Web Security

Resources

OWASP (Open Web Application Security Project) is a nonprofit foundation that works to improve the security of software. They provide a lot of security-related resources, guidelines, and tooling.

• owasp.org
• OWASP Top Ten
  • github.com/OWASP/Top10
  • cheatsheetseries.owasp.org/IndexTopTen.html
• OWASP Cheat Sheet Series
  • github.com/OWASP/CheatSheetSeries
  • HTML5 Security
  • Session Management
• OWASP ASVS (Application Security Verification Standard) provides a basis for testing web application technical security controls [owasp.org].

Further resources:

• w3.org/Security

XSS: Cross Site Scripting

• owasp.org/www-community/attacks/xss
  • cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html
  • cheatsheetseries.owasp.org/cheatsheets/DOM_based_XSS_Prevention_Cheat_Sheet.html
• developer.mozilla.org/en-US/docs/Web/API/Trusted_Types_API
  • bkardell.com/blog/blessing-strings.html

CSP: Content Security Policy

Related: permission policy

Resources:

• en.wikipedia.org/wiki/Content_Security_Policy
• developer.mozilla.org/en-US/docs/Web/HTTP/CSP
• developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
• w3.org/TR/CSP
• cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html
• csp-evaluator.withgoogle.com