logo.png
  • Home

  • Services

  • Contact

  • Blog

  • Legal

  • More

    Use tab to navigate through the menu items.
    • All Posts
    • Web Application Security
    • Home Office Security
    Search
    How to Check HTTP Headers
    Jeremy Druin
    • Apr 2, 2021
    • 1 min

    How to Check HTTP Headers

    HTTP response headers can impact the user experience and the security of the web or mobile application. Server administrators can...
    24 views0 comments
    Retiring Obsolete JavaScript Libraries
    Jeremy Druin
    • Mar 22, 2021
    • 1 min

    Retiring Obsolete JavaScript Libraries

    One of the most over-looked issues in web applications is vulnerabilities in someone else's code; 3rd-party JavaScript libraries. Vendors...
    21 views0 comments
    What is Content Security Policy?
    Jeremy Druin
    • Mar 6, 2021
    • 1 min

    What is Content Security Policy?

    Content Security Policy (CSP) is a security framework built into the browser. CSP allows the browser to block content from sources other...
    16 views0 comments
    Yum! Secure Cookies
    Jeremy Druin
    • Mar 1, 2021
    • 1 min

    Yum! Secure Cookies

    Cookie security is an oxymoron. Cookies exist in the browser; an inherently insecure location. However, there are several best-practices...
    9 views0 comments
    How HTTP Headers impact Application Security (by Example)
    Jeremy Druin
    • Feb 25, 2021
    • 1 min

    How HTTP Headers impact Application Security (by Example)

    Web server configuration can impact the security of the web site and underlying application. These headers can be confusing so it is not...
    16 views0 comments
    What is DevSecOps?
    Jeremy Druin
    • Feb 24, 2021
    • 1 min

    What is DevSecOps?

    DevSecOps is a development methodolgy that enables rugged software with quality baked in from the start. A key component is security....
    18 views0 comments
    ZAPping Web Application Vulnerabilities
    Jeremy Druin
    • Feb 22, 2021
    • 1 min

    ZAPping Web Application Vulnerabilities

    Vulnerability assessment is a great addition to development lifecycles. Vulnerabilities found early are easier and cheaper to fix plus...
    14 views0 comments
    Weak HTTPS Ciphers? There is an app for that
    Jeremy Druin
    • Feb 22, 2021
    • 1 min

    Weak HTTPS Ciphers? There is an app for that

    HTTPS connection depend on the underlying cryptopgraphic algorithms that are available to the web server. Also, the web server...
    5 views0 comments
    How Output Encoding Stops Cross-site Script (XSS) Attacks
    Jeremy Druin
    • Feb 21, 2021
    • 1 min

    How Output Encoding Stops Cross-site Script (XSS) Attacks

    Output encoding is a powerful defense against cross-site script (XSS) attacks. Output encoding clearly marks information in web pages as...
    6 views0 comments
    How Cross-Site Request Forgery (CSRF) Tokens Work
    Jeremy Druin
    • Feb 21, 2021
    • 1 min

    How Cross-Site Request Forgery (CSRF) Tokens Work

    CSRF tokens allow applications to detect forged requests such as those created by malicious scripts. Watch this video to see how CSRF...
    2 views0 comments
    Demystifying the HTTP Strict Transport Security (HSTS) Header
    Jeremy Druin
    • Dec 13, 2020
    • 4 min

    Demystifying the HTTP Strict Transport Security (HSTS) Header

    Ideally, web sites would run exclusively over HTTPS. In the future, we might find sites avoiding HTTP entirely using one of the following...
    30 views0 comments

    © 2014-2022 by Ellipsis Information Security LLC

    • Twitter Metallic
    • LinkedIn App Icon
    • YouTube Long Shadow