-
TLS in HTTP/2
I came across this blog post on Hacker News this morning. I thought it was a great blog post so I figured I would share it. Here there is a group of people that were trying to weaken the HTTP2 standard by not requiring TLS encryption in the standard as originally proposed and Google and…
-
Clover and Wikitree
Good news this week. Our purchase of Clover was approved and we will have our license keys in a matter of days. As of tomorrow it is going into our build and Cobertura is getting ripped out. You may recall I previously wrote about my issues with Cobertura. One problem was the latest version at…
-
Iron-Clad Java
I am currently reading Iron-Clad Java: Building Secure Web Applications by Jim Manico and August Detlefsen. This book basically takes you from zero to doing a decent job of locking down your webapp. It starts with security basics and then covers authentication and session management, and then access control, followed by Cross-Site Scripting Defense, then…
-
Speaking of security…
Today I came across the following news. The Chrome security team is considering marking all non-HTTPS sites as insecure (since they are.) Check out the story here. What this means is that if you don’t setup SSL on your site you are likely to lose users who are going to fear if your site is safe to…
-
Security is about tradeoffs
When I was working on this site on of the first things I did after setting up SSL was to run the Qualys SSL Labs Test on my site. This tool will analyze your site security and point out any weaknesses and assign a grade to your site. I initially scored a C and used…