Using the operating system environment variable to avoid injecting Cypress variable into the browser.
How to almost test Content-Security-Policy violations in your site using Cypress
How to pass passwords and tokens during Cypress tests to avoid accidentally revealing them in screenshots, videos and logs
Notes on small, simple off the shelf login solution for SPA and server.
How to use hashes for CDN resources.
Node.js is really really really susceptible to code injection attacks.
Generating JavaScript configurtion snippets from templates to be used with the Content-Security-Policy and disabled inline scripts.
Use JS to JS template engine in Express to ban all inlined JavaScript.
Using and observing ExpressJS sessions from the client code.
Compromise functions private to closures via partially applied references.