A friend recently mentioned that he was caught by surprise when he was asked to explain CORS in a job interview. As a web developer, you come across so many acronyms on a daily basis that it can be challenging to keep up. However, not all acronyms are created equal. Here is a list of security related acronyms that a web developer should definitely know:

• CSRF – “Why your form doesn’t work.”
• HTTPS – “It gives you the little padlock icon.”
• XSS – “What happens when you don’t escape all the things.”
• SOP – “Why your AJAX doesn’t work.”
• CORS – “How you get your AJAX to work.”
• HSTS – “How you force the padlock.”

What does it mean to know an acronym? Well, just being able to spell it out or providing a tongue-in-cheek definition probably won’t cut it.

You don’t have to be able to cite the relevant RFC (oh, look, another acronym), but you should be able to explain the concept to a junior developer and not break out in a sweat when asked about it in a job interview.

I’ve written a series of posts to give you an idea what each of these acronyms means and how they apply to Django:

• CSRF
• XSS
• CORS & SOP
• HTTPS, HSTS & HPKP