- use bcrypt. see rationale here.
- scrypt is recommended by some as an upgrade over bcrypt, though there are sceptics.
Web application security
- “The Web Application Hacker’s Handbook” [pdf]
- The Tangled Web
- Attacking Private Networks from the Internet with DNS Rebinding
- mkcert – “A simple zero-config tool to make locally trusted development certificates with any names you’d like.”
A New Era of SSRF Exploiting URL Parser in Trending Programming Languages! (PDF) from blackhat 2017.