Retrieving parameters from the user and later displaying them on the website always carries risk of XSS attack. But can you perform such attack without using the HTML tag?

The functionality of file upload is a key place where we should pay special attention to. If the attacker successfully sends and executes a malicious file, the whole server may be taken over.

Executing system commands on the programming language level sounds like asking for trouble. But how to do it right and safe?

Every service that has a login mechanism should also have the option to reset the password. But how to do it right?

A popular opinion says to not use the pickle class on a data given by user because on deserialization it may lead to the object injection attack and malicious code execution.

We'll talk about template engines. This time we'll use Python as an example and Flask framework, in which we will use Jinja2.

Today we are going to see that the platform on which we run our programs makes a difference and we'll use PHP for this purpose.

This time, unusually - we are not going to look at a specific programming language but a Linux function - unzip - that is for extracting files.