The web’s security model is fundamentally broken, and has been since the beginning. Content Security Policy is an upcoming feature of the web platform that promises to mitigate the risk of XSS attacks, and it’s worth starting to play with now.
4 articles and links tagged with “http”
Content Security Policy: A Primer HTTP Strict Transport Security and You
With a simple Wi-Fi packet-sniffer, intercepting login cookies over the air is far easier than it ought to be. Happily, clever people have put together solid mitigation techniques, one of which is HTTP Strict Transport Security. I’ve implemented it on a personal site, this article describes what it is, why it’s important, and how you can use it yourself.
Mark Nottingham has put together a really useful tool that aids in the analysis of the behavior of HTTP resources. I’ve started putting together a command line version based on the web version he’s released on GitHub.
Generating Etags for static content using Nginx
Nginx is a brilliant little HTTP server that I’m using on this website to quickly serve static content. It bothers me a (very) little that it doesn’t correctly generate Etag headers for static content, however. I’m attempting to remedy that oversight by releasing an Nginx module: