Web Security How to protect your cookie from getting accessed by malicious client scripts using HttpOnly A cookie can be accessed through javascript if it does not have the HttpOnly header set. An attacker who managed to perform XSS or run a client-side script is able
Web Security How to implement and test your Content Security Policy (CSP) Never let browser blindly trust any source of the content received from the server. Allowing all data sources by a web application can lead to execution of malicious scripts. Hence
