Security Tools & Guides
Free, in-depth security references for developers building secure web applications and AI-powered systems.
XSS Prevention Cheat Sheet
Complete guide to preventing Cross-Site Scripting attacks. Types of XSS, OWASP prevention rules, output encoding by context (HTML, JS, URL, CSS), Content Security Policy as a defense layer, and framework-specific protections for React, Vue, and Angular.
SQL Injection Prevention Guide
Prevent SQL injection with parameterized queries and ORM best practices. Code examples for Node.js, Python, PHP, and Java. Common injection patterns, second-order injection, WAF rules, and the least privilege principle for database accounts.
Content Security Policy (CSP) Generator
Every CSP directive explained with recommended values. Common policy configurations, nonce-based CSP for strict XSS prevention, strict-dynamic for complex applications, and violation reporting setup for production monitoring.
HTTP Security Headers Reference
Configure HSTS, X-Content-Type-Options, X-Frame-Options, Referrer-Policy, Permissions-Policy, and cross-origin headers. Complete Nginx and Apache configuration examples with common misconfiguration warnings.
Prompt Injection Attack Examples
Taxonomy of prompt injection techniques: direct injection, indirect injection, role-play jailbreaks (DAN), data exfiltration, encoding attacks, and multi-turn escalation. Defense strategies for each attack category with real-world examples.