12May2025
I use Zip Bombs to Protect my Server
A deep dive into the technical world of zip bombs, exploring how a minuscule compressed file can be weaponized to overwhelm and crash systems by expanding to gigantic proportions.
Link List
Welcome to my link library. These are not links to content I have created unless you see that mentioned in the link’s description. These are links I found interesting enough to want to keep track of. If you read Craft Link List, the Craft CMS newsletter I used to write, this page is a replacement of sorts for that exercise. Enough talk. Let’s hit the links.
Tagged with ”security”
Reset tag search
#security
11Apr2025
craftcms/security-patches: Provides security patches for out-of-date Craft CMS installs
Provides security patches for out-of-date Craft CMS installs — craftcms/security-patches
10Nov2024
HTTP Security Headers: A complete guide to HTTP headers
HTTP Security Headers are essential to any website. Learn about the HSTS header, Content Security Policy header CSP, XSS protection, cache control, strict transport security, set-cookie header, and many more http headers in this comprehensive guide with examples and take your website security header game to the next level with Darkrelay.
30Oct2024
HTML Form Validation is heavily underused
HTML Forms have powerful validation mechanisms, but they are heavily underused. In fact, not many people even know much about them. Is this because of some flaw in their design? Let’s explore.
28Oct2024
Practical Web Cache Poisoning | PortSwigger Research
In this paper I’ll show you how to compromise websites by using esoteric web features to turn their caches into exploit delivery systems
14Oct2024
xkpasswd - a secure, memorable password generator
Password generator
14Aug2024
Frontend Security Checklist | Trevor Indrek Lasn
Tips for Keeping All Frontend Applications Secure
07May2024
Fast Website Malware Removal & Antivirus | Sucuri
A resource when you don’t have a good back up plan after a hack. A service that promised to clean malware and viruses from a website.
31Jan2024
Learn and Test DMARC
Learn and Test DMARC
31Jan2024
Learn and Test DMARC
Learn and Test DMARC
20Dec2023
Terrapin Attack
The Terrapin attack is a prefix truncation attack targeting the SSH protocol, where the integrity of SSH’s secure channel is compromised by manipulating sequence numbers during the handshake, allowing an attacker to remove messages from the secure channel without detection.
28Nov2023
OWASP Top Ten | OWASP Foundation
The OWASP Top 10 is the reference standard for the most critical web application security risks. Adopting the OWASP Top 10 is perhaps the most effective first step towards changing your software development culture focused on producing secure code.
27Nov2023
Don't allow your page to be rendered in an iframe.
A small gist with Javascript to try to prevent iframe embedding of your content.
16Nov2023
Clickjacking Defense - OWASP Cheat Sheet Series
Website with the collection of all the cheat sheets of the project.
24Jan2023
Baroshem/nuxt-security: Security Module for Nuxt based on OWASP Top 10 and Helmet
OWASP Top 10 module that adds a few security improvements in form of a customizable server middlewares to your Nuxt application. All middlewares can be modified or disabled if needed. They can also be configured to work only on certain routes. By default all middlewares are configured to work globally.