Cross-site request forgery (CSRF) is a security risk where an attacker tricks a visitor into making a malicious request to your site from another, entirely unrelated site in their control. This particular vulnerability seemingly disappeared from most teams’ radars a few years ago but is beginning to reappear in the wild.

Any application aimed at presenting users with a premium, seamless UX must take account of the times when user authentication fails. What happens when a user forgets their password? What can we do to confirm sensitive operations using email or other out-of-band communication? How can we make an application easy to use while also keeping […]