Julia Evans

i'm thinking about writing a zine reference for CORS, XSS, CSP, CSRF, etc because all the acronyms feel so impossible to remember and it's so useful to know the basics

but.. what is all that stuff _called_? "web security" and "browser security" both feel way too broad. So far I've just been saying "you know, CSRF and CORS and XSS and stuff" to people

1+
Julia Evans

also I don't know what it is about CSRF and XSS and CORS and CSP etc that make it so hard to remember what they mean, I think it's partly that they all sound exactly the same. Like

- in CSRF the CS is for "cross-site"
- but in XSS "cross-site" is "XS"
- but in CSP the "CS" is for "content security"
- also in CORS the "CO" is for "cross origin" which is like cross site but a little different

1+
evilstevie
Follow

@b0rk basically a shopping-list of things which will sooner or later break PCI compliance in some headache-inducing way and cause a whole chunk of work trying to figure out what bit of the site codebase the assessor's crying about this quarter :/

· · Mastodon for Android · 0 · 0 · 1
Sign in to participate in the conversation
mastod1.ddns.net

Mastod1 be nice. (sorry, closed for new registrations after a bunch of 'commercial/spamming' accounts jumped in - rule 3 on site)

Trending now

Resources

Developers

What is Mastodon?

mastod1.ddns.net

More…

v3.5.3 · Privacy policy