Security
Google Begins Campaign Warning Forms Not Using HTTPS Protocol
August 2014, Google released an article sharing their thoughts on how they planned to focus on their “HTTPS everywhere” campaign (originally initiated at their Google I/O event). The premise of the idea was that every website, regardless of what it was doing, should be communicating securely between point A and point B. To help motivate…
Read MorePassword Management
The year is 2017 and we continue to give advice on the process of creating passwords. This must stop. The phrase “These are the tips to creating a secure password” should be stricken from all presentations, articles, tips and side-bar conversations. Managing passwords has never been more streamlined. Organizations have invested countless hours and resources…
Read MoreA Website Security Framework Intro
A framework should provide the underlying structure we require to build on. Consider a home. Regardless of the type of home, they all have a similar framework. The framework keeps the house together and defines the basic structure, it starts with the foundation on which the house will sit. From there, the developers and architects…
Read MoreWe Must Improve the HTTPS Message
HTTPS is as important today as it has ever been. If you are transferring sensitive data you should use HTTPS to encrypt data in transit, that is not up for debate. Understand though that it is but one piece of a larger security conversation, and that’s where the message falls flat on it’s face. I…
Read MoreGoogle Introduces new Repeat Offender Blacklist
On November 8th, 2016, Google introduced a new feature to Chrome that would blacklist repeat offenders. Once Safe Browsing has designated a site as a Repeat Offender, the webmaster will be unable to request additional reviews via the Search Console. Repeat Offender status persists for 30 days, after which the webmaster will be able to…
Read MoreDefense in Depth And Website Security
The concept of Defense in Depth is not new. It’s been leveraged in the InfoSec domain for a long time, and has it’s roots deeply embedded in military strategy and tactics. That however doesn’t mean that even those in the InfoSec domain explain or implement it correctly. To fully appreciate the idea of Defense in…
Read More