security | ellipsis-infosec

Jeremy Druin

How to Check HTTP Headers

HTTP response headers can impact the user experience and the security of the web or mobile application. Server administrators can...

Jeremy Druin

Retiring Obsolete JavaScript Libraries

One of the most over-looked issues in web applications is vulnerabilities in someone else's code; 3rd-party JavaScript libraries. Vendors...

Jeremy Druin

What is Content Security Policy?

Content Security Policy (CSP) is a security framework built into the browser. CSP allows the browser to block content from sources other...

Jeremy Druin

Yum! Secure Cookies

Cookie security is an oxymoron. Cookies exist in the browser; an inherently insecure location. However, there are several best-practices...

Jeremy Druin

Weak HTTPS Ciphers? There is an app for that

HTTPS connection depend on the underlying cryptopgraphic algorithms that are available to the web server. Also, the web server...

Jeremy Druin

How Output Encoding Stops Cross-site Script (XSS) Attacks

Output encoding is a powerful defense against cross-site script (XSS) attacks. Output encoding clearly marks information in web pages as...

Jeremy Druin

How Cross-Site Request Forgery (CSRF) Tokens Work

CSRF tokens allow applications to detect forged requests such as those created by malicious scripts. Watch this video to see how CSRF...

Jeremy Druin

Security Mistakes Everyone Makes: Improving Personal, Mobile and Home Network Security - Part II

Looking for Part I? - Link: Security Mistakes Everyone Makes: Improving Personal, Mobile and Home Network Security - Part I I hope you...

Jeremy Druin

Resources and Publications

Checklists Home Network Security Tips Password Security Tips Home router and Wi-Fi Security Tips Container Security Tips DevSecOps...