I recently documented best security practices for writing a web app. Since I was most of the way there for a nice tidy blog post on the topic, I’m using […]

I was working on implemented a nonce to fight CSRF requests on all our forms. The nonce worked liked you expect: by setting a cookie and then putting the same […]