A developer explains their decision to join Snyk, a security tool company, to lead developer relations, emphasizing the importance of accessible security.
An overview of Let's Encrypt, a free, automated, and open Certificate Authority, covering its features, limitations, and operational model.
Explains how HSTS works with Let's Encrypt to secure websites by forcing browsers to use HTTPS, preventing man-in-the-middle attacks.
A hands-on guide to using Let's Encrypt's beta client to obtain and install a free SSL/TLS certificate on an Apache web server.
Explains how to use Content Security Policy (CSP) HTTP headers to mitigate risks from third-party scripts on websites.
Explains how to implement Content Security Policy (CSP) in ASP.NET MVC to enhance security by controlling allowed content sources.
Explores client-side web security technologies like HPKP, CSP pinning, and HSTS that help protect against attacks by pinning trust to the browser.
A guide to enhancing ASP.NET MVC security using NWebSec NuGet packages to configure HTTP response headers and implement Content Security Policy.
A technical guide explaining how to configure an nginx server to achieve an A+ rating on the Qualys SSL Labs security test.
A guide to securing ASP.NET websites against common vulnerabilities like CSRF and XSS, covering code, configuration, and testing best practices.
Explains how to process Content Security Policy violation reports with a practical PHP script example.
Explains how attackers can misuse the HTML5 Fullscreen API to create convincing phishing pages that mimic trusted websites like banks.
A guide to using Fluent Security for maintainable, testable authorization in ASP.NET MVC 3 web applications, moving away from attribute-based security.
Security flaw exposes database passwords on 1% of CMS sites due to text editor backup files being publicly accessible.
A critique of CAPTCHAs, arguing they are insecure, inaccessible, and shift the burden of spam prevention onto users instead of site owners.
Explains ASP.NET 2.0's Event Validation security feature, a common error it causes, and provides a recommended code fix.
