Madhav Maheshwariwhy-refresh-access-tokens-matter.hashnode.dev·Dec 12, 2024Why Refresh & Access Tokens Matter ?Why Refresh & Access Tokens Matter for Authentication and Authorization In today’s digital world, making sure users are who they say they are (authentication) and giving them the right permissions (authorization) is key to a secure web experience. Bu...secure authentication
Dhruv Kharabelazy.hashnode.dev·Dec 9, 2024Crafting a Robust Authentication System in React Native with Clerk and FirebaseHey there! 👋 I'm excited to walk you through building a rock-solid authentication system for your React Native app. This is the exact setup I use in production, and I'll share all the little details that took me days to figure out. Let's dive in! Wh...React Native
Rigal Patelmastering-javascript-decorators.hashnode.dev·Nov 29, 2024Mastering Advanced Error Handling in Express.js for Robust Node.js ApplicationsError handling is a critical aspect of developing robust Express.js applications. Whether it’s catching unhandled exceptions, validating user input, or gracefully managing third-party API failures, a well-thought-out error-handling strategy can save ...Express.js
Rigal Patelmastering-javascript-decorators.hashnode.dev·Nov 27, 2024Top 5 Ways to Secure Your Express.js APIsAPIs are the backbone of modern web applications, and Express.js, being one of the most popular Node.js frameworks, makes building APIs simple and efficient. But simplicity doesn’t mean we can skip security. Every unsecured API endpoint is a potentia...Express.js
Oladimeji Alabi Taofeekdimcoder.hashnode.dev·Nov 19, 2024Understanding Cookies: What They Are, How They Work, and Why They Matter for Your PrivacyUnderstanding Cookies on Websites: Why They're Important You’ve likely seen the message asking you to accept cookies when visiting various websites. But how many of us truly understand what cookies are and why we are asked to accept them?, or do you ...65 reads#Cookies #internetprivacy
Ohekpeje Joel Odeyjoelodey.hashnode.dev·Nov 17, 2024Lab: Broken brute-force protection, multiple credentials per requestLab Scenario: Our objective is to understand and exploit a web application's broken brute-force protection, where the login credentials are submitted in JSON format. By manipulating the request to submit multiple credentials, we aim to bypass the pro...1 likePortSwigger Authentication Labswebsecurity
Rosecurifylog.rosecurify.com·Nov 17, 2024Seclog - #100"The enemy does not check your risk register prior to attacking." - Sun Tzu, The Art of Cyber War 📚 SecMisc PoisonTap - Exploiting locked computers through USB peripherals, demonstrating techniques to bypass security measures on locked machines. Re...seclogBlueHat2024
Tejas Shindetejasgshinde.hashnode.dev·Nov 8, 2024The HTTP vs HTTPS Dilemma: Securing the Backend-Frontend CommunicationIn today's web applications, security is of paramount importance. One crucial aspect of this is ensuring secure communication between the backend and frontend components of your system. This is where the distinction between HTTP and HTTPS becomes cru...http
Ohekpeje Joel Odeyjoelodey.hashnode.dev·Nov 8, 2024Lab: Exploiting XXE to perform SSRF attacksLab Scenario: Our mission is to exploit XXE through a web application's "Check stock" feature, ultimately performing SSRF attacks to access sensitive information from a metadata endpoint. By intercepting and manipulating a POST request, we intend to ...1 likePortSwigger XML external entity (XXE) injectionxxe
b1d0wsb1d0ws.hashnode.dev·Nov 7, 2024AppSec Project - Chapter 3, Enhancing SecurityIntroduction In today’s article, we will focus on implementing several enhancements to improve the overall security of our web application. While most of these changes do not address specific vulnerabilities, they play a crucial role in mitigating po...122 readsPostsappsec