Tag feed

#web-security

270 posts35 followers

Explore Hashnode

Alternatives

Trending tags this week

MNMilan Nikicsecuritydepth.hashnode.dev1d ago · 27 min read

Broken Access Control in Java and Spring: Secure Implementation Patterns (Part 2)

Part 1 covered horizontal privilege escalation, where users access resources that belong to other users at the same privilege level. We walked through IDOR vulnerabilities in path parameters, query pa

0

SKSreeram K Scode-as-a-story.hashnode.dev3d ago · 6 min read

What is XSS (Cross-Site Scripting)?

Story Time Imagine your office has a public notice board where anyone can walk up and pin messages like “Team lunch at 1 PM” and “Meeting moved to 3 PM”. Everyone trusts this board and whatever is wri

0

SKSreeram K Scode-as-a-story.hashnode.dev3d ago · 6 min read

CORS vs CSP vs CSRF vs XSS — Differences Every Developer Must Understand

CORS, CSP, CSRF, XSS : They all sound similar, they all show up when something breaks in your frontend or backend and they all somehow feel like “security things.” So it’s natural to assume “Aren’t th

0

ASAran Shieldaran-shield.hashnode.dev5d ago · 4 min read

How to Defend Against Browser Fingerprinting in 2026

Canvas, WebGL, AudioContext — here's what's actually tracking you and how to stop it. What Is Browser Fingerprinting? Browser fingerprinting is a technique that identifies you without cookies, without

0

MNMilan Nikicsecuritydepth.hashnode.devJun 16 · 21 min read

Broken Access Control in Java and Spring: Secure Implementation Patterns (Part 1)

Broken Access Control sits at the top of the OWASP Top 10 2025, and that ranking tells an important story. Authentication answers a simple question: who is this person? Authorization answers a harder

0

SSSailee Shingaresaileeshingare.hashnode.devJun 16 · 4 min read

HTTP vs HTTPS — What Actually Happens When You Visit a Website

By Sailee Shingare | M.S in Computer Science, Northern Illinois University Every time you visit a website, your browser and the server have a conversation. That conversation happens over a protocol —

0

TATanitoluwa Adenugaadenugatani.hashnode.devJun 15 · 5 min read

If You’ve Ever Fought a CORS Error, Read This.

If you’ve ever opened your console and sighed, this will look familiar: Access to fetch at '…' has been blocked by CORS policy…' Postman works. Thunder Client works. Your backend developer swears ev

0

SKSreeram K Scode-as-a-story.hashnode.devJun 13 · 5 min read

What is CSRF (Cross-Site Request Forgery)?

Story Time Imagine this, you are going to your bank to withdraw money for some need (I know you have banking apps but bear with me here..). The bank employee there informs you that they now have the a

0

IiDevoblog.nehonix.comJun 10 · 7 min read

Why Express Applications Become Difficult to Secure at Scale

Express has earned its place as one of the most influential web frameworks in the Node.js ecosystem. Its simplicity, flexibility, and minimal learning curve have enabled countless startups and enterpr

0

YPYogesh Peelaexploitnotes.hashnode.devJun 8 · 5 min read

Render & Plunder - dalCTF 2026

Challenge: Render & PlunderCategory: Web Security / Defense Challenge Description I wrote a user-profile service with a nice renderer for myself. Surely it's secure, right? Take a look and patch any

0

#web-security

Search Hashnode

#web-security

Explore Hashnode

Trending tags this week

Broken Access Control in Java and Spring: Secure Implementation Patterns (Part 2)

What is XSS (Cross-Site Scripting)?

CORS vs CSP vs CSRF vs XSS — Differences Every Developer Must Understand

How to Defend Against Browser Fingerprinting in 2026

Broken Access Control in Java and Spring: Secure Implementation Patterns (Part 1)

HTTP vs HTTPS — What Actually Happens When You Visit a Website

If You’ve Ever Fought a CORS Error, Read This.

What is CSRF (Cross-Site Request Forgery)?

Why Express Applications Become Difficult to Secure at Scale

Render & Plunder - dalCTF 2026