Understanding XSS attacks
What is Cross-Site Scripting (XSS) and how do I prevent it in my web apps?...
Showing 6 problems
with active filters
Password hashing best practices
What's the best way to store passwords? Why shouldn't I use MD5 or SHA1?...
OAuth 2.0 flow explained simply
I'm implementing OAuth 2.0 for my app but the flow is confusing. Can someone explain: 1. Authorization Code flow (with PKCE) 2. When to use which grant type 3. What are access tokens vs refresh token...
SQL injection prevention techniques
What are all the ways to prevent SQL injection attacks? Parameterized queries, etc.?...
How to securely store API keys?
I accidentally committed my API key to GitHub and now I'm paranoid. What's the best way to: 1. Store API keys in development? 2. Store API keys in production? 3. Rotate keys if they're compromised? ...
HTTPS and SSL/TLS explained
How does HTTPS work? What happens during the TLS handshake?...