9 links about Web Security

• Sorting: Newest links first
• Topic: Web Security

• 2022-01-13 dnssecuritytxt.org

  dnssecuritytxt

  The DNS Security TXT standard extends the work done by security.txt to simplify answering this question by taking advantage of DNS, arguably the most ubiquitous system on the Internet.

  » More links from dnssecuritytxt.org

  » More links from 2022
• 2018-02-27 securitytxt.org

  Security.txt

  Thanks to security.txt, security researchers can easily get in touch with companies about security issues.

  » More links from securitytxt.org

  » More links from 2018
• 2017-09-17 ma.ttias.be

  Chrome to force .dev domains to HTTPS via preloaded HSTS

  A lot of (web) developers use a local .dev TLD for their own development.

  » More links from ttias.be

  » More links from 2017
• 2016-10-16 blog.varonis.com

  The difference between SSL and TLS

  Like all first efforts at shipping practical crypto, SSL versions 1.0 to 3.0 were found to have some security issues which necessitated iterative releases of more and more fundamentally secure designs.

  » More links from varonis.com

  » More links from 2016
• 2016-09-01 scotthelme.co.uk

  Using security features to do bad things

  Looking at the benefits of CSP like XSS and mixed-content mitigation, enforcing HTTPS with HSTS and reducing the risk of rogue certificate issuance with HPKP, we’re definitely better off with these things than we are without them.

  » More links from scotthelme.co.uk

  » More links from 2016
• 2016-09-01 schrauger.com

  The story of how WoSign gave me an SSL certificate for GitHub.com

  It was rather surreal when I realized I had actual valid SSL/TLS certificates for the primary GitHub domains. Https is supposed to prevent eavesdropping, yet with these keys, I could become a man-in-the-middle with ease.

  » More links from schrauger.com

  » More links from 2016
• 2016-08-15 speakerdeck.com

  Hardening the Web Platform

  Let’s talk about how we’re beginning to mitigate some of these platform-level risks by hardening the defaults, removing barriers to TLS deployment, and giving developers access to new APIs that can be used to lock themselves down even further.

  » More links from speakerdeck.com

  » More links from 2016
• 2016-08-14 techblog.netflix.com

  Protecting Netflix Viewing Privacy at Scale

  Adding the overhead of TLS encryption calculations to our video stream transport had the potential to greatly reduce the efficiency of our global infrastructure.

  » More links from netflix.com

  » More links from 2016
• 2015-08-31 blogs.akamai.com

  Is HTTP/2 worth the performance price of TLS?

  In other words, the ‘goodness’ of h2 should make up for the overhead of TLS and then some in most cases.

  » More links from akamai.com

  » More links from 2015