This on Hacker News today: CSRF, CORS, and HTTP Security headers Demystified.
The above article referred to OWASP SameSite doco, and you can read about how to implement that with PHP.
Tag Archives: security
security.txt
This security.txt looks like a good idea.
OWASP Cheat Sheet Series
Oh wow, this is great: OWASP Cheat Sheet Series.
PHP Security Best Practices
I found an interesting article: Linux 25 PHP Security Best Practices For Sys Admins
Fixing Firefox/Iceweasel restricted port
Reply
Today I ran into this warning from iceweasel when I tried to access a web service on port 101:
This address is restricted
This address uses a network port which is normally used for purposes other than Web browsing. Iceweasel has canceled the request for your protection.
I found this article which said:
- Open about:config
- Create network.security.ports.banned.override if it’s not there
- Set that setting as, e.g.: 101-104
- Refresh the page
The Open Web Application Security Project
Read a little from the Open Web Application Security Project today.
The 5 Hardest Parts of Programming
An article on The 5 Hardest Parts of Programming which discusses optimisation, networking, security, reliability and scalability.
Security considerations for find
Read about the security considerations for find. Find is a *nix tool for searching though directories for files and filtering them to build lists or run commands.
While I’m here I might as well show you my latest find command, I think it’s a beauty. :)
sudo find . \
\( \( \( \! -user jj5 \) -or \( \! -group jj5 \) \) \
-execdir chown jj5:jj5 '{}' \+ \) , \
\( \( -type d \( \! -perm -u+rwx \) \) \
-execdir chmod u+rwx '{}' \+ \) , \
\( \( -type f \( \! -perm -u+rw \) \) \
-execdir chmod u+rw '{}' \+ \)