Meet Hank. Hank is a web application with a dark secret. It trusts you the user to not change things in the browser. Bad Hank. Learn how to fix it!
The Content-Security-Policy headers exists to protect the users of your web site from the content they themselves might create.
Should I use a Web Application Firewall? What is it ? What benefit will it give me? When would I use it? Read on to learn!
Web applications may not be inherently secure. But we want them Internet available anyway. How can we reconcile these two? Let’s see!.
Your corporate firewall. That invulnerable bastion that lets you fearlessly run less-than-secure internal tools like a CRM, a Finance portal. But, is it really invulnerable? Or is it a paper wall at best? We look at how Cross-Site-Scripting vulnerabilities, known session ID cookies or access tokens can allow content from the world to pierce it as if it were not there. We do this using the weakest link: you.
For audit, security, tracing, we want the origin IP logged. Load-balancers can mask this. Learn how to log the true client IP from nginx with lua, when that nginx is behind a load-balancer (reverse proxy)