Free Post HTTPS Still think you don't need HTTPS? Very often people tell me "we don't need HTTPS" and most of the time the justification is based on 1 of 2 arguments. It's...
Free Post HSTS Migrating from HTTP to HTTPS? Ease the pain with CSP and HSTS! The Chrome Security Team have just announced that they're removing the yellow warning triangle from pages with mixed content. From now on, these pages will show with the...
Free Post HSTS Introducing SecurityHeaders.io After looking around for a quick and easy way to analyse the HTTP response headers of websites, I regularly found myself looking in Chrome Dev Tools. This isn't...
Free Post HTTPS Make your website faster with SPDY SPDY, pronounced 'SPeeDY', is a web protocol developed by Google that is primarily aimed at reducing page load time and providing better security. With the latest stable release of nginx featuring SPDY 3.1 support, it's time for an upgrade!...
Free Post Android Trusting security in smartphone apps As users become more and more accustomed to ensuring their data is safe when using the Internet, one area that it's still incredibly difficult to ensure your own safety is when using smartphone apps. There is no address bar to check for...
Free Post DHE Perfect Forward Secrecy - An Introduction Perfect Forward Secrecy is a feature of specific key agreement protocols that gives assurances your session keys will not be compromised even if the private key of the server is compromised. By generating a unique session key for every session a user initiates, even...
Free Post cookies Web Security - The hidden dangers of hunting for a new house When looking for a new house to buy in the UK, the chances are at some point you will end up on the website of RightMove or Zoopla. With RightMove claiming they are "the UK's number one property website" and...
Free Post HSTS Issuing HSTS policy in PHP HSTS is a great way of protecting visitors to your website by ensuring their browser only uses a secure connection to communicate. If you use shared hosting and don't have access to change the header configuration, or you simply want to test...
Free Post HSTS Manually enforcing HSTS in Google Chrome HSTS Policies are usually distributed by a web server as a HTTP Response Header. Whilst some sites enforce HTTPS by issuing a redirect, many do not implement HSTS and leave the user vulnerable to a MiTM attack. HSTS Policies can be added to Google...
Free Post encryption HSTS - The missing link in Transport Layer Security HTTP Strict Transport Security (HSTS [https://scotthel.me/d8j3]) is a policy mechanism that allows a web server to enforce the use of TLS [https://scotthel.me/s8d7]in a compliant User Agent (UA), such as a web browser. HSTS allows for a more...
Follow