May 18, 2018

Have you heard of the Content Security Policy (CSP) “frame-ancestors” directive? It is a newer alternative to the X-Frame-Options header which offers better control and broad but not universal browser support. First a bit of history.

The directive was originally propose...

October 25, 2012

This is the second post in our Building Secure Web Apps series.

Traditional single-cookie session management leaves Web applications vulnerable to Cross-Site Request Forgery (CSRF) attacks. CSRF attacks exploit the fact that browsers will send associated cookies with an...

October 1, 2012

Why use JSLint?

JSlint is a Javascript parser and code quality checker. It was created by Douglas Crockford, who also created the official JSON data standard.

It will warn us if we use features of Javascript which are problematic, and if the variabl...

Please reload

Featured Posts

I'm busy working on my blog posts. Watch this space!

Please reload

Recent Posts

April 30, 2015

April 10, 2015

Please reload