 17, 2024SSTI CTF Challenge 1Lab Setup Create a folder for the challenge. mkdir ssti_ctf1_challenge cd ssti_ctf1_challenge Set up the environment python3 -m venv venv source venv/bin/activate pip install Flask Create app.py from flask import Flask, request, render_te...DiscussCode ReviewServer side rendering
Krzysztof KałamarskiProkkalamarski.me·Oct 17, 2024Automate Your Web Security: Mastering Authenticated ZAP Scans with the ZAP Automation FrameworkAs developers, we strive to deliver secure systems to our clients. However, with large applications and hundreds of potential vulnerabilities and attacks, performing manual security testing for each new release can be a daunting task. Fortunately, th...Discusszap
Okoye Ndidiamakaamikdigital.hashnode.dev·Oct 13, 2024Cross-Site Scripting and CSRF: Secure Your Web Application against Common AttacksThe internet revolutionized our life, communication, and business, but this transformation is accompanied by security threats that grow. Among the most prevalent types of attacks that a web developer or any organization wants to safeguard against inc...DiscussXSSprevention
Atharv Sankpalatharvsankpal7.hashnode.dev·Oct 4, 2024Access Tokens and Refresh TokensAccess Token The Access Token is a small piece of data that contains user identity information, such as email, name, and user ID (_id). This token typically has a short lifespan, ranging from 5 to 15 minutes. Due to its comprehensive user information...DiscussToken Management
Curt TudorforOpenZiti Tech Blogblog.openziti.io·Oct 3, 2024The safest way to make Portainer Internet accessibleIf you run Portainer, and you seek a modern, flexible recipe for how to make it secure while also providing flexible access to your authorized users, this article is for you. A question that sometimes gets asked is: What types of companies, self-host...Discuss·229 readsBrowZerziti
Apurva Basuleabenigmas.hashnode.dev·Sep 16, 2024Secure Your Website with SSL: Why and HowYou’ve seen the little padlock in your browser before, right? Ever wonder what it means or why some websites have it and others don’t? That’s SSL—the digital certificate your website needs to keep things secure, build trust, and even boost your Googl...Discuss·10 likes·49 readsSSL
Nile Bitsnilebits.hashnode.dev·Sep 15, 2024Implementing Clickjacking Defense Techniques in JavaScriptThe emergence of sophisticated assaults like clickjacking has made security a primary issue in today's online world. By deceiving consumers into clicking on something that differs from what they initially see, attackers deploy a nefarious method call...DiscussJavaScript
Victor Uzoagbavictoru.hashnode.dev·Sep 13, 2024Building a Robust Web Scraper with Python and BeautifulSoupIntroduction Web scraping has become an essential tool for extracting useful information from websites. Whether it's gathering data for research, tracking product prices, or scraping blog posts, web scraping automates the process of fetching data tha...Discussweb
NiKHIL NAIRnncodes.hashnode.dev·Sep 11, 2024Mastering CORS in JavaScript: A Comprehensive Guide for Frontend DevelopersWhen developing web applications, security is paramount, especially when it comes to handling cross-origin requests. Browsers implement several security mechanisms to protect users from potential attacks like Cross-Site Scripting (XSS) and Cross-Site...DiscussPreflight Requests