Tag: security
-
Authentication vs Authorization what is the difference?
Authentication/Authorization these terms are often confused.
-
SSL links, videos and other resources.
SSL is a very important subject. All websites/apps should be using it. However the docs will leave you scratching your head saying WTF? So I am creating this long list of resources for anyone else who ever has to learn how to use it. Articles First here is a link to the docs – this […]
-
Forced password changes are not good security policy
To combat this unintelligent BS I am now starting a list of idiots that do this. For so long I have read and heard that a GREAT security feature is to force your users to change passwords every so many days/months. Linux even has a built in feature for this. This is a really stupid […]
-
AWS autoscaling links and resources
AWS autoscaling lets you set up groups of EC2 instances which are controlled by a load balancer. The load balancer in turn makes sure your app has the correct number of EC2 instances running at all times. If your traffic is high it adds the maximum that you set. If traffic goes down it adjust […]
-
CORS cross origin resource sharing links and resources for developers
CORS Cross origin resource sharing allows you to decide if a script from a domain other than your website/app can access data aka make AJAX calls etc. to your server. For your frontend API you probably want to limit the origin to just your domain. For a developer API you probably want to allow all […]
-
Server and cloud security resources and links
CSP Cheat Sheet – CSP content security policy is for setting server security policies for accessing your systems content/files etc. Configuring Play Framework Content Security Policy Headers –
-
Web App security resources
Practical HTTP Host header attacks – Must read to understand how hackers use HTTP headers to hack websites. Link to OWASP cheatsheet – a good cheat sheet Website security by MDN – covers some very basic information about website security such as SQL injection