Session management

Session management is an integral part of today's web applications. You receive limited support from the HTTP protocol and have to handle most of this yourself. No wonder session management vulnerabilities consistently make

360 view of XSS from the trenches

When a software developer first gets exposed to web security, he will inevitably memorize his first acronym: XSS! It stands for “cross site scripting”, and it is one of the oldest vulnerabilities around.


Back in the 90s, someone wanted to store information on the clients, only it was not possible yet. Luckily the Netscape team quickly came to the rescue and implemented cookies. This was a

Same-origin policy

When your browser opens a web page, it enforces various security rules. The most important one is the same-origin policy. It defines access rules for dynamic scripts and is considered to be the

Open your browser

Today we live the era of the web and your browser is an integral part of it. As a developer, it is essential to know how stuff works to some degree, and understand