"your bitwarden vault contains (hopefully) all of your passwords and other sensitive data, so it would be good to have a backup of it in case something goes wrong..."

"it used to be so easy. never, ever open a doc of an xls file from someone you don’t know. ah well, those simple, early days of phishing are long gone. mind you, people still fall for those attacks, but now phishing attacks have a new, novel way of getting on your pcs. perception point’s incident response team has discovered a new way to phish using html files to conceal malicious scripts..."

"over a hundred certificate authorities (cas) have the power to issue certificates which vouch for the identity of your website. certificate authority authorization (caa) is a way for you to restrict issuance to the cas you actually use so you can reduce your risk from security vulnerabilities in all the others. setting up caa is an easy way to improve your website's security..."

"a web application frontend often performs requests to a backend api. even though this api is only supposed to be used by the frontend, it is usually also accessible with a browser. an attacker can use this to exploit vulnerabilities..."

"forgetting or misusing the cache-control header may negatively impact the security of your website and your users' privacy..."

"when you care about providing great authentication experiences, like us (the few, the proud), there is nothing better than this chart - undeniable proof that our users are successfully logging in. and, more importantly, getting access to the features or data which that login process protects. that’s what most users are looking for, after all..."

"php configurations are set in php.ini files. depending on how php is configured or used, the loaded ini files are different. for instance, running php-cli and running a php web app won’t make use of the same. the way how the directives in php.ini can be set is ruled by different modes..."

"security is as important as the website’s content and seo, and thousands of websites are hacked because of misconfiguration or lack of security. if you are a website owner or security engineer looking to protect your website from attacks by clickjacking, code injection, mime types, cross site scripting, cookie hijacking etc. then this article will help you in a great way..."

"offensive security drives defensive security. we're sharing a collection of saas attack techniques to help defenders understand the threats they face..."

"this is a comprehensive guide to content security policy (csp). if you build websites for a living, csp is an important concept to know, understand, and implement to protect your users from cross-site scripting (xss) injection attacks. this post covers (almost) everything you need to know about csp..."