How To Dev

Introduction In previous articles, I have guided you through various ways to enhance project security through direct implementation. Now, I will demonstrate how to perform security audits for the packages you use. This is also a critical factor because while your codebase may be secure, a library you are using could contain hidden security risks that hackers can exploit. Detail First, let us look at how to check a package for security risks. Before installing, you can visit certain websites to verify package information, such as using https://security.snyk.io . This website provides comprehensive information to assess the health of a package and supports multiple languages. NPM Next is auditing security for the packages your project is currently using. Because technology changes rapidly, a package you use today might be fine, but it could reveal security risks a few months later. Therefore, this check needs to be performed regularly depending on the scale of the product you are develop...

Introduction Cross-Site Scripting (XSS) is a security vulnerability that allows attackers to inject malicious scripts, typically JavaScript, into web pages viewed by other users. When a user's browser executes this code, attackers can steal cookies, session tokens and alter the website interface. To prevent XSS, the following primary methods are used: Validation: Accepting only desired data formats. This simple approach only addresses surface-level issues, so we focus on the methods below for better effectiveness. Sanitization: Removing or disabling dangerous HTML tags and attributes such as <script> , onerror and onclick from user input before storage or display. Using Framework Automations: React and NextJS automatically escape data in text strings by default. When rendering HTML directly via dangerouslySetInnerHTML , using a library like DOMPurify is mandatory to ensure safety. Content Security Policy (CSP): Configuring browser policies to restrict script execution s...