- Ensuring that your website or open web application is secure is critical. Even simple bugs in your code can result in private information being leaked, and bad people are out there trying to find ways to steal data. The web security oriented articles listed here provide information that may help you secure your site and its code from attacks and data theft.
Information Security Basics
- A basic understanding of information security can help you avoid unnecessarily leaving your software and sites insecure and vulnerable to weaknesses that can be exploited for financial gain or other malicious reasons.
- Serving login forms over HTTP is especially dangerous because of the wide variety of attacks that can be used against them to extract a user’s password. Network eavesdroppers could steal a user’s password by sniffing the network, or by modifying the served page in transit.
- An HTTPS page that includes content fetched using cleartext HTTP is called a mixed content page. Pages like this are only partially encrypted, leaving the unencrypted content accessible to sniffers and man-in-the-middle attackers.
- A security context is a
Workerwhich there is reasonable confidence that the content has been delivered securely (via HTTPS/TLS), and for which the potential for communication with contexts that are not secure is limited.