The header image for the 'Content Security Policies' post, sorry the platform doesn't allow alt text on headers

Content Security Policies

The easiest way to explain a Content Security Policy (CSP) is with the idea of a whitelist; whitelists act as an allowed set of values for a system. You may have heard of a blacklist before; a list of things which are not allowed, you employer/school will...…

Read More

The header image for the 'HTTPS is just the tip of the sword' post, sorry the platform doesn't allow alt text on headers

HTTPS is just the tip of the sword

This post is part of a series on HTTPS and browser security; it is partly to spread knowledge, but mostly to allow me to learn more about the subject by putting it 'down on paper'! Enjoy, and please comment, correct, and discuss. In the previous post in this series I wrote about the basics of HTTPS; what certificates are and how the chain of trust works. The use of an HTTP certificate isn't a magic pill that makes everything secure, there are several other security techniques which you should investigate. Not every website will require all of these protections, but…

Read More

The header image for the 'Is HTTPS everything?' post, sorry the platform doesn't allow alt text on headers

Is HTTPS everything?

If you are involved in designing, developing, testing, publishing, or managing a website then you have likely already heard about HTTPS. HTTPS has been discussed from start to finish several times in recent years; by some notable people (Troy Hunt, Scott Helme, etc) and some less notable people.…

Read More