Protection

Web application security is not only about eliminating vulnerabilities in the code and guarding against attacks. The way an application is deployed and configured is also critical for security, especially as misconfigurations can expose an otherwise secure application to attacks. By knowing and correctly applying web security mechanisms available in web browsers, web servers, and web development languages, you can protect your applications against entire classes of vulnerabilities.

Here are the most important web protection mechanisms at a glance – see the full index for more:

Same-origin policy (SOP)

The same-origin policy (SOP) is a web security mechanism built into web browsers that influences how websites can access one another.

HTTP Strict Transport Security (HSTS)

HTTP Strict Transport Security (HSTS) is a mechanism that lets you make sure your website or web application is only accessed using secure HTTPS (SSL/TLS) connections.

Cookie security flags

The HTTP protocol specification contains flags that developers can use to improve cookie security, including the Secure, HttpOnly, and SameSite attributes.