Web Security

Web Application Security: CSRF and XSS Prevention

1 May 2023·Updated: 21 December 2025·6553 words·31 mins· loading · loading

This article explores the prevention techniques for Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) attacks in web applications, providing real-world examples, and includes code samples in various web programming languages.

Advanced Web Application Attacks: CSRF and XXE

31 March 2023·Updated: 20 December 2025·1653 words·8 mins· loading · loading

Blue Team

This article explores the advanced web application attacks of CSRF and XXE, including real-world examples, traffic samples, and mitigation techniques for red teamers and pen testers. These vulnerabilities are often overlooked but are critical in enterprise applications.

Rails for Red Teamers: Building and Breaking the Web

16 March 2023·Updated: 2 February 2026·727 words·4 mins· loading · loading

Programming

A comprehensive deep-dive into Ruby on Rails from a security professional’s perspective. Learn the “convention over configuration” philosophy, master strong parameters to prevent mass assignment, and discover how to find and exploit deserialization vulnerabilities, insecure routes, and hidden secrets in Rails applications.

The Browser is Your Battlefield: Advanced XSS for Red Team Operators

28 February 2023·Updated: 2 February 2026·710 words·4 mins· loading · loading

Red Team

A comprehensive deep-dive into Cross-Site Scripting (XSS) from an offensive perspective. Learn to move beyond simple alert boxes to cookie theft, weaponized BeEF hooks, Blind XSS, and bypassing modern WAFs and CSPs.

↑