This report covers: the security practices for each of the two different core projects, both Angular and React, the state of security of each of the two different module ecosystems, based on an in-depth look at the vulnerabilities contained in each of the ecosystems, the security practices for other common JavaScript frontend framework alternatives such as Vue. (more available)

Ever wondered how JWT came to be and what problems it was designed to tackle? Are you curious about the plethora of algorithms available for signing and encrypting JWTs? (more available)

This monthly report details Application Security obvservations from March 2018.

Network-Attached Storage (NAS) devices are a popular way for people to store and share their photos, videos and documents. Securing these devices is essential as they can contain sensitive information and are often exposed to the Internet. (more available)

This book aims to be an accessible starting point for everyone that is starting to work with authentication. In this book, you’ll find a concise review of all the key protocols, formats, concepts and terminology that you’ll likely come across when implementing authentication. (more available)

This whitepaper formalizes a class of attacks called Cross-Protocol Request Forgery (CPRF) which enables non-HTTP listeners to be exploited through Cross-Site Request Forgery (CSRF) and Server-Side Request Forgery (SSRF). (more available)

This is an annual report that provides an inside look into the economics and emerging trends of bug bounties, with data collected from Bugcrowd’s platform and other sources throughout 2016. (more available)

This report mines that data and details to provide an inside look to the economics and emerging trends of managed bug bounty programs. (more available)