After almost five years in development, the new HTTP/3 protocol is nearing its final form. Let’s take a close look at the challenges involved in deploying and testing HTTP/3, and how and if you should change your websites and resources as well.
Read more…
The Web is still wrestling with issues we take for granted offline, privacy chief among them. These are steps The New York Times took to protect users’ data, and how you can too.
Read more…
After almost five years in development, the new HTTP/3 protocol is nearing its final form. Let’s take a close look at the performance improvements of HTTP/3, congestion control, head-of-line-blocking, and 0-RTT connection set-up.
Read more…
What exactly is HTTP/3? Why was it needed so soon after HTTP/2 (which was only finalized in 2015)? How can or should you use it? And especially, how does this improve web performance? Let’s find out.
Read more…
At the moment of adding authentication and authorization to our web applications, there are some things that we should evaluate, e.g. whether we need to create our own security platform or whether we can rely on an existing third-party service. Let’s see how we can implement authentication and authorization in Next.js apps, with Auth0.
Read more…
Reset password functionality is table stakes for any user-friendly application. It can also be a security nightmare. Using NodeJS and MySQL. Today, Darshan Somashekar demonstrates how to successfully create a secure reset password flow so you can avoid these pitfalls. Darshan will be using NodeJS and MySQL as the base components. If you’re writing using a different language, framework, or database, you can still benefit from following the general “Security Tips” outlined in each section.
Read more…
The blockchain technology is receiving a lot of attention because of its ability to enhance security in trustless environments, enforce decentralization, and make processes efficient. In this tutorial, Alfrick Opidi demonstrates how to create a simple cryptocurrency, called smashingCoin, using the concepts of JavaScript classes and Node.js. Give it a try — it’s simpler than you think!
Read more…
Now that we have a year of GDPR under our belts, and the ePR is coming soon, there’s no better time than now to review your websites. Do you know what kinds of cookies collect information from your site? And have you provided visitors with information about an option to accept those cookies? If your site is currently not in compliance, or you’re not sure if it is, read this post and start using CookiePro’s cookie consent tool to get your sites moving in the right direction.
Read more…
Exploiting a security flaw is often about getting multiple small pieces to line up. Every bit of JavaScript you add to a site is a potential way in for a hacker. This is doubly true if that JavaScript is hosted by someone else, such as on a public CDN. Subresource Integrity is a browser feature you can use to make sure that the code being used is exactly what you intended. In this article, Drew McLellan will take a look at what SRI is, how it can help protect you, and how you can start using it in your own projects, not just for files hosted on CDNs.
Read more…
The aim of Feature Policy is for us, as web developers, to be able to state our usage of a web platform feature, explicitly to the browser. By doing so, we make an agreement about our use, or non-use of this particular feature. Based on this the browser can act to block certain features, or report back to us that a feature it did not expect to see is being used. In this article, Rachel Andrew will show you how Feature Policy can help protect your site from third parties using APIs that have security and privacy implications, and also from your own team adding outdated APIs or poorly optimized images.
Read more…
