A concise blog.

The title pretty much sums it up:  docker scan imagename:tag e.g. docker scan node:12.15.0-alpine is a new command that can be used to scan for container vulnerabilities in Docker Desktop. Here's a blog post:  https://www.docker.com/blog/secure-from-the-start-shift-vulnerability-scanning-left-in-docker-desktop/ . . . and the docs: https://docs.docker.com/engine/scan/ Here are two examples, where node:12.15.0-alpine has vulnerabilities that node:14.15.0-alpine3.11 does not. 

I recently read an article from JavaScript Weekly (part of the  Cooper Press  series I subscribe to), and it included a good rundown on clickjacking attacks: https://auth0.com/blog/preventing-clickjacking-attacks/ It's a good article and worth reading.  Here's a summary. What clickjacking attacks are Malicious sites put hidden iframes over a decoy site.  When a user tries to click on something on the decoy site, he or she actually clicks on something in the hidden iframe.  The assumption is that the action taken by the hidden iframe is malicious. How to prevent them Front end There are some workarounds, but these are mostly ineffective. Back end Note: if you're using Node.js and Express, the helmet  library does 1 and 2 by default. If both  X-Frame-Options  and  Content-Security-Policy  are set,  the CSP setting prevails . Set the X-Frame-Options header to SAMEORIGIN (helmet's default) or DENY.  This is a widely-recognized sta...