<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Web Security on Vivian's Blog</title><link>https://vvnblog.com/tags/web-security/</link><description>Recent content in Web Security on Vivian's Blog</description><generator>Hugo -- gohugo.io</generator><language>zh-tw</language><copyright>Copyright © 2026 Vivian All Rights Reserved.</copyright><lastBuildDate>Fri, 19 Jul 2024 00:00:00 +0000</lastBuildDate><atom:link href="https://vvnblog.com/tags/web-security/index.xml" rel="self" type="application/rss+xml"/><item><title>基礎滲透 GraphQL 架構</title><link>https://vvnblog.com/posts/graphql-leak-info/</link><pubDate>Fri, 19 Jul 2024 00:00:00 +0000</pubDate><guid>https://vvnblog.com/posts/graphql-leak-info/</guid><description>一個沒關掉的 Introspection Query，就讓我列舉出整個 GraphQL schema。從實戰案例看這個常見卻致命的設定疏失。</description></item><item><title>Secure、HttpOnly、SameSite:守護 Cookie 的御三家屬性</title><link>https://vvnblog.com/posts/cookie/</link><pubDate>Thu, 23 May 2024 00:00:00 +0000</pubDate><guid>https://vvnblog.com/posts/cookie/</guid><description>一個沒設好的 Cookie，足以讓攻擊者偽裝成你。認識 Secure、HttpOnly、SameSite 這三道防線，以及怎麼開啟它們。</description></item><item><title>JWT 運作原理</title><link>https://vvnblog.com/posts/jwt/</link><pubDate>Thu, 11 Apr 2024 00:00:00 +0000</pubDate><guid>https://vvnblog.com/posts/jwt/</guid><description>一組用點號分隔的字串，如何撐起現代網站的登入驗證？拆解 JWT 的三段結構，以及用它時最容易踩的雷。</description></item></channel></rss>