Skip to main content

Security

Securing your website from malicious attacks, mischevious users, bots, etc.

Introduction and Critical Points

Defending against security threats, such as XSS (Cross-Site Scripting) and CSRF (Cross-Site Reque...

Webserver Security

Topics related to securing webservers themselves.

Apache configuration

Configuring Apache properly is essential for website security. Generally, pre-packaged webserver ...

Language-specific configuration (e.g. PHP)

Depending on your tech stack, the language of choice that serves backend requests must be configu...

Generating SSL/TLS Certificates via LetsEncrypt

Generating SSL certificates when your webservers are behind a load balancer In situations where ...

Server-side Code Security

Topics specific to ensuring server-side code is secure.

User Input: Sanitization and Validation

To protect your website from malicious attacks (and also simply to prevent weird errors for users...

Storing Credentials for Cloud Services

Your webservers usually have to connect to various services, like your database and cache servers...

Storing User Credentials

For the most part, this is about storing passwords, and understanding how to secure them properly...

WebSockets-specific security practices: JSON Web Tokens

When using the WebSockets protocol, there are a lot of potential pitfalls to bear in mind that ca...

Generating Credentials: secure data sources

If you have a use case where you need to give a user a one-time password or key to authenticate f...

Defending against XSS and CSRF attacks

Specific measures for XSS and CSRF defence.

Cookie Security Considerations for CSRF attacks

CSRF attacks, by definition, usually involve abusing the fact that the user is already logged in ...

CSRF tokens and CSRF headers

CSRF Headers Adding a custom request header to 'unsafe' outgoing AJAX requests (e.g. POST reques...

Displaying user-inputted content on webpages

XSS (Cross-Site Scripting) generally results from bad practices regarding user input. For example...

Infrastructure Security

Additional security measures that can be applied to your site infrastructure.

Web Application Firewall (WAF)

A Web Application Firewall (WAF) is basically like a normal firewall you'd have on your own PC, b...
Back to top