5 articles and links tagged with “hsts”
XSS (No, the _other_ 'S') - CSSConf EU 2013 Frontend Security - Frontend Conference, Zürich 2013
Last week, I was in Zürich to chat about client-side security. Here, I’ve wrapped up an annotated transcript, along with the slides and video. I’m pretty happy with how the talk turned out: I think it’s a good representation of what I think is important in frontend security, and worth your time to peruse.
Securing the Client Side
At the end of last year, I presented ‘Securing the Client Side’ at Devoxx, and I’ve been meaning to put together a more accessible version of the talk for those who weren’t there. I think the topics are important, and worth the effort of updating this site for the first time in a year. cough.
Nerdy New Year
New Year’s resolutions come in all shapes and sizes; if you’re a web developer stuck for good ideas of things you could do to improve the world (or at least the tiny chunk of it that’s concerned with web performance and security) I’d like to propose two: secure all your websites, and use a cookieless domain for static assets.
HTTP Strict Transport Security and You
With a simple Wi-Fi packet-sniffer, intercepting login cookies over the air is far easier than it ought to be. Happily, clever people have put together solid mitigation techniques, one of which is HTTP Strict Transport Security. I’ve implemented it on a personal site, this article describes what it is, why it’s important, and how you can use it yourself.