Blog Archives

A Twisted Tale of Web Security: Clickjacking and X-Frame-Options

I don’t use frames. So I’m safe, right? With our focus on cranking out functionality, it’s easy to overlook the security implication of frames, especially if we’re building an application that doesn’t use frames. However, clickjacking is a serious security

Posted in Content Security Policy, HTTP Headers, X-Frame-Options

Start Secure: HTTP Secure Transport Security

As an experiment, please take a moment to type your bank’s URL into a browser. If you are anything like the vast majority of users, you wrote the URL without specifying the protocol scheme, that is you typed rather

Posted in HTTP Headers, Web Security

Content Security Policy: What are We Waiting For?

The Web Application Security Working Group of the W3C has created a standard for web security called Content Security Policy (CSP). Currently on version two with a version three in the works, CSP has been implemented by the majority of

Posted in HTTP Headers, Web Security