BestHub
Sign in
Tagged articles
66 articles
Page 1 of 1
Woodpecker Software Testing
Woodpecker Software Testing
Apr 9, 2026 · Artificial Intelligence

Building a Generic AI Agent for Automated Test Case and Script Generation (Part 3)

After parallelizing registration, login, and password‑recovery flows, this article shows how to embed those requirements into a reusable intelligent agent, detailing the workflow diagram, system and user prompts, and providing concrete Python‑based API and Playwright test script examples with CSRF handling, password hashing, and database cleanup.

AI testingAPI testingCSRF
0 likes · 38 min read
Building a Generic AI Agent for Automated Test Case and Script Generation (Part 3)
Lobster Programming
Lobster Programming
Jan 19, 2026 · Information Security

How CSRF Attacks Exploit Trusted Sessions and How to Defend Them

This article explains the principle and step‑by‑step flow of Cross‑Site Request Forgery attacks, illustrates common exploitation techniques such as forged GET/POST requests and click‑bait links, and outlines practical defenses including POST usage, HttpOnly cookies, CSRF tokens, and double‑submit cookie validation.

CSRFCross-Site Request ForgeryToken
0 likes · 6 min read
How CSRF Attacks Exploit Trusted Sessions and How to Defend Them
JavaScript
JavaScript
Jan 1, 2026 · Information Security

Why Storing JWT in localStorage Is No Longer Safe and What to Use Instead

Storing JWT tokens in localStorage has become a serious security risk because XSS attacks can steal them, so developers should adopt safer alternatives such as HttpOnly cookies, BFF‑backed sessions, or Service Worker‑based in‑memory storage, each with its own trade‑offs.

AuthenticationBFFCSRF
0 likes · 10 min read
Why Storing JWT in localStorage Is No Longer Safe and What to Use Instead
JavaScript
JavaScript
Nov 30, 2025 · Information Security

Why Storing JWT in localStorage Is a Security Nightmare and Safer Alternatives

Storing JWT tokens in localStorage, once a common practice for front‑end authentication, now poses severe XSS risks; this article explains the vulnerabilities, compares HttpOnly cookies, BFF with cookies, and Service Worker‑based solutions, and recommends safer strategies for modern web applications.

BFFCSRFHttpOnly cookie
0 likes · 11 min read
Why Storing JWT in localStorage Is a Security Nightmare and Safer Alternatives
Ray's Galactic Tech
Ray's Galactic Tech
Nov 15, 2025 · Information Security

Spring Boot Security Guide: HTTPS, CSRF, XSS, and Dependency Hardening

This comprehensive guide walks you through securing Spring Boot applications by configuring TLS, implementing Spring Security for authentication, CSRF, XSS and SQL injection defenses, hardening HTTP headers, scanning third‑party dependencies with OWASP Dependency‑Check, and applying best‑practice DevOps hardening steps for a defense‑in‑depth posture.

CSRFDependency-CheckHTTPS
0 likes · 7 min read
Spring Boot Security Guide: HTTPS, CSRF, XSS, and Dependency Hardening
JavaScript
JavaScript
Sep 22, 2025 · Information Security

Why Storing JWT in localStorage Is a Security Nightmare and What to Use Instead

This article explains why storing JWT tokens in localStorage is unsafe due to XSS vulnerabilities, compares alternatives like HttpOnly cookies, BFF with cookies, and Service Workers, and offers guidance on choosing the most secure authentication strategy for modern frontend applications.

BFFCSRFXSS
0 likes · 10 min read
Why Storing JWT in localStorage Is a Security Nightmare and What to Use Instead
大转转FE
大转转FE
Aug 19, 2025 · Frontend Development

Essential Frontend Security: Defend Against CSRF, XSS, and Clickjacking

This article explains why frontend security is critical, outlines common attacks such as CSRF, XSS (stored, reflected, DOM), and clickjacking, and provides practical defense strategies including CSRF tokens, SameSite cookies, input validation, CSP, X‑Frame‑Options, and secure coding practices for modern web developers.

CSRFSecure CodingWeb Security
0 likes · 12 min read
Essential Frontend Security: Defend Against CSRF, XSS, and Clickjacking
JavaScript
JavaScript
Jun 19, 2025 · Information Security

Why Storing JWT in localStorage Is Dangerous and Safer Alternatives for 2025

Storing JWT tokens in localStorage, once a common practice for front‑end authentication, now poses severe XSS risks, prompting developers to adopt more secure methods such as HttpOnly cookies with SameSite protection, BFF‑backed session cookies, or Service Worker‑based token handling, each with trade‑offs.

BFFCSRFJWT
0 likes · 8 min read
Why Storing JWT in localStorage Is Dangerous and Safer Alternatives for 2025
php Courses
php Courses
Jun 18, 2025 · Information Security

Why Most PHP Auth Systems Are Insecure and How to Build a Truly Safe One

This article reveals common security flaws in typical PHP authentication implementations—such as misconceptions about session safety, weak password storage, inadequate CSRF protection, missing rate limiting, and lack of multi‑factor authentication—and provides concrete best‑practice steps, including modern password hashing, strict session management, HTTPS enforcement, comprehensive CSRF defenses, intelligent rate limiting, MFA support, and regular security audits.

CSRFMFAPHP
0 likes · 5 min read
Why Most PHP Auth Systems Are Insecure and How to Build a Truly Safe One
Java Tech Enthusiast
Java Tech Enthusiast
Apr 27, 2025 · Frontend Development

Common Front-End Security Attacks, Principles, and Mitigations

The article outlines prevalent front‑end security threats such as XSS, SQL injection, CSRF, MITM, clickjacking, misconfiguration, and vulnerable dependencies, explains their underlying principles, and recommends practical mitigations including input validation, CSP, HTTPS/TLS, CSRF tokens, secure headers, regular audits, and dependency scanning.

CSRFMITMSQL injection
0 likes · 8 min read
Common Front-End Security Attacks, Principles, and Mitigations
php Courses
php Courses
Apr 3, 2025 · Information Security

How to Defend Against CSRF Attacks Using PHP

This article explains the fundamentals of CSRF attacks, how they exploit authenticated users' cookies, and provides practical PHP techniques—including token generation and verification, request‑origin checks, secure cookie settings, and safe login/logout handling—to effectively protect web applications.

CSRFPHPpreventive measures
0 likes · 6 min read
How to Defend Against CSRF Attacks Using PHP
php Courses
php Courses
Feb 13, 2025 · Information Security

Comprehensive PHP Security Best Practices: Dependency Management, Session Hardening, CSRF Protection, Input Validation, Type Declarations, Prepared Statements, Error Handling, and Security Testing

This article presents a thorough guide to securing PHP applications by managing Composer dependencies, hardening session handling, implementing CSRF defenses, sanitizing all inputs, enforcing strict type declarations, using prepared statements for database access, concealing sensitive error details, encapsulating critical operations, and incorporating security‑focused testing.

CSRFPHPWeb Development
0 likes · 16 min read
Comprehensive PHP Security Best Practices: Dependency Management, Session Hardening, CSRF Protection, Input Validation, Type Declarations, Prepared Statements, Error Handling, and Security Testing
php Courses
php Courses
Nov 14, 2024 · Information Security

Best Practices for Securing Laravel Web Applications

This article outlines essential Laravel security practices, including built‑in authentication, CSRF protection, input validation, HTTPS enforcement, secure session handling, regular dependency updates, and rate limiting, providing developers with concrete steps to protect web applications from common attacks.

AuthenticationCSRFHTTPS
0 likes · 6 min read
Best Practices for Securing Laravel Web Applications
Open Source Linux
Open Source Linux
May 23, 2024 · Information Security

Master Common Web & Network Attacks: SQL Injection, XSS, CSRF, DDoS & More

This article provides a comprehensive overview of prevalent web and network security threats—including SQL injection, XSS, CSRF, file‑upload flaws, DDoS, ARP/RARP spoofing, DNS attacks, routing protocols, TCP/UDP differences, HTTP nuances, cookies vs. sessions, and SSL/TLS—along with practical prevention techniques for each.

ARPCSRFDDoS
0 likes · 24 min read
Master Common Web & Network Attacks: SQL Injection, XSS, CSRF, DDoS & More
php Courses
php Courses
Feb 18, 2024 · Backend Development

Secure User Login and Logout Implementation in PHP

This article explains how to securely implement user login and logout functionality in PHP by using session management, server‑side validation, and CSRF token protection, providing sample code for authentication, session handling, and safe logout procedures.

CSRFPHPSession
0 likes · 6 min read
Secure User Login and Logout Implementation in PHP
php Courses
php Courses
Jan 31, 2024 · Information Security

How to Defend Against CSRF Attacks in PHP

This article explains the principles of CSRF attacks and provides practical PHP techniques to prevent them, including token generation and verification, checking Referer and Origin headers, configuring secure cookie attributes, and ensuring safe login and logout processes.

CSRFCookieOrigin
0 likes · 5 min read
How to Defend Against CSRF Attacks in PHP
MaGe Linux Operations
MaGe Linux Operations
Jan 6, 2024 · Information Security

Understanding XSS: Types, Risks, and Effective Defense Strategies

This article explains what Cross‑Site Scripting (XSS) is, describes its various types and the severe threats it poses, and provides comprehensive defense techniques—including input/output validation, HTML/JavaScript encoding, HttpOnly cookies, and secure handling of URLs, CSS, and rich‑text content—to protect web applications from XSS attacks.

CSRFHTML EncodingWeb Security
0 likes · 31 min read
Understanding XSS: Types, Risks, and Effective Defense Strategies
Test Development Learning Exchange
Test Development Learning Exchange
Oct 16, 2023 · Information Security

Python Techniques for Data Protection and Privacy: Encryption, Hashing, SSL/TLS, and Common Security Measures

This article presents practical Python examples for enhancing network security, covering symmetric and asymmetric encryption, hash functions, password hashing, SSL/TLS communication, SQL injection prevention, XSS mitigation, CSRF protection, and secure password storage to safeguard data and privacy.

CSRFHashingPython
0 likes · 7 min read
Python Techniques for Data Protection and Privacy: Encryption, Hashing, SSL/TLS, and Common Security Measures
Liangxu Linux
Liangxu Linux
Aug 19, 2023 · Information Security

Understanding CSRF Attacks: How They Work and How to Defend Against Them

This article explains the fundamentals of Cross‑Site Request Forgery (CSRF), describing its background, attack mechanics, key concepts, common prevention techniques such as anti‑CSRF tokens and SameSite cookies, and provides practical GET and POST examples to illustrate the threat.

Anti‑CSRF TokenCSRFCross-Site Request Forgery
0 likes · 9 min read
Understanding CSRF Attacks: How They Work and How to Defend Against Them
php Courses
php Courses
Aug 6, 2023 · Information Security

Common Web Attack Types and Their Mitigation Strategies

This article outlines the most common web attacks—including DDoS, XSS, SQL injection, and CSRF—explains how they compromise website security, and provides practical mitigation techniques such as traffic filtering, input validation, parameterized queries, CSRF tokens, and secure configuration to protect sites and user data.

CSRFDDoSMitigation
0 likes · 10 min read
Common Web Attack Types and Their Mitigation Strategies
MaGe Linux Operations
MaGe Linux Operations
Jul 27, 2023 · Information Security

Understanding CSRF Attacks: How They Work and How to Prevent Them

Cross‑Site Request Forgery (CSRF) exploits browsers’ automatic cookie handling to trick authenticated users into sending malicious requests, and this article explains its background, operation, key concepts, real‑world examples, and effective prevention techniques such as anti‑CSRF tokens and SameSite cookies.

Anti‑CSRF TokenCSRFCross-Site Request Forgery
0 likes · 9 min read
Understanding CSRF Attacks: How They Work and How to Prevent Them
php Courses
php Courses
May 20, 2023 · Information Security

Three Methods to Prevent CSRF Attacks in PHP Applications

This article explains three practical techniques—CSRF token validation, read‑only cookie verification, and duplicate‑submission prevention—illustrated with complete PHP code examples, to help developers protect their web applications from cross‑site request forgery attacks.

CSRFTokenduplicate submission
0 likes · 6 min read
Three Methods to Prevent CSRF Attacks in PHP Applications
MaGe Linux Operations
MaGe Linux Operations
Mar 21, 2023 · Information Security

How to Exploit Horizontal Privilege Escalation: A Step‑by‑Step Guide

This article documents a complete horizontal privilege escalation attack, showing how modifying POST parameters, REST‑style paths, and cookies can lead to unauthorized view, edit, and delete of other users' data, followed by techniques to combine the flaw with XSS and CSRF for greater impact.

CSRFXSScookie manipulation
0 likes · 6 min read
How to Exploit Horizontal Privilege Escalation: A Step‑by‑Step Guide
Java High-Performance Architecture
Java High-Performance Architecture
Sep 26, 2022 · Information Security

Master Spring Security: From Basics to Advanced Customizations

This comprehensive guide walks you through Spring Security fundamentals, authentication flow, project setup, custom user details, password encoding, login handling, 403 error pages, remember‑me functionality, method security annotations, and CSRF protection, providing clear code examples for each topic.

AuthenticationAuthorizationCSRF
0 likes · 16 min read
Master Spring Security: From Basics to Advanced Customizations
Programmer DD
Programmer DD
Sep 13, 2022 · Information Security

Master Spring Security: From Basics to Advanced Customizations

This guide walks through Spring Security fundamentals, including its core authentication and authorization mechanisms, project setup with Maven, customizing usernames, implementing UserDetailsService, creating custom PasswordEncoders, configuring login handling, role and authority checks, CSRF protection, remember‑me functionality, and using security annotations.

AuthenticationAuthorizationCSRF
0 likes · 17 min read
Master Spring Security: From Basics to Advanced Customizations
IT Services Circle
IT Services Circle
Jun 23, 2022 · Information Security

Comprehensive Guide to JWT Authentication: Concepts, Advantages, Security Issues, and Solutions

This article provides an in‑depth overview of JSON Web Tokens (JWT), explaining their structure, authentication workflow, advantages such as statelessness and CSRF protection, drawbacks like revocation difficulty, and presents practical solutions including blacklist, secret rotation, short‑lived tokens and refresh‑token strategies.

AuthenticationBackendCSRF
0 likes · 13 min read
Comprehensive Guide to JWT Authentication: Concepts, Advantages, Security Issues, and Solutions
YunZhu Net Technology Team
YunZhu Net Technology Team
Mar 24, 2022 · Information Security

Understanding XSS, CSRF, and Clickjacking: Attack Mechanisms and Defense Measures

This article explains the principles, attack vectors, and mitigation techniques for three common web security threats—Cross‑Site Scripting (XSS), Cross‑Site Request Forgery (CSRF), and Clickjacking—detailing how malicious scripts are injected, how forged requests exploit user credentials, and how defensive headers, token strategies, and frame restrictions can protect applications.

CSRFContent Security PolicySameSite
0 likes · 14 min read
Understanding XSS, CSRF, and Clickjacking: Attack Mechanisms and Defense Measures
Top Architect
Top Architect
Jan 18, 2022 · Information Security

Comprehensive Spring Security Guide: Authentication, Authorization, Custom Configurations, and CSRF Protection

This article provides an in‑depth tutorial on Spring Security, covering its core concepts, authentication flow, project setup, dependency imports, custom UserDetailsService, password encoding, login handling, role‑based access control, CSRF protection, and integration with Thymeleaf, complete with practical code examples.

AuthenticationAuthorizationCSRF
0 likes · 16 min read
Comprehensive Spring Security Guide: Authentication, Authorization, Custom Configurations, and CSRF Protection
TAL Education Technology
TAL Education Technology
Jan 6, 2022 · Information Security

Web Security Essentials for Front-End Engineers

This article educates front‑end engineers about common web security threats such as XSS, CSRF, directory exposure, SQL injection, command injection, DDoS, and hijacking, and provides practical mitigation techniques and best‑practice principles to build more secure web applications.

CSRFSQL injectionWeb Security
0 likes · 12 min read
Web Security Essentials for Front-End Engineers
Programmer DD
Programmer DD
Oct 28, 2021 · Frontend Development

Which Browser Storage Is Best for JWT? Cookie vs localStorage vs sessionStorage

This article compares three browser storage options for JWT—Cookie, localStorage, and sessionStorage—examining how each works, their automatic handling, and security implications such as CSRF and XSS, ultimately recommending Cookies with proper SameSite and HttpOnly settings for stronger protection.

CSRFCookieJWT
0 likes · 4 min read
Which Browser Storage Is Best for JWT? Cookie vs localStorage vs sessionStorage
MaGe Linux Operations
MaGe Linux Operations
Apr 25, 2021 · Backend Development

How to Use AJAX with Django: GET & POST Requests Made Easy

This tutorial explains how to integrate AJAX fetch calls with Django views for both GET and POST requests, covering header configuration, CSRF handling, JSON data exchange, and the updated method for detecting AJAX requests in Django 3.1 and later.

CSRFDjangoJSON
0 likes · 11 min read
How to Use AJAX with Django: GET & POST Requests Made Easy
Spring Full-Stack Practical Cases
Spring Full-Stack Practical Cases
Apr 4, 2021 · Information Security

Mastering CSRF Protection in Spring Boot: From Theory to Code

This guide explains what CSRF attacks are, outlines common defense strategies such as captchas, referer checks, and token validation, and provides a complete Spring Boot implementation—including custom annotations, token storage with Guava or Redis, an interceptor, configuration, and a token‑generation endpoint—complete with testing steps.

CSRFInterceptorSpring Boot
0 likes · 8 min read
Mastering CSRF Protection in Spring Boot: From Theory to Code
php Courses
php Courses
Jan 19, 2021 · Backend Development

Using Form Method Spoofing and CSRF Protection in Laravel

This article explains how to create Laravel routes for GET and POST forms, handle CSRF protection, disable it when necessary, configure CSRF whitelist, and use form method spoofing to send PUT requests via HTML forms.

CSRFHTTP methodsform-spoofing
0 likes · 4 min read
Using Form Method Spoofing and CSRF Protection in Laravel
Laiye Technology Team
Laiye Technology Team
Nov 17, 2020 · Information Security

Comprehensive Security Practices and Vulnerability Mitigation at Laiye Technology

This article details Laiye Technology's end‑to‑end security strategy—including application hardening, password policies, brute‑force defenses, SQL injection, XSS and CSRF mitigations, privilege controls, secure file uploads, code‑review standards, and infrastructure vulnerability scanning—to protect sensitive data and AI‑driven robot platforms from a wide range of attacks.

CSRFPassword policySQL injection
0 likes · 21 min read
Comprehensive Security Practices and Vulnerability Mitigation at Laiye Technology
Test Development Learning Exchange
Test Development Learning Exchange
Dec 24, 2019 · Information Security

Common Web Security Vulnerabilities and Their Prevention Methods

This article explains several typical web security threats—including XSS, SQL injection, request forgery, CSRF, hotlink protection, upload/download vulnerabilities, and whitelist/blacklist misuse—while providing concrete Java code examples and practical defense techniques to mitigate each risk.

CSRFSQL injectionVulnerability Prevention
0 likes · 18 min read
Common Web Security Vulnerabilities and Their Prevention Methods
转转QA
转转QA
Oct 9, 2019 · Information Security

Understanding Security Testing: SQL Injection, XSS, CSRF, and Permission Vulnerabilities

This article explains the differences between functional and security testing, introduces common web vulnerabilities such as SQL injection, cross‑site scripting (XSS), and cross‑site request forgery (CSRF), provides concrete code examples, and offers practical tips for detecting and preventing these issues.

CSRFSQL injectionWeb Vulnerabilities
0 likes · 12 min read
Understanding Security Testing: SQL Injection, XSS, CSRF, and Permission Vulnerabilities
Qunar Tech Salon
Qunar Tech Salon
Oct 19, 2018 · Information Security

CSRF Attacks: Mechanisms, Real‑World Examples, and Defense Strategies

This article explains the background and risks of Cross‑Site Request Forgery (CSRF) attacks, illustrates real‑world exploitation scenarios, and provides comprehensive defense techniques such as origin/referrer checks, CSRF tokens, double‑cookie verification, SameSite cookies, and best practices for developers and security teams.

CSRFCSRF tokenCross-Site Request Forgery
0 likes · 31 min read
CSRF Attacks: Mechanisms, Real‑World Examples, and Defense Strategies
Meituan Technology Team
Meituan Technology Team
Oct 11, 2018 · Information Security

Understanding CSRF Attacks and Prevention Strategies in Front-End Development

CSRF attacks trick a logged‑in user’s browser into sending authenticated requests to a target site, enabling unauthorized actions, so front‑end developers must mitigate them by enforcing same‑origin checks, using anti‑CSRF tokens or double‑cookie verification, and configuring SameSite cookie attributes to block cross‑site requests.

CSRFCross-Site Request ForgerySameSite Cookie
0 likes · 33 min read
Understanding CSRF Attacks and Prevention Strategies in Front-End Development
Java Backend Technology
Java Backend Technology
May 13, 2018 · Information Security

Why HTTP Is Insecure and How to Defend Against Common Web Attacks

This article explains why plain‑HTTP traffic is vulnerable, outlines encryption tricks, describes file‑path traversal, DNS spoofing, proxy risks, HTTP error codes, POST data formats, cookie security, CSRF, XSS, JSONP, and CORS, and provides practical mitigation techniques for each threat.

CORSCSRFCookie
0 likes · 17 min read
Why HTTP Is Insecure and How to Defend Against Common Web Attacks
360 Quality & Efficiency
360 Quality & Efficiency
Apr 13, 2018 · Information Security

Common Web Application Vulnerabilities and Their Attack Methods

This article introduces the most common web application vulnerabilities—including SQL injection, XSS, CSRF, file upload, file inclusion, clickjacking, and URL redirect—explaining how attackers exploit them and the potential impacts on websites and their users.

CSRFSQL injectionWeb Security
0 likes · 8 min read
Common Web Application Vulnerabilities and Their Attack Methods
ITFLY8 Architecture Home
ITFLY8 Architecture Home
Mar 11, 2018 · Information Security

Understanding CSRF Attacks: Risks, Detection, and Defense Strategies

This article explains what CSRF (Cross‑Site Request Forgery) is, illustrates its attack model, details the potential damages, walks through the attack process with examples, and outlines practical detection methods and multiple defense techniques including token‑based protection and referer checks.

Anti‑CSRF TokenCSRFCross-Site Request Forgery
0 likes · 13 min read
Understanding CSRF Attacks: Risks, Detection, and Defense Strategies
ITPUB
ITPUB
Feb 25, 2018 · Information Security

How CSRF Attacks Exploit Cookies and How to Defend Against Them

This article explains the mechanics of Cross‑Site Request Forgery (CSRF) attacks—including a step‑by‑step example of password‑change exploitation—lists the four essential conditions for a successful CSRF, introduces the related Server‑Side Request Forgery (SSRF) threat, and provides practical mitigation strategies for both vulnerabilities.

Attack MitigationCSRFCross-Site Request Forgery
0 likes · 9 min read
How CSRF Attacks Exploit Cookies and How to Defend Against Them
Architecture Digest
Architecture Digest
Aug 11, 2017 · Information Security

Common Web Attacks and Their Mitigation Techniques

The article introduces major web security threats such as XSS, injection, CSRF, explains their mechanisms with examples, and presents defensive measures including input sanitization, HttpOnly cookies, web application firewalls, and encryption methods like hashing, symmetric and asymmetric cryptography.

CSRFSQL injectionWAF
0 likes · 10 min read
Common Web Attacks and Their Mitigation Techniques
21CTO
21CTO
Feb 27, 2016 · Information Security

How Attackers Exploit Sina Weibo OAuth to Hijack User Accounts

This article examines common security pitfalls when integrating Sina Weibo OAuth for user login and account binding, illustrating CSRF vulnerabilities and code‑theft attacks through real‑world examples on Bilibili, NetEase Cloud Music, and Zhihu, and offers mitigation recommendations.

CSRFOAuth2Security Vulnerability
0 likes · 10 min read
How Attackers Exploit Sina Weibo OAuth to Hijack User Accounts
Java High-Performance Architecture
Java High-Performance Architecture
Oct 6, 2015 · Information Security

Understanding CSRF Attacks and How to Prevent Them

This article explains how CSRF (Cross‑site request forgery) tricks authenticated users into performing attacker‑controlled actions, illustrates a typical admin‑addition scenario, and outlines two primary defenses—CAPTCHA verification and dynamic token validation—to effectively mitigate such attacks.

CSRFCaptchaCross-Site Request Forgery
0 likes · 3 min read
Understanding CSRF Attacks and How to Prevent Them
High Availability Architecture
High Availability Architecture
Jul 30, 2015 · Information Security

Web Application Security Threats and Mitigation Strategies

This article outlines the most common web application security threats—including XSS, SQL injection, CSRF, transmission hijacking, credential leaks, brute‑force attacks, and token theft—and provides practical mitigation techniques such as proper escaping, CSP, parameterized queries, CSRF tokens, HTTPS, HSTS, HPKP, encrypted password storage, two‑factor authentication, and robust token handling.

CSPCSRFHTTPS
0 likes · 26 min read
Web Application Security Threats and Mitigation Strategies
Architect
Architect
Jul 23, 2015 · Information Security

Web Security in Front‑End Development: XSS and CSRF Prevention with Midway

This article explains common web security threats such as XSS and CSRF in a front‑end/back‑end separated architecture and demonstrates how the Midway framework provides HTML escaping, rich‑text filtering, and token‑based CSRF protection to safeguard user data and application integrity.

CSRFHTML EscapeMidway
0 likes · 13 min read
Web Security in Front‑End Development: XSS and CSRF Prevention with Midway
Baidu Tech Salon
Baidu Tech Salon
Sep 26, 2014 · Information Security

Web Front‑End Security: External Link Restrictions, Rich‑Text XSS, Opener Phishing, and Clickjacking Mitigations

The article outlines front‑end web security tactics—blocking all user‑supplied external links, sanitizing rich‑text to prevent XSS and iframe abuse, nullifying window.opener to stop phishing redirects—while recommending CSP, whitelist CSS, sandboxed iframes, and click‑through confirmations as mitigations.

CSRFFront-endWeb Security
0 likes · 13 min read
Web Front‑End Security: External Link Restrictions, Rich‑Text XSS, Opener Phishing, and Clickjacking Mitigations