How to verify Content-Security-Policy (CSP) stops cross-site-scripting (XSS) attacks.
Using the operating system environment variable to avoid injecting Cypress variable into the browser.
How to almost test Content-Security-Policy violations in your site using Cypress
How to pass passwords and tokens during Cypress tests to avoid accidentally revealing them in screenshots, videos and logs
Notes on small, simple off the shelf login solution for SPA and server.
How to use hashes for CDN resources.
Node.js is really really really susceptible to code injection attacks.
Using and observing ExpressJS sessions from the client code.
Compromise functions private to closures via partially applied references.