Jeremy DruinApr 2, 20211 minHow to Check HTTP HeadersHTTP response headers can impact the user experience and the security of the web or mobile application. Server administrators can...
Jeremy DruinMar 22, 20211 minRetiring Obsolete JavaScript LibrariesOne of the most over-looked issues in web applications is vulnerabilities in someone else's code; 3rd-party JavaScript libraries. Vendors...
Jeremy DruinMar 6, 20211 minWhat is Content Security Policy?Content Security Policy (CSP) is a security framework built into the browser. CSP allows the browser to block content from sources other...
Jeremy DruinMar 1, 20211 minYum! Secure CookiesCookie security is an oxymoron. Cookies exist in the browser; an inherently insecure location. However, there are several best-practices...
Jeremy DruinFeb 25, 20211 minHow HTTP Headers impact Application Security (by Example)Web server configuration can impact the security of the web site and underlying application. These headers can be confusing so it is not...
Jeremy DruinFeb 24, 20211 minWhat is DevSecOps?DevSecOps is a development methodolgy that enables rugged software with quality baked in from the start. A key component is security....
Jeremy DruinFeb 22, 20211 minZAPping Web Application VulnerabilitiesVulnerability assessment is a great addition to development lifecycles. Vulnerabilities found early are easier and cheaper to fix plus...
Jeremy DruinFeb 22, 20211 minWeak HTTPS Ciphers? There is an app for thatHTTPS connection depend on the underlying cryptopgraphic algorithms that are available to the web server. Also, the web server...
Jeremy DruinFeb 21, 20211 minHow Output Encoding Stops Cross-site Script (XSS) AttacksOutput encoding is a powerful defense against cross-site script (XSS) attacks. Output encoding clearly marks information in web pages as...
Jeremy DruinFeb 21, 20211 minHow Cross-Site Request Forgery (CSRF) Tokens WorkCSRF tokens allow applications to detect forged requests such as those created by malicious scripts. Watch this video to see how CSRF...
Jeremy DruinDec 13, 20204 minDemystifying the HTTP Strict Transport Security (HSTS) HeaderIdeally, web sites would run exclusively over HTTPS. In the future, we might find sites avoiding HTTP entirely using one of the following...