Explains why HTTPS is crucial for security, privacy, and as a tool against censorship, even for non-sensitive web traffic.
Analysis of TLS deployment on top US and global news websites, revealing widespread lack of HTTPS security and privacy protections.
The author argues that all websites should use HTTPS by default to protect user privacy and security, making HTTP unethical.
A technical guide explaining how to configure an nginx server to achieve an A+ rating on the Qualys SSL Labs security test.
A guide to securing ASP.NET websites against common vulnerabilities like CSRF and XSS, covering code, configuration, and testing best practices.
Explains how to process Content Security Policy violation reports with a practical PHP script example.
The author explains their motivation for adding SSL to their website: to become a Persona identity provider, discussing centralized online identity solutions.
A developer explains the importance of HTTPS for privacy and security, detailing the process and reasons for finally enabling it on their personal blog.
Explains how attackers can misuse the HTML5 Fullscreen API to create convincing phishing pages that mimic trusted websites like banks.
A guide to using Fluent Security for maintainable, testable authorization in ASP.NET MVC 3 web applications, moving away from attribute-based security.
Security flaw exposes database passwords on 1% of CMS sites due to text editor backup files being publicly accessible.
A critique of CAPTCHAs, arguing they are insecure, inaccessible, and shift the burden of spam prevention onto users instead of site owners.
Explains ASP.NET 2.0's Event Validation security feature, a common error it causes, and provides a recommended code fix.
A developer creates an Apache module, mod_defensible, to block comment spam using DNSBL servers, reducing server load.
