- How to Secure JWT in a Single-Page Application: JWT in the cookie and we have set secure and HttpOnly as true to restrict the JavaScript access of JWT in the cookie.
- Where should you store authentication tokens?
- For client-side only apps, localStorage may actually be more secure, since it’s not vulnerable to CSRF attacks.
- If you can get and set your token with server-side code, a cookie with the httponly flag is probably be the better choice.
- Sending credentials with javascript
- What is token-based authentication?
Last active
January 24, 2022 00:36
-
-
Save Luke-SNAW/187d9a125cfd16f68143efa894e1c544 to your computer and use it in GitHub Desktop.
[Security] #collections #security
- Salted Password Hashing - Doing it Right
- The SaaS CTO Security Checklist Redux
- SAML is insecure by design
- Let’s get rid of SAML. 🗑️ Some experts seem to recommend OAuth2 or OpenID Connect:
- If a vendor is offering you SAML, ask for alternatives.
- Former Malware Distributor Kape Technologies Now Owns ExpressVPN, CyberGhost, Private Internet Access, Zenmate, and a Collection of VPN “Review” Websites
- Container security best practices: Ultimate guide
- https://news.ycombinator.com/item?id=28854478 Unfortunately, this reads like a 100 foot marketing document for Sysdig, not actual container security best practices. If you want to look at actual container security best practices, check out CIS [1] & DISA [2], and NSA [3], with some theory at NIST [4], as well as the documentation from your preferred cloud vendors, be it AWS, Azure, GCP, or other, as well as the specific container security practices.
- Minimum Viable Secure Product
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment