blog

Content Security Policy

Content Security Policy (CSP) is a new(ish) technology put together by Mozilla that Web apps can use as an additional layer of protection against Cross-Site Scripting (XSS). This protection against XSS is the primary goal of CSP technology.

blog

X-Frame-Options

X-Frame-Options allows an application to specify whether or not specific pages of the site can be framed. This is meant to help prevent the clickjacking problem.

blog

Session Cookie Secure Flag Java

These cookies hold the reference to the session identifier for a given user, and the same identifier − along with any session-scoped data related to that session id − is maintained server-side.

blog

Error Handling in Java web.xml

Error or exception handling is an important, but often ignored, part of any application. And although there’s a lot to be said on the topic I’m going to cover only a few of the most critical cases in J2EE Web applications.