Risk versus Reach. A false choice. We should not materially compromise security to reach more users.
The humble cookie. So controversial. So complex to secure. If your web app must have them, you must secure them.
You and your browser run inside a nice safe firewall. A firewall which doesn’t do what you think. Explore how the browser is the accomplice to the crime.
NTT Comm discloses a breach. Firewalls lead to false assurances, allowing wide open internal access.
Meet Hank. Hank is a web application with a dark secret. It trusts you the user to not change things in the browser. Bad Hank. Learn how to fix it!
The Content-Security-Policy headers exists to protect the users of your web site from the content they themselves might create.