Web application

csp
Information Security / Mitigations / OWASP top 10 / Source Code Review / Web application

Content Security Policy (CSP): A Key Mitigation for XSS and Clickjacking

Content Security Policy (CSP) is a powerful browser mechanism designed to prevent and mitigate common web vulnerabilities such as Cross-Site Scripting (XSS) and Clickjacking. CSP allows developers to specify which sources of content are trusted by the application. This guide will walk you through how CSP works, and how to use it to protect against Clickjacking with frame-ancestors. Real-world examples and practical…

0 Comments
May 29, 2025
csrf-tokens
csrf / Information Security / Mitigations / Web application

How Servers Handle CSRF Tokens: Generation, Validation, and Best Practices

Welcome to Part 2 of the CSRF series!While spotting CSRF vulnerabilities during testing or bug bounties is often straightforward, have you ever paused to think about what really happens behind the scenes when implementing mitigations? In Part 1, we explored the fundamentals of Cross-Site Request Forgery (CSRF), why it's dangerous, and how browsers now defend against it using mechanisms like SameSite cookies…

0 Comments
May 11, 2025
Read more about the article Exploiting Cache: 20 Headers That Makes your Web App vulnerable to Cache Poisoning
Information Security / OWASP top 10 / Web application

Exploiting Cache: 20 Headers That Makes your Web App vulnerable to Cache Poisoning

In the fast-moving world of web applications, caching plays a pivotal role in ensuring quick and efficient content delivery. However, as with most technologies, it comes with its own set of vulnerabilities. One of the most insidious threats in this realm is cache poisoning. This subtle yet powerful attack can manipulate what users see, disrupt functionality, and lead to severe security and…

0 Comments
September 18, 2024
http request and response headers
Information Security / Web application

The ultimate guide to HTTP request & response headers

End-users constantly make GET or POST request to the internet to retrieve information. The most common protocol used here is HTTP/S. But this communication is not just about making requests. It needs to be meaningful when sent from client to server or vice-versa. Here’s when HTTP header comes in. With headers, client/server can send additional information with HTTP request. In this blog…

0 Comments
September 10, 2020