Security Headers

Sep 26, 2020 1 min read 2020-09DotNetSecurity2020

Have you wondered what info you are leaking via your response headers?, do you want some kind of guide about what headers to set or remove altogether? Head on over to https://securityheaders.com/ This is a site created by security expert Scott Helme that rates a URL based on what response headers it can see. I am...

Testing for expiring SSL Certificates

Mar 3, 2020 2 min read 2020-03SecuritySSLTesting2020

Let’s Encrypt is amazing, you can easily add SSL certificates to any website and automate the renewal process. I have talked before about how impressive it is. Once you start adding SSL certificates to your production sites however you may want to check when they expire so you don’t get caught out. You can always open...

Azure Key Vault

Mar 19, 2019 3 min read 2019-03WebsiteSecurityAzure2019

Azure Key Vault is a secure way of storing your keys, certificates and secrets so your application can access everything it needs to but you don’t have them being stored insecurely anywhere such as in source control. I have been wanting to give Azure Key Vault a try for a while now as it can make use of Azure Active...

Technology I want to learn more about

Mar 5, 2019 3 min read 2019-03C-SharpAzureSecurity2019

While at Microsoft Ignite I heard about a lot of cool tech that I want to know more about. The best way to learn something is use it to solve a problem. So what can I build that is both useful and will let me play with some new tech? I have a Xamarin Forms app Pwned Pass that has over 500 downloads on Google play and...

Let’s Encrypt is awesome

Apr 30, 2018 2 min read 2018-04DevOpsSSLSecurity2018

Let’s Encrypt is a free way to get a SSL certificate onto your website and until recently I had never tried it. It is very easy and I think it is awesome. IIS is the web server software the Microsoft include with Windows 10 and Windows Server. I have it installed on my laptop and it displays the default IIS page. It is...

Content Security Policies

Feb 12, 2018 3 min read 2018-02CSPReportURISecurity2018

A content Security Policy or CSP is a HTTP response header that defines what sources of content can be loaded on a web page. It is a way to combat Cross Site Scripting (XSS) attacks. What is a XSS attack then? When you load a webpage it also loads various other resources like images, some css style sheets, various...

How good is your SSL?

Jul 17, 2017 2 min read 2017-07SSLSecurity2017

I recently watched Troy Hunt’s What Every Developer Must Know about HTTPS course on Pluralsight. Its very good and really make you think about SSL certificates and how to correctly implement them. One thing in particular Troy mentions is the website SSL Labs . This website allows you to test a websites implementation...

Have I Been Pwned?

May 29, 2017 2 min read 2017-05PwnedData BreachSecurityTroy Hunt2017

Have you heard of the website https://haveibeenpwned.com ? Well you should have. Have I Been Pwned is a website created by security expert Troy Hunt that keeps track of data breaches and allows you to search and find ones that affect you. As I write this Troy Hunt has tracked 3,752,984,562 pwned accounts from 216 pwned...