Web Development Security
Knowledge base of practical and applicable Web development security. This directory is about the information and defensive aspect of web hacking, for the offensive aspect visit /hacking.
- The dangers of trusting HTTP headers
HTTP headers can be set by users and they can be very dangerous if you are using their values anywhere in the application logic, or are writing or storing (and eventually writing) their values anywh...
- What are SameSite cookies?
Cookies without the SameSite attribute will be submitted to the "owner website" even when requests originate from other websites. Unless that's what you want (for analytics, tracking etc.,) make sur...