Category

Web Security

Addresses secure coding practices, vulnerability assessment, encryption, and data privacy protocols.

Web SecurityMay 8, 2026

How We Detected a ReDoS Vulnerability in Our Regex Before Production Deployment

A detailed account of how load testing exposed a catastrophic backtracking flaw in our input validation logic and how we neutralized it without compromising user experience.

By Lucas Ferreira · 8 min read

Web SecurityMay 7, 2026

SameSite Cookies Explained: The First Line of Defense Against CSRF

Understanding the strict trade-offs between Lax, Strict, and None attributes to secure user sessions without breaking essential cross-site flows.

By Lucas Ferreira · 7 min read

Web SecurityMay 5, 2026

JWT vs. Session Cookies: Why Sessions Are Still Safer for Standard Web Apps

Moving away from JWTs for standard authentication reduces attack surfaces and simplifies state management.

By Lucas Ferreira · 6 min read

Web SecurityApril 28, 2026

Stopping Token Leakage with PKCE in Next.js

How we eliminated high-severity vulnerabilities by migrating to OAuth 2.0 Authorization Code Flow with PKCE.

By Lucas Ferreira · 8 min read

Web SecurityApril 21, 2026

6 Security Headers You Must Enable to Prevent XSS and Clickjacking

Forget complex WAFs for a moment; these six HTTP headers are the cheapest, most effective upgrade you can make to your stack today.

By Lucas Ferreira · 7 min read