Explores the performance drawbacks of Extended Validation (EV) SSL certificates, including their lack of full OCSP stapling support.
Explains the security risks of target='_blank' links and how the 'noopener' and 'noreferrer' attributes protect against them.
Explains a specific XSS vulnerability when embedding JSON data in <script> tags and provides the solution of escaping '<' characters.
The author announces migrating their blog to HTTPS using a free Let's Encrypt certificate and requests help finding broken image links.
Explains the benefits of HTTPS and how Netlify simplifies the process of enabling it for your website with automatic certificates.
Explains Certificate Transparency for server operators, its importance for HTTPS security, and tools like crt.sh to verify certificate logs.
Mozilla introduces website assignment for Firefox Containers, allowing users to automatically open specific sites in isolated containers for enhanced privacy.
A guide to implementing Content Security Policy (CSP) headers in ASP.NET Core applications to control resource loading and enhance security.
A guide to using Let's Encrypt for free, trusted TLS certificates, including setup with Nginx and comparisons to paid alternatives.
A developer's portfolio of web development, SaaS, and security projects, including tools for email, domains, passwords, and recruiting.
Discusses the inevitability of website breaches, lists major hacks, and explains how to assess your risk and prepare for security incidents.
A developer explains their decision to join Snyk, a security tool company, to lead developer relations, emphasizing the importance of accessible security.
An overview of Let's Encrypt, a free, automated, and open Certificate Authority, covering its features, limitations, and operational model.
Explains how HSTS works with Let's Encrypt to secure websites by forcing browsers to use HTTPS, preventing man-in-the-middle attacks.
A hands-on guide to using Let's Encrypt's beta client to obtain and install a free SSL/TLS certificate on an Apache web server.
Highlights five key projects advancing security: U2F, Let's Encrypt, Rust, X25519/Ed25519, and Chromebooks.
Explains how to use Content Security Policy (CSP) HTTP headers to mitigate risks from third-party scripts on websites.
Explains how to implement Content Security Policy (CSP) in ASP.NET MVC to enhance security by controlling allowed content sources.
Explores client-side web security technologies like HPKP, CSP pinning, and HSTS that help protect against attacks by pinning trust to the browser.
A guide to enhancing ASP.NET MVC security using NWebSec NuGet packages to configure HTTP response headers and implement Content Security Policy.
