MITM, CSRF, and XSS: How to Prevent Famous Cyber Attacks

What every web developer should never ever miss

Photo by Nahel Abdul Hadi on Unsplash

MITM

  • Always use requests with TLS to encrypt the data and you can generate these certificates for free using Let’s Encrypt.
  • Set Set-Cookie header to have secure in order to only pass cookies while in HTTPS mode
  • Redirect all HTTP to HTTPS on the server level
  • Use HSTS by setting Strict-Transport-Securityheader to force redirecting the client to use HTTPS for all subsequent requests

CSRF

  • Set Set-Cookie header to have sameSite=lax to prevent the attacker from attaching cookies when sending requests to the server.
  • Use CSRF token middleware to generate a random token for the user session and attached to the client requests to verify these requests generated from the correct client.

XSS

--

--

Web Application Developer. Knowledge hungry always learning. Aspiring to become a Web Unicorn. Find me @abduvik on social platforms.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Abdu Tawfik

Web Application Developer. Knowledge hungry always learning. Aspiring to become a Web Unicorn. Find me @abduvik on social platforms.