Articles

7 articles covering application security for developers

7 results sorted by date ↓
vuln
CSRF Prevention — Tokens, SameSite Cookies, and the Patterns That Actually Work

Cross-Site Request Forgery remains a top web vulnerability despite years of awareness. This guide covers the attack mechanics, why naive defences fail, and the complete modern prevention stack including CSRF tokens, SameSite cookies, and custom request headers.

OWASP A01
pythonjavascriptjava csrfcross-site-request-forgery
vuln
SQL Injection Prevention: A Complete Developer Guide featured

Parameterised queries, ORM pitfalls, and blind SQLi detection patterns to protect your application data.

OWASP A03
pythonjavanode sql-injectiondatabase
guide
Secrets Management: The Twelve-Factor Approach and Beyond

How secrets end up in git history, why environment variables aren't enough, and how to use Vault and AWS Secrets Manager properly.

pythonnodego secretsenvironment-variables
vuln
JWT Security: Common Mistakes That Lead to Authentication Bypass

The alg:none attack, weak secrets, JWKS spoofing, and how to validate JWTs correctly in Node and Python.

OWASP A02
nodepython jwtauthentication
vuln
Dependency Confusion and Supply Chain Attacks: Protecting Your Build Pipeline

How dependency confusion attacks work against npm and pip, and how to configure private registries to block them.

supply-chaindependencies
vuln
Insecure Deserialization: Java Gadget Chains, Python Pickle, and Safe Alternatives

How insecure deserialization leads to remote code execution in Java and Python, and the safe alternatives for each.

OWASP A08
javapython deserializationjava
guide
OWASP Top 10 2025: A Practical Developer Checklist

The updated OWASP Top 10 for 2025, with code-level examples and actionable checklists for each category.

owaspchecklist