#
XSS Programming Tutorials & Engineering Articles
32 XSS tutorials, guides, and engineering insights from Cloudflare, Shopify, LinkedIn, and more
Companies Using This
XSS Articles & Tutorials
Filter:
Cloudflare introduces Cloudy, its first AI agent designed to simplify complex configurations in its product suite, focusing initially on enhancing security through better management of WAF Custom R...
Alex Dunbrack
7 min read
Has Summary
--
The article introduces AI Labyrinth, a new mitigation approach by Cloudflare that utilizes AI-generated content to confuse and waste the resources of unauthorized AI crawlers and bots.
Reid Tatoris
6 min read
Has Summary
--
The article discusses the requirements and best practices for deploying AI in production within the insurance underwriting sector.
Palantir
21 min read
Has Summary
--
This article details SafetyCulture's comprehensive approach to secure string input validation in microservices, covering the four essential steps: decode, normalize/canonicalize, sanitize, and vali...
NVIDIA showcased its AI security expertise at the Black Hat USA and DEF CON conferences, focusing on the evolving landscape of AI in cybersecurity.
Becca Lynch
8 min read
Has Summary
--
The article discusses Cloudflare's innovative approach to detecting zero-day vulnerabilities in web applications before they are widely known.
Michael Tremante
15 min read
Includes Code
Has Summary
--
The article discusses the importance of input validation in application security, highlighting its role in preventing vulnerabilities such as SQL injection and Cross-Site Scripting (XSS).
Cloudflare has introduced WAF Attack Score Lite and Security Analytics for Business plan customers, expanding the capabilities of their Web Application Firewall (WAF).
The article discusses enhancements to Cloudflare's Web Application Firewall (WAF) that make it smarter by introducing a machine learning-based attack scoring system.
Radwa Radwan
8 min read
Includes Code
Has Summary
--
This article discusses how Cloudflare improved the accuracy of their machine learning-based Web Application Firewall (WAF) by addressing data challenges through data augmentation and sampling techn...
Vikram Grover
14 min read
Includes Code
Has Summary
--
The article discusses how Cloudflare enhances its Web Application Firewall (WAF) using machine learning to identify and mitigate threats more effectively.
Daniele Molteni
6 min read
Includes Code
Has Summary
--
The article discusses how to have a successful virtual internship, particularly in a fully distributed company like Slack.
Nikita Ashok
10 min read
Has Summary
--
Pysa is an open-source static analysis tool developed by Facebook to detect and prevent security issues in Python code.
The article discusses the concept of the app sandbox, its importance in enhancing security for Electron applications, and provides a technical guide for developers.
Charlie Hess
11 min read
Includes Code
Has Summary
--
The article discusses the development of Shopify's Application Security Program, emphasizing the importance of trust and security in their platform.
Shopify has announced that it has awarded over $1 million in bounties through its bug bounty programs on HackerOne, emphasizing its commitment to security.
peter yaworski
3 min read
Has Summary
--
The article reviews the performance and outcomes of Shopify's bug bounty program in 2017, highlighting the collaboration with researchers to enhance platform security.
peter yaworski
6 min read
Has Summary
--
The article discusses the evolution of open source software contributions from the Netflix Cloud Security team over the past three years, highlighting 15 projects that reflect Netflix's unique cult...
Netflix Technology Blog
6 min read
Has Summary
--
The article discusses the three-year anniversary of Slack's Bug Bounty program, highlighting its achievements, lessons learned, and providing guidance for security researchers.
Max Feldman
11 min read
Has Summary
--
The article provides an in-depth look at GitHub's Bug Bounty workflow, detailing how the Application Security team manages submissions, triages vulnerabilities, and communicates with researchers.
Greg Ose
12 min read
Includes Code
Has Summary
--
The article discusses Same Origin Method Execution (SOME) vulnerabilities, detailing how attackers can exploit these vulnerabilities to execute JavaScript functions on behalf of users.
Uber Engineering's public bug bounty program, launched in March 2016, has seen significant engagement from security researchers, resulting in over 2,000 reports and the identification of numerous s...
The article discusses GitHub's journey in implementing Content Security Policy (CSP) to mitigate content injection vulnerabilities such as Cross Site Scripting (XSS) and scriptless attacks.
Patrick Toomey
16 min read
Includes Code
Has Summary
--
Uber has launched a public bug bounty program to enhance its security by inviting researchers to identify vulnerabilities.
The article discusses a unique UI redressing attack that exploits CSS selectors to trick users into navigating to malicious sites.
Netflix has open-sourced the Sleepy Puppy extension for Burp Suite, enhancing cross-site scripting (XSS) payload management for security assessments.
Netflix has released Sleepy Puppy, an open-source framework for managing cross-site scripting (XSS) payloads, aimed at enhancing web application security testing.
Netflix Technology Blog
6 min read
Has Summary
--
The article discusses a security vulnerability identified in Netty's cookie parsing code, which can lead to a universal HttpOnly bypass in the Play Framework and potentially other frameworks.
The article discusses the author's experiences in combating spam at Facebook during their first year on the Site Integrity team.
Clément Genzmer
5 min read
Has Summary
--
The article discusses LinkedIn's transition from server-side templates like JSPs to client-side templates using dust.
Shopify successfully upgraded to Rails 3, experiencing minor improvements in response times and benefiting from a cleaner API that facilitates faster feature development.
The article discusses Facebook's significant upgrade to its photo uploader, focusing on the transition from a third-party ActiveX control to a modern, secure, and efficient uploader built with HTML...
Chris Putnam
5 min read
Has Summary
--
You've reached the end! All 32 articles loaded.