Learn about CSP, how it works, and why it's awesome. You will build a content security policy header from scratch and learn how to overcome the usual problems on the way.

Content Security Policy (CSP)

Tabnabbing attacks enable a malicious website to suddenly redirect a legitimate page to the attacker's page. They can be an effective tool in phishing attacks, so let's see how you as the developer can safeguard your users from the attack. 

Tabnabbing Attacks and Prevention

In this article, you will learn about clickjacking attacks, how they work, how they can put your website users at risk, and how you can prevent it.

Clickjacking Attacks and Prevention

Learn everything about the fetch metadata headers and how you can implement isolation policies to defend against various client-side attacks.

Fetch Metadata and Isolation Policies

Learn what session fixation attacks are and how to protect your web application from them.

Session Fixation Attacks and Prevention

Learn how man-in-the-middle attacks can put your website users in danger and how to prevent it.

MITM (Man-In-The-Middle) Attacks and Prevention

Learn everything about HTTP cookie security, what are cookie-related attacks and how to defend against them.

Cookie Security

Never be frustrated with CORS again. Learn what cross-origin resource sharing is, why it exists, and how to embrace it.

CORS (Cross-Origin Resource Sharing)

Learn why HTTPS is not enough to protect your website from network attacks and how the HSTS header comes in to solve the problem.

HSTS (HTTP Strict Transport Security)

Learn about what the Same Origin Policy (SOP) is, and what it means for you, as a web developer.

Same Origin Policy (SOP)

Learn how SameSite cookies work and how they can protect against CSRF, XSS, XS-Leaks, and other vulnerabilities.

SameSite Cookies

Are you leaking your users' sensitive data to malicious websites? Learn how xs-leaks work and how to prevent it in 7 steps.

XS-Leaks (Cross-Site Leaks) Attacks and Prevention

An explanation of CSRF (Cross-Site Request Forgery) vulnerabilities and practical steps for avoiding them.

CSRF (Cross-Site Request Forgery) Attacks and Prevention

An explanation of XXE (XML External Entity) vulnerabilities and practical steps for avoiding them.

XXE (XML External Entity) Attacks and Prevention

An in-depth explanation of SQL injection vulnerabilities and practical steps for avoiding them.

SQL Injection Attacks and Prevention

Web Application Security Checklist

An in-depth explanation of XSS (Cross-Site Scripting) vulnerabilities and practical steps for avoiding them.

Welcome!

Content Security Policy (CSP)

Tabnabbing Attacks and Prevention

Clickjacking Attacks and Prevention

Fetch Metadata and Isolation Policies