
Holes in the Safety Net: Bypassing SSRF Protection in safe-axios
Analyzing a vulnerability in safe-axios, an npm package designed to safeguard applications from SSRF attacks.
-->
Analyzing a vulnerability in safe-axios, an npm package designed to safeguard applications from SSRF attacks.
What if I told you that parsing URLs from user input, especially from Markdown content, can be a security risk? Here is how URL parsing logic an be bypassed and what you need to know to handle it in a secure way.
If you are doing security research or just curious about finding npm vulnerabilities, let me share some resources to help you stay up-to-date with the latest security CVEs in the JavaScript ecosystem.
Learn how to use JSON Web Tokens (JWT) securely in your Node.js applications. I'll cover the basics of JWT and share best practices to avoid common security mistakes.
Half a dozen secure code review comments and none of them mentioned the potential security vulnerability that exists in the code snippet. Let's dive into a Node.js secure code review and see if you can spot the security bug you totally missed.
Even if you follow security best practices and choose bcrypt for password hashing you can still get it wrong. How does Bun handle it in a more secure fashion? What happened with the Okta bcrypt incident? Lets dive in.