ZeriFlow Journal

Security guides your team can ship this week

Actionable articles on TLS, headers, CSP, privacy, and practical hardening for modern web apps.

Tags

All #agencies #agency #alerting #alternatives #api-keys #api-security #api-automation #application-security #audit #automated-security #bfg-repo-cleaner #branch-protection #browser-security #check-security-headers #check-ssl-online #ci-cd-security-tools #ci-cd #clickjacking-protection #client-reports #cloud-security #code-scanning #code-security #comparison #compliance #content-security-policy #cookies #cors #cors-configuration #cron #csp #csp-directives #csp-header #csrf #cve #dangling-dns #database-security #dependabot #dependency-security #dependency-scanning #detectify-alternative #detectify-free-alternative #detectify-pricing-alternative #developer-security #developer-experience #developer-tools #devops #devops-security #devsecops #devsecops-tools #discord-webhook #dkim #dmarc #dns #dns-security #dnssec #ecommerce-security #ecommerce-site-security-checklist #email #email-authentication #email-security #express #frame-ancestors-csp #free-security-scan #free-ssl-check #free-website-security-scanner #freelance-security-audit #gdpr #git-security #gitguardian-alternative #github #github-actions #github-actions-security-tools #github-security #google-analytics #hardcoded-api-keys #hardcoded-secrets #headers #hsts #hsts-preload #http-headers-scanner-comparison #http-security-headers #http-strict-transport-security #httponly #https-configuration #improve-security #javascript-security #monitoring #mozilla-observatory-alternative #mozilla-observatory-tool #next-js #nextjs #next-js-security-tools #next-js-vulnerability-scanner #nextjs-app-router #nextjs-security-audit #nodejs #npm-audit #npm-cve #npm-vulnerabilities #npm-security #observatory-scanner #online-store-security #open-source #orm-security #owasp #owasp-2026 #owasp-top-10 #package-audit #parameterized-queries #payment-security #pci-dss #penetration-testing #pentest #permissions-policy #phishing-prevention #pipeline-security-scanner #pre-launch-security #preflight #prevent-clickjacking #privacy #pull-requests #rate-limiting #react #readme #redis #referrer-policy #repository-scanning #rest-api #saas-security-checklist #saas-security-tools #saas-security #samesite #sast-tools #secret-scanning #secrets-detection #secure-next-js-application #security-as-a-service-agency #security-audit #security-checklist #security-for-saas #security-headers #security-headers-checker-tool #security-headers-list #security-scan-tool #security-score #security-alerts #security-automation #security-badge #security-benchmark #security-gate #security-misconfiguration #security-monitoring #security-pipeline #security-reporting #security-scanner #security-scanning #securityheaders-com-alternative #server-security #session-security #shift-left-security #shift-left #shopify-security #slack-integration #snyk #spf #sql-injection #ssl-certificate-check #ssl-certificate-checker #ssl-check #ssl-checker-tool #ssl-security #startup-security-tools #startup-security #static-analysis #stripe #subdomain-takeover #supply-chain-security #supply-chain #tls #tls-1-3 #tls-best-practices #tls-check-tool #tls-configuration #trufflehog #upsell-security-clients #vulnerability-assessment #vulnerability-detection #vulnerability-scanner #vulnerability-scan #web-agency-security-service #web-app-security #web-application-vulnerabilities #web-security #web-security-scanner #web-security-checklist #website-scanner-like-detectify #website-security #website-security-check-alternative #website-security-checklist #website-security-scanner #website-security-score #website-vulnerability-scanner #website-audit #website-monitoring #white-label #white-label-security #wordpress #x-frame-options #xss #xss-protection #xss-prevention

Devops Security

How to Implement Rate Limiting in Node.js (API Protection Guide)

Apr 8, 2026·12 min

An API without rate limiting is an open invitation for abuse — credential stuffing, scraping, denial of service, and exhausting your database connection pool. This guide covers every practical aspect of implementing rate limiting in Node.js, from a five-line express-rate-limit setup to production-grade Redis-backed distributed limiting.

#nodejs#rate-limiting#express

Read article

Web Security

How to Configure CORS Correctly in Node.js (Stop Using *)

Mar 27, 2026·10 min

Using a wildcard CORS policy is one of the most common security mistakes in Node.js APIs. This guide explains what CORS actually does, why * is dangerous when paired with credentials, and how to configure a secure origin allowlist.

#cors#nodejs#express

Read article