Devoping 3: Frontend and API This is not intended to be a guide. I’m sure that everything explained here can be done in a better/easier/more efficient way. Here, I will explain the whole learni...

DevOping - 2: Unit Testing and GitHub Actions This is not intended to be a guide. I’m sure that everything explained here can be done in a better/easier/more efficient way. Here, I will explain...

DevOping - 1: Introduction & Database This is not intended to be a guide. I’m sure that there are simpler, and more efficient approaches to everything detailed here. HThe intention is to ex...

JWT Attacks JWT or JSON Web Tokens is a standard way to send information in JSON format within the HTTP requests. Data is crypotgraphically signed and it is normally used for session handling, a...

JavaScript prototypes and inheritance JavaScript is a language model that uses prototypal inheritance. A JavaScritp object is a collection of key:value pairs (or properties). These properties ca...

HTTP Request Smuggling This vulnerability occurs when HTTP Request are processed by more than one server (like a load balancer or proxy (frontend) and then the web server (backend)). The first se...

Usually, when testing for XSS, people use the alert() function to pop up an alert and prove the execution of code. However, Chrome 92 has disabled this function from cross-domain iframes (also u...

WebSockets is a communication protocol that provides full-duplex communication channels over a single, long-lived connection. It is designed to work over the same ports as HTTP and HTTPS (ports 80 ...

Clickjacking is a type of attack where a malicious website tricks a user into clicking something different from what the user perceives. The attacker overlays or hides the actual elements of a we...

The CSRF vulnerability occurs when an attacker tricks a user’s browser into making an unintended request on a website where the user is authenticated. This can lead to actions being performed on be...