BestHub
Sign in
Tagged articles
9 articles
Page 1 of 1
Ops Development & AI Practice
Ops Development & AI Practice
Jul 26, 2025 · Information Security

Mastering XSS: How Attackers Exploit Trust and How to Build Unbreakable Defenses

This article explains the fundamentals of Cross‑Site Scripting attacks, illustrates reflected, stored, and DOM‑based variants with concrete code examples, and presents a four‑step defense strategy—including input validation, output encoding, Content Security Policy, and WAF—to protect web applications.

Content Security PolicyWAFWeb Security
0 likes · 9 min read
Mastering XSS: How Attackers Exploit Trust and How to Build Unbreakable Defenses
php Courses
php Courses
May 28, 2025 · Information Security

Understanding XSS Attacks and Prevention Methods in PHP

Cross‑Site Scripting (XSS) is a common web security vulnerability where malicious scripts are injected into pages, and this article explains typical PHP XSS scenarios, demonstrates code examples, and outlines effective mitigation techniques such as htmlspecialchars(), HTML Purifier, proper headers, secure cookies, CSP, and best practices.

Content Security PolicyPHPWeb Security
0 likes · 5 min read
Understanding XSS Attacks and Prevention Methods in PHP
Wukong Talks Architecture
Wukong Talks Architecture
May 14, 2025 · Information Security

AI-Powered CodeBuddy Uncovers and Fixes Real SQL Injection and XSS Bugs

This article walks through two real-world security flaws—a high‑risk SQL injection and a medium‑risk stored XSS—showing how the CodeBuddy AI assistant can automatically detect, analyze, and remediate them with prepared statements and CSP enhancements, while explaining the underlying concepts and best practices.

AI code reviewCodeBuddyContent Security Policy
0 likes · 13 min read
AI-Powered CodeBuddy Uncovers and Fixes Real SQL Injection and XSS Bugs
YunZhu Net Technology Team
YunZhu Net Technology Team
Mar 24, 2022 · Information Security

Understanding XSS, CSRF, and Clickjacking: Attack Mechanisms and Defense Measures

This article explains the principles, attack vectors, and mitigation techniques for three common web security threats—Cross‑Site Scripting (XSS), Cross‑Site Request Forgery (CSRF), and Clickjacking—detailing how malicious scripts are injected, how forged requests exploit user credentials, and how defensive headers, token strategies, and frame restrictions can protect applications.

CSRFContent Security PolicySameSite
0 likes · 14 min read
Understanding XSS, CSRF, and Clickjacking: Attack Mechanisms and Defense Measures
System Architect Go
System Architect Go
Mar 4, 2021 · Information Security

Understanding Clickjacking: Attack Techniques and Effective Defenses

This article explains what clickjacking (UI redressing) is, demonstrates how attackers craft hidden iframe layers to hijack user clicks, and outlines both client‑side and server‑side mitigation strategies such as frame‑busting scripts, X‑Frame‑Options, and Content‑Security‑Policy directives.

Content Security PolicyUI redressingWeb Security
0 likes · 10 min read
Understanding Clickjacking: Attack Techniques and Effective Defenses
Youzan Coder
Youzan Coder
Mar 9, 2018 · Information Security

Migrating a SaaS Platform to Full‑Site HTTPS: Principles, Resources, and Practical Considerations

The guide details how a SaaS platform can transition to full‑site HTTPS by explaining the TLS handshake, inventorying static assets, domains and third‑party services, using protocol‑relative URLs, configuring redirects and CSP, testing securely, and addressing common migration challenges such as legacy references and external dependencies.

CDNContent Security PolicyHTTPS
0 likes · 13 min read
Migrating a SaaS Platform to Full‑Site HTTPS: Principles, Resources, and Practical Considerations
Tencent IMWeb Frontend Team
Tencent IMWeb Frontend Team
May 14, 2017 · Information Security

Mastering XSS: A Complete Guide to Understanding and Preventing Cross‑Site Scripting

This comprehensive tutorial explains what XSS is, describes the three main attack types, illustrates how malicious scripts are injected and executed, and provides practical strategies—including encoding, validation, and Content Security Policy—to defend web applications against cross‑site scripting vulnerabilities.

Content Security PolicyCross-site scriptingXSS
0 likes · 28 min read
Mastering XSS: A Complete Guide to Understanding and Preventing Cross‑Site Scripting
MaGe Linux Operations
MaGe Linux Operations
Sep 28, 2016 · Information Security

Essential HTTP Security Headers Every Web Developer Should Use

This guide explains the most important HTTP response security headers—such as X‑Frame‑Options, X‑Content‑Type‑Options, X‑XSS‑Protection, Content‑Security‑Policy, Strict‑Transport‑Security, and CORS headers—detailing their purpose, possible values, and how to configure them in Apache to harden web applications.

ApacheCORSContent Security Policy
0 likes · 6 min read
Essential HTTP Security Headers Every Web Developer Should Use