#

XSS Programming Tutorials & Engineering Articles

32 XSS tutorials, guides, and engineering insights from Cloudflare, Shopify, LinkedIn, and more

XSS Articles & Tutorials

Filter:
Cloudflare logo
Cloudflare
Beginner
Cloudflare introduces Cloudy, its first AI agent designed to simplify complex configurations in its product suite, focusing initially on enhancing security through better management of WAF Custom R...
Alex Dunbrack
7 min read
Has Summary
--
Cloudflare logo
Cloudflare
Beginner
The article introduces AI Labyrinth, a new mitigation approach by Cloudflare that utilizes AI-generated content to confuse and waste the resources of unauthorized AI crawlers and bots.
Reid Tatoris
6 min read
Has Summary
--
Palantir logo
Palantir
Intermediate
The article discusses the requirements and best practices for deploying AI in production within the insurance underwriting sector.
This article details SafetyCulture's comprehensive approach to secure string input validation in microservices, covering the four essential steps: decode, normalize/canonicalize, sanitize, and vali...
Peter Arts
23 min read
Includes Code
Has Summary
--
NVIDIA logo
NVIDIA
Intermediate
NVIDIA showcased its AI security expertise at the Black Hat USA and DEF CON conferences, focusing on the evolving landscape of AI in cybersecurity.
Cloudflare logo
Cloudflare
Advanced
The article discusses Cloudflare's innovative approach to detecting zero-day vulnerabilities in web applications before they are widely known.
Michael Tremante
15 min read
Includes Code
Has Summary
--
SafetyCulture logo
SafetyCulture
Intermediate
The article discusses the importance of input validation in application security, highlighting its role in preventing vulnerabilities such as SQL injection and Cross-Site Scripting (XSS).
Peter Arts
11 min read
Includes Code
Has Summary
--
Cloudflare logo
Cloudflare
Beginner
Cloudflare has introduced WAF Attack Score Lite and Security Analytics for Business plan customers, expanding the capabilities of their Web Application Firewall (WAF).
Radwa Radwan
6 min read
Has Summary
--
Cloudflare logo
Cloudflare
Intermediate
The article discusses enhancements to Cloudflare's Web Application Firewall (WAF) that make it smarter by introducing a machine learning-based attack scoring system.
Radwa Radwan
8 min read
Includes Code
Has Summary
--
Cloudflare logo
Cloudflare
Advanced
This article discusses how Cloudflare improved the accuracy of their machine learning-based Web Application Firewall (WAF) by addressing data challenges through data augmentation and sampling techn...
Vikram Grover
14 min read
Includes Code
Has Summary
--
Cloudflare logo
Cloudflare
Intermediate
The article discusses how Cloudflare enhances its Web Application Firewall (WAF) using machine learning to identify and mitigate threats more effectively.
Daniele Molteni
6 min read
Includes Code
Has Summary
--
Slack logo
Slack
Advanced
The article discusses how to have a successful virtual internship, particularly in a fully distributed company like Slack.
Nikita Ashok
10 min read
Has Summary
--
Meta logo
Meta
Intermediate
Pysa is an open-source static analysis tool developed by Facebook to detect and prevent security issues in Python code.
Graham Bleaney
12 min read
Includes Code
Has Summary
--
Slack logo
Slack
Intermediate
The article discusses the concept of the app sandbox, its importance in enhancing security for Electron applications, and provides a technical guide for developers.
Charlie Hess
11 min read
Includes Code
Has Summary
--
Shopify logo
Shopify
Intermediate
The article discusses the development of Shopify's Application Security Program, emphasizing the importance of trust and security in their platform.
Andrew Dunbar
7 min read
Has Summary
--
Shopify logo
Shopify
Intermediate
Shopify has announced that it has awarded over $1 million in bounties through its bug bounty programs on HackerOne, emphasizing its commitment to security.
peter yaworski
3 min read
Has Summary
--
Shopify logo
Shopify
Intermediate
The article reviews the performance and outcomes of Shopify's bug bounty program in 2017, highlighting the collaboration with researchers to enhance platform security.
peter yaworski
6 min read
Has Summary
--
Netflix logo
Netflix
Advanced
The article discusses the evolution of open source software contributions from the Netflix Cloud Security team over the past three years, highlighting 15 projects that reflect Netflix's unique cult...
Netflix Technology Blog
6 min read
Has Summary
--
Slack logo
Slack
Advanced
The article discusses the three-year anniversary of Slack's Bug Bounty program, highlighting its achievements, lessons learned, and providing guidance for security researchers.
GitHub logo
GitHub
Advanced
The article provides an in-depth look at GitHub's Bug Bounty workflow, detailing how the Application Security team manages submissions, triages vulnerabilities, and communicates with researchers.
Greg Ose
12 min read
Includes Code
Has Summary
--
LinkedIn logo
LinkedIn
Intermediate
The article discusses Same Origin Method Execution (SOME) vulnerabilities, detailing how attackers can exploit these vulnerabilities to execute JavaScript functions on behalf of users.
Nathan Walsh
6 min read
Has Summary
--
Uber logo
Uber
Intermediate
Uber Engineering's public bug bounty program, launched in March 2016, has seen significant engagement from security researchers, resulting in over 2,000 reports and the identification of numerous s...
Rob Fletcher, Collin Greene & Matthew Bryant
6 min read
Has Summary
--
GitHub logo
GitHub
Advanced
The article discusses GitHub's journey in implementing Content Security Policy (CSP) to mitigate content injection vulnerabilities such as Cross Site Scripting (XSS) and scriptless attacks.
Patrick Toomey
16 min read
Includes Code
Has Summary
--
Uber logo
Uber
Intermediate
Uber has launched a public bug bounty program to enhance its security by inviting researchers to identify vulnerabilities.
Matthew Bryant & Collin Greene
6 min read
Has Summary
--
LinkedIn logo
LinkedIn
Intermediate
The article discusses a unique UI redressing attack that exploits CSS selectors to trick users into navigating to malicious sites.
LinkedIn Engineering Team
4 min read
Has Summary
--
Netflix logo
Netflix
Intermediate
Netflix has open-sourced the Sleepy Puppy extension for Burp Suite, enhancing cross-site scripting (XSS) payload management for security assessments.
Netflix Technology Blog
4 min read
Includes Code
Has Summary
--
Netflix logo
Netflix
Intermediate
Netflix has released Sleepy Puppy, an open-source framework for managing cross-site scripting (XSS) payloads, aimed at enhancing web application security testing.
Netflix Technology Blog
6 min read
Has Summary
--
LinkedIn logo
LinkedIn
Intermediate
The article discusses a security vulnerability identified in Netty's cookie parsing code, which can lead to a universal HttpOnly bypass in the Play Framework and potentially other frameworks.
Luca Carettoni
4 min read
Includes Code
Has Summary
--
Meta logo
Meta
Intermediate
The article discusses the author's experiences in combating spam at Facebook during their first year on the Site Integrity team.
Clément Genzmer
5 min read
Has Summary
--
LinkedIn logo
LinkedIn
Intermediate
The article discusses LinkedIn's transition from server-side templates like JSPs to client-side templates using dust.
LinkedIn Engineering Team
6 min read
Has Summary
--
Shopify logo
Shopify
Intermediate
Shopify successfully upgraded to Rails 3, experiencing minor improvements in response times and benefiting from a cleaner API that facilitates faster feature development.
Shopify Engineering
8 min read
Includes Code
Has Summary
--
Meta logo
Meta
Beginner
The article discusses Facebook's significant upgrade to its photo uploader, focusing on the transition from a third-party ActiveX control to a modern, secure, and efficient uploader built with HTML...
Chris Putnam
5 min read
Has Summary
--

You've reached the end! All 32 articles loaded.