There are few mechinism in place to ensure the security of a web app.
| Feature | HttpOnly Cookie Flag | HSTS (HTTP Strict Transport Security) |
|---|---|---|
| What it protects | Protects the Cookie itself. | Protects the Connection. |
| Primary Goal | Prevents scripts (like JavaScript) from reading the cookie. | Forces the browser to only talk via HTTPS. |
| Prevents… | Session Hijacking via Cross-Site Scripting (XSS). | Man-in-the-Middle (MITM) and SSL Stripping. |
Web Application Firewalls (WAFs) are often the first line of defense for websites and web applications. WAFs act as gatekeepers for your web applications, inspecting full request packets
CDNs store and serve cached content from servers closer to the user to reduce latency. Imagine you have a main server housed in a central location. This main server provides information to edge servers worldwide so your customers can access data more quickly and safely. Aside from speed, CDNs also help in a security sense by acting as a buffer between the user and the origin server.
The CDN might serve a cached URL at /products, but if an attacker appends the query with a random string like /products?a=abcd, the CDN cannot serve the cached page, and the origin server is forced to respond. Similarly, changing user agents, spoofing referrer pages, or launching requests from diverse geographic regions can help attackers evade WAF filtering rules.
Last Modified: 2025-12-28 \