#Web Security

2 posts in this category.

Web Security6 min read

Bypassing Content-Security-Policy in the Real World

A field guide to CSP gadgets, nonce reuse, and JSONP endpoints that quietly defeat your strongest header.

Jun 05, 2026

Web Security5 min read

DOM Clobbering in 2026: Still Underrated

How attacker-controlled markup hijacks JavaScript globals and the sanitizer gaps that let it through.

Mar 22, 2026