Simplified CSRF Protection Without Tokens or Hidden Form Fields for Web Frameworks
A couple of months ago, I received a request from a random Internet user to add CSRF protection to my little web framework Microdot, and I thought it was a fantastic idea.When I set off to do this…
Read the full articleYou might also wanna read
Authentication token storage in modern web apps: A security-focused analysis of localStorage, cookies, and in-memory approaches
Where should your auth token live so an XSS bug can't steal it? Here's how to build auth that survives the crazy non-secure world we live in
Authentication token storage in modern web apps: A security-focused analysis of localStorage, cookies, and in-memory approaches
Where should your auth token live so an XSS bug can't steal it? Here's how to build auth that survives the crazy non-secure world we live in

Preventing server-side request forgery in Node.js applications
This article will explore SSRF, its potential risks, and the strategies to mitigate SSRF in Node.js applications.
CVE-2026-61502: Cross-Site Request Forgery (CSRF) in rejetto hfs
Rejetto HFS versions 3.0.0 through 3.2.0 are vulnerable to a Cross-Site Request Forgery (CSRF) attack due to accepting state-changing API re
CVE-2026-57786: Cross-Site Request Forgery (CSRF) in purethemes WorkScout-Core
Cross-Site Request Forgery (CSRF) vulnerability in purethemes WorkScout-Core workscout-core allows Authentication Bypass.This issue affects
Developer Discovers Cookie-Based Auth Breaks When Building Mobile App for Web Project
A developer building StashD, a link-organizing app using Next.js and Flask, chose httpOnly cookies for authentication, believing it to be a
Comprehensive Guide to SSRF Testing: From URL Parameters to Cloud Metadata Exploitation
The Ultimate SSRF Testing Bible: How Hackers Pivot from URL Parameters to Cloud Metadata in 2026 + Video - "Undercode Testing": Monitor hack
undercodetesting.com·1mo ago
Comments
Sign in to join the conversation.
No comments yet. Be the first.