HTTPS is a must for every website nowadays: Users are looking for the padlock when providing their details; Chrome and Firefox explicitly mark websites that provide forms on pages without HTTPS as being non-secure; it is an SEO ranking factor; and it has a serious impact on privacy in general.
Read more…
These days, understanding cyber-security is not a luxury but rather a necessity for web developers, especially for developers who build consumer-facing applications. In this article, Hagay Lupesko will show you how web developers can use HTTP headers to build secure apps. While the code examples are for Node.js, setting HTTP response headers is supported across all major server-side-rendering platforms and is typically simple to set up.
Read more…
The HTTP Public Key Pinning (HPKP) worked caused a lot of confusion. In the middle of the incredibly hectic process of running a major conference, it’s the last kind of issue anybody wants to have to deal with. In this article, Mathias Biilmann Christensen will explain how to issue a new certificate that uses the keys of the old expired SSL certificate.
Read more…
If you’re running a major bank or a secure site for whistleblowers, you’ll no doubt want to do anything you can to avoid possible man in the middle attacks. However, if you’re running a content-driven website, it’s just never worth it to use a security technique that could potentially take your whole site down close to permanently! Going offline is a much more severe threat than getting exposed to a sophisticated man-in-the-middle attack.
Read more…
The benefits of using a “content security policy” are many. Most importantly, it will stop your users from suffering any unsolicited scripts or content or XSS vulnerabilities on your website. In this article, Nicolas Hoffmann will introduce you to this technology, and he’ll explain why awareness is the most important advantage of CSP for website maintainers.
Read more…
SSL is the “S” in HTTPS. It adds a layer of encryption to HTTP that ensures that the recipient is actually who they claim to be and that only authorized recipients can decrypt the message to see its contents. In this article, Emerson Loustau will show you how to upgrade your website to HTTPS to improve your website, protect users and participate in the advancement of the Internet. And it won’t cost you anything!
Read more…
If you are creating a website, app or wearable that uses location data, building in responsible development and regulatory compliance from the very beginning is easy. In this article, Heather Burns will teach you how to build a healthy workflow for developing with location data by using best practice frameworks, providing users with privacy-friendly options, coding to development guidelines and working with an insightful regard for the law. By following this advice, you can create a responsible and legally compliant development process.
Read more…
In this article, Rachel Andrew will look at the basics of HTTP2 as they apply to web designers and developers. She’ll explain some of the key features of the new protocol, look at browser and server compatibility, and detail the things you might need to think about as we see more adoption of HTTP2. You will get an overview of what to consider changing in your workflow in the short and long term. Rachel will also include plenty of resources if you want to dig further into the issues raised. Her aim is to give you enough of the background to be able to make good decisions as you plan your move to HTTP2.
Read more…
Over the time, OSS has turned into crowd-sourced marketplaces and this big range open source functionality is great, but it also carries big risks. Whenever you are running a stranger’s code inside your applications, you might question yourself “Do you know if these authors understand or care about security?” or “Do you know if they have vulnerabilities?”. In this article, Guy Podjarny will show you a good way to start acknowledging and handling this risk which is to address the known vulnerabilities in your dependencies and Snyk makes it easy for you to find, fix and monitor these vulnerabilities in Node.js.
Read more…
The state of passwords today causes more headache than happiness. Nearly half of Americans have had their account hacked in the last year alone. Are web designers and developers taking enough measures to prevent these problems? Or do we need to rethink passwords? Passphrases are a better alternative because they are more secure and usable. A few websites out there enforce passphrases. No user should feel like they’ve lost their keys or had their house broken into. But switching to passphrases doesn’t require a technical overhaul. It’s as simple as introducing the concept to users and requiring a higher character length.
Read more…