The header image for the 'Modern Browser Security Reporting' post, sorry the platform doesn't allow alt text on headers

Modern Browser Security Reporting

I have written a few articles about 'Browser Security Headers' in recent months; I partly wrote them to encourage me to read more on the subject myself but I hope that someone starting off on the subject will find them useful. Rather than write another quick post on the subject I have decided to reference a new training video that Troy Hunt and Scott Helme have recently published on Pluralsight. For those who have not heard of Pluralsight before it is the largest (and in my opinion the best) online training resource for those looking to learn more about technical…

Read More

The header image for the 'Be a password ninja!' post, sorry the platform doesn't allow alt text on headers

Be a password ninja!

Our dog, Daisy the West Highland White Terrier, decided she desperately needed a pee at 5:50 am on Saturday; and the weekend makes it my turn to get up with her! After dealing with her needs and turning on the coffee machine I didn't fancy picking up the project I have been working on and decided to try something new. I needed a link for the password reset and password change pages of the project I am working on. I wanted to present the user with some simple to understand advice on how to pick a good password; don't…

Read More

The header image for the 'IT Support Scammers' post, sorry the platform doesn't allow alt text on headers

IT Support Scammers

No matter how strong your technical security is (antivirus, firewalls, security headers, well-written applications, etc) there is always one sure route to failure, social engineering. If a privileged user can be convinced to perform nefarious acts on a system that system is compromised. That being said most professionals are not going to fall for that (although I know one who did fall for a variant the old Nigerian finance scam to the tune of several thousand pounds); the less initiated are a different story and we as IT professionals have a duty to help them! IT Support scams appear to…

Read More

The header image for the 'Content Security Policies' post, sorry the platform doesn't allow alt text on headers

Content Security Policies

The easiest way to explain a Content Security Policy (CSP) is with the idea of a whitelist; whitelists act as an allowed set of values for a system. You may have heard of a blacklist before; a list of things which are not allowed, you employer/school will...…

Read More

The header image for the 'HTTPS is just the tip of the sword' post, sorry the platform doesn't allow alt text on headers

HTTPS is just the tip of the sword

This post is part of a series on HTTPS and browser security; it is partly to spread knowledge, but mostly to allow me to learn more about the subject by putting it 'down on paper'! Enjoy, and please comment, correct, and discuss. In the previous post in this series I wrote about the basics of HTTPS; what certificates are and how the chain of trust works. The use of an HTTP certificate isn't a magic pill that makes everything secure, there are several other security techniques which you should investigate. Not every website will require all of these protections, but…

Read More

The header image for the 'Is HTTPS everything?' post, sorry the platform doesn't allow alt text on headers

Is HTTPS everything?

If you are involved in designing, developing, testing, publishing, or managing a website then you have likely already heard about HTTPS. HTTPS has been discussed from start to finish several times in recent years; by some notable people (Troy Hunt, Scott Helme, etc) and some less notable people.…

Read More