7 articles tagged with "security"
You built an API, added authentication, and felt secure. Then a hacker changed one number in the URL and read every user's private data. IDOR is embarrassingly simple, devastatingly common, and entirely preventable — here's how.
Your API is a popular club. Rate limiting is the bouncer who keeps the chaos outside. Learn how to protect your Express server from abuse, scrapers, and the dreaded thundering herd — without turning away legit users.
You built a file download endpoint, added authentication, and shipped it. Congrats — you still got hacked. IDOR (Insecure Direct Object Reference) is the embarrassingly simple bug that's #1 in bug bounty reports and #1 in developer blind spots.
Insecure Direct Object References are stupidly simple to exploit yet responsible for massive data breaches. Here's how to find them, fix them, and never ship them again.
Your Express API is wide open and someone's already firing 10,000 requests a minute at it. Here's how to add rate limiting before your server turns into a crater.
You've heard of SQL injection and XSS, but prototype pollution? This sneaky JavaScript attack lets hackers silently corrupt your entire app by mutating Object.prototype itself — and you probably have vulnerable code in production right now. Let's fix that.
In 2021, a security researcher earned $130,000 by uploading fake packages to npm, PyPI, and RubyGems — and they executed code on machines at Apple, Microsoft, and Tesla. Your package manager might be doing the same thing to you right now.