Tag: security

A deep dive into why eval and its cousins (new Function, setTimeout(string)) are dangerous, illustrated with real-world-style examples and concrete mitigations for web and Node.js applications.

A practical, in-depth guide to WebAuthn (FIDO2) - how it works, why it’s more secure than passwords, and step-by-step implementation guidance with code samples for registration and authentication.

Learn how the Permissions API helps you query and monitor permission states, implement respectful UX patterns, and build privacy-aware web apps. Includes practical code examples and real-world scenarios.

Learn what a Portal API is, why it matters, how it fits between frontend and backend, and practical patterns and implementations (REST, GraphQL, gRPC-web, WebSockets) with code examples and best practices for building robust, secure, and performant APIs.

Learn how a Generic Sensor API streamlines IoT device communication - unifying diverse sensors, easing integration, improving security, and enabling scalable edge-to-cloud deployments with practical designs, protocols, and examples.

Learn what WebAuthn is, how it replaces passwords with public-key cryptography, and get a practical step-by-step tutorial to add passwordless (or multi-factor) authentication to a simple web app using the Web Authentication API and Node.js.

Explore how the Function constructor (new Function) lets you create JavaScript functions at runtime. Learn syntax, practical use cases, scope implications, performance and security trade-offs, and safer patterns for dynamic code generation.

An in-depth guide for JavaScript developers on how evolving security and privacy regulations shape web development practices. Covers key regulations, practical technical controls, supply-chain concerns, and a developer-focused checklist to help teams achieve compliance without sacrificing agility.