Skip to content
Open
Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
51 commits
Select commit Hold shift + click to select a range
13c9ac8
feat: create security csrf doc, init click hijacking
toanngocdev Dec 26, 2024
ba6fa26
feat: create security csrf doc, init dos/ddos
toanngocdev Jan 3, 2025
6d1b5d6
chore: add missing dependencies for fumadocs, zod and lucide-react (#7)
Yarnnguyen Dec 26, 2024
3c7d570
feat: Create Bun docs
teddynguyennn Dec 23, 2024
aebfa3c
feat: Create table component, write document for Bun in Package manager
teddynguyennn Dec 23, 2024
c70cde1
feat: update bun bundle and run time more detail
teddynguyennn Dec 26, 2024
f119f42
feat: add bun install step before lint
teddynguyennn Dec 26, 2024
9963f69
Add npm documentation
Simon-Vu-sudo Dec 31, 2024
fa7b83f
feat: Create document for Pnpm package manager
teddynguyennn Dec 31, 2024
a7e855f
feat: update outline for server state management doc
tienanh0026 Dec 25, 2024
931cbba
feat: add server state management doc content
tienanh0026 Dec 30, 2024
d101f55
feat: update outline for hybrid state management docs
tienanh0026 Dec 25, 2024
290b99a
feat: add design patterns documentation and update meta information
namf2001 Jan 1, 2025
eb48318
feat: add design patterns documentation and update meta information
namf2001 Jan 1, 2025
6302776
feat: create JWT docs
teddynguyennn Dec 24, 2024
879ca0c
fix_v2:update docs jwt
teddynguyennn Dec 31, 2024
6a2ea31
chore: upgrade depedencies
nhattran998 Jan 3, 2025
597c76b
fix(docs): update npm package manager content
nhattran998 Jan 3, 2025
10166ab
fix_v3:update docs jwt
teddynguyennn Jan 2, 2025
e7a14d3
fix(docs): update index key in index pages
nhattran998 Jan 3, 2025
e41bc59
fix: next app cannot build
nhattran998 Jan 4, 2025
40dffb5
cd: update deployment config
nhattran998 Jan 4, 2025
898b6ab
workflow: update github config
nhattran998 Jan 4, 2025
2461f3a
chore: upadte config
nhattran998 Jan 4, 2025
16f6de4
Release 0.0.1
nhattran998 Jan 4, 2025
98adc22
workflow: fix bun install
nhattran998 Jan 4, 2025
1adadff
workflow: fix bun install
nhattran998 Jan 4, 2025
a976ca7
workflow: fix bun install
nhattran998 Jan 4, 2025
4a30172
workflow: fix bun build
nhattran998 Jan 4, 2025
caae8fe
fix: update deployment scripts
nhattran998 Jan 4, 2025
e2c802f
fix: update scripts build docker
nhattran998 Jan 4, 2025
7e6dda0
release 0.0.5
nhattran998 Jan 4, 2025
8d0c7c2
release 0.0.6
nhattran998 Jan 5, 2025
46c85bc
fix: add missing base config in creating PR action
nhattran998 Jan 5, 2025
6fe7a16
Release 0.0.7
nhattran998 Jan 5, 2025
7bfc559
chore: revert the old auto commit bot
nhattran998 Jan 5, 2025
db9afda
Release 0.0.8
nhattran998 Jan 5, 2025
88defdc
Release 0.0.8 + update docker-compose.yml files
Jan 5, 2025
56f24f2
fix(docs): enhance Command Pattern documentation with detailed exampl…
namf2001 Jan 3, 2025
0717527
init structure document
Jan 7, 2025
4232aa5
Init structure V2
peter-nguyennn Jan 11, 2025
58c4ead
feat: Improvement Pnpm and Bun docs
teddynguyennn Jan 2, 2025
61daf2e
Update image name, fix format comment
teddynguyennn Jan 14, 2025
d7e8f51
update: bloom filter document
Jan 7, 2025
76ac22d
add: reference
Jan 7, 2025
57491cc
add: introduce problem and some solutions for common quick lookup pro…
Jan 12, 2025
28e550b
update: algorithm description
Jan 14, 2025
04a1077
add: author name
Jan 14, 2025
812045a
update: code to typescript
Jan 19, 2025
64b3eea
feat: create bundler tool items, vite doc structure
teddynguyennn Jan 20, 2025
ccc4f9b
fix: crsf comments
Feb 2, 2025
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions content/docs/techniques/web/security/click-hijacking.mdx
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
---
title: Click Hijacking
description: Display file structure in your documentation
preview: "Click Hijacking"
---

## Usage

Wrap file components in `Click Hijacking`.
99 changes: 99 additions & 0 deletions content/docs/techniques/web/security/csrf.mdx
Original file line number Diff line number Diff line change
@@ -0,0 +1,99 @@
---
title: Cross-site Request Forgery (CSRF)
description: Understand CSRF attack and how to prevent it.
preview: "CSRF"
---

## What is CSRF ?

<b>CSRF</b> is a type of web vulnerability that allows the attackers to trick user into performing
unwanted actions on a web application where they are authenticated.

The attackers can create links that resemble familiar applications, such as "faceebook.com" which kinda famillar to "facebook.com".
Clicking on these links can unknowingly send requests to the Facebook server, potentially leading to unwanted consequences for your account.

## How does CSRF work ?

For example, you have an API that lets the user change password on their account. When a user performs this action, they will make an HTTP request as shown:

```
POST /update-password HTTP/1.1
Host: facebook.com
Content-Type: application/x-www-form-urlencoded
Content-Length: 30
Cookie: session=someRandomSessionToken
password=istoleyourpassword
```

With the information shown, the attacker can create a web page for example "faceebook.com" containing the following HTML:

```
<html>
<body>
<form action="https://facebook.com/update-password" method="POST">
<input type="hidden" name="email" value="istoleyourpassword" />
</form>
<script>
document.forms[0].submit();
</script>
</body>
</html>
```

If the user visits the above web page, the action will automatically be trigger and if the user is logged in to the website, in the example is "facebook.com",
their browser will include their session cookie in the request. And the target website, which is "facebook.com" will treat the request as having been made by the victim user
and change their password
Comment thread
toanngocdev marked this conversation as resolved.

## How dangerous are CSRF attacks ?

<b>Transferring funds or Making purchases:</b>
Attackers could initiate unauthorized money transfers from your bank account or make purchases on.
your behalf from online stores.

<b>Posting unwanted content:</b>
Attackers could post messages or content on your social media accounts or other online platforms.

<b>Modifying sensitive data:</b>
Attackers could change your account settings, passwords or other personal information.
Comment thread
toanngocdev marked this conversation as resolved.

The cost can be significant depends on the attackers skills.

## How to property prevent CSRF attacks ?

There are severals methods to prevent <b>CSRF</b> attacks:

<b>Use Anti-CSRF Tokens:</b>
This is the most common and effective method to prevent a <b>CSRF</b> attack. Each form submission
includes a unique, unpredictable token that the server verifies. When a CSRF token is generated it
should be stored server-side within the user's session data. When a subsequent request is received
that requires validation, the server-side application should verify that the request includes a
token which matches the value that was stored in the user's session.

In the form on client-side should have a hidden field that holds the value of the token that generated on server-side:

```
<input type="hidden" name="csrf-token" value="aTokenThatGeneratedOnServer" />
```
Comment thread
toanngocdev marked this conversation as resolved.

<b>SameSite Cookie Attribute:</b>
This attribute helps the browser decide whether to send cookies along with cross-site requests. The
values of this attribute are `Lax`, `Strict` or `None`. The `Strict` value will prevent the cookie
from being sent by the browser to the target site in all cross-site browsing context, even when
following a regular link. This attribute should not replace a CSRF Token. It should co-exist with
the token to protect the user like a second layer of defense.
Comment thread
toanngocdev marked this conversation as resolved.

<b>Check the Origin and Referrer Headers:</b>
You need to determine the origin that request is going to/coming from. On server, you need to verify
if both of them match. If they do, so you can accept the request as ligitimate and if they don't,
you can discard the request
Comment thread
toanngocdev marked this conversation as resolved.

## If you want to dive deeper on CSRF

<b>References:</b> I gathered information for this document about CSRF on these awesome websites

[OWASP](https://owasp.org/www-community/attacks/csrf) - OWASP offical site is a really reliable
source about security. They have documents about not only <b>CSRF</b>, there have also alot of
documents related to web security in general.

[Cloudflare](https://developers.cloudflare.com/waf/troubleshooting/samesite-cookie-interaction/) -
Another reliable source about security.
Comment thread
toanngocdev marked this conversation as resolved.
9 changes: 9 additions & 0 deletions content/docs/techniques/web/security/dos-ddos.mdx
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
---
title: Denial-of-service & Distributed Denial-of-service (DOS & DDOS)
description: Understand DOS/DDOS and how to prevent it.
preview: "DOS & DDOS"
---

## Usage

Wrap file components in `DOS & DDOS`.