Security articles

Content Security Policy, Your Future Best Friend




 


 

A long time ago, my personal website was attacked. I do not know how it happened, but it happened. Fortunately, the damage from the attack was quite minor: A piece of JavaScript was inserted at the bottom of some pages. I updated the FTP and other credentials, cleaned up some files, and that was that.

Content Security Policy, Your Future Best Friend

One point made me mad: At the time, there was no simple solution that could have informed me there was a problem and — more importantly — that could have protected the website’s visitors from this annoying piece of code.

The post Content Security Policy, Your Future Best Friend appeared first on Smashing Magazine.

Free SSL For Any WordPress Website


  

If you have an e-commerce website, then SSL is mandatory for safely processing credit cards. But even if you aren’t processing payments, you should still seriously consider secure HTTP (or HTTPS), especially now that I’m going to show you how to set it up quickly, for free. Let’s get started.

Free SSL For Any WordPress Website

In short, SSL is the “S” in HTTPS. It adds a layer of encryption to HTTP that ensures that the recipient is actually who they claim to be and that only authorized recipients can decrypt the message to see its contents.

The post Free SSL For Any WordPress Website appeared first on Smashing Magazine.

The Current State Of Authentication: We Have A Password Problem


  

We have a lot of passwords to remember, and it’s becoming a problem. Authentication is clearly important, but there are many ways to reliably authenticate users – not just passwords. Passwords are written off as inconvenient and unavoidable, but even if true a few years ago, that’s not true today. Due to a combination of sensors, encryption and seasoned technology users, authentication is taking on new (and exciting) forms.

The Current State Of Authentication: We Have A Password Problem

Most other interaction patterns have been updated over time, but no one wants to mess with password authentication. It’s too serious. Or there’s too much liability. You know, like if you don’t clear the password input after someone types the wrong password, their credit card information is at risk.

The post The Current State Of Authentication: We Have A Password Problem appeared first on Smashing Magazine.

Legal Guidelines For The Use Of Location Data On The Web


  

Location-based services are growing in popularity every day, and beacon-based services are tipped to be the advertising goldmine of 2016. You may already be using location data and beacons to enhance your users’ experience with your websites, apps and wearables. However, the use of location data is not without limits.

A simple opt-in screen

Developers must become aware of international privacy laws, as well as industry codes of self-regulation, that govern its usage. Following laws and codes, while also adhering to best practice principles through frameworks such as privacy by design (PbD), will ensure public trust in your app as well as in your services as a developer.

The post Legal Guidelines For The Use Of Location Data On The Web appeared first on Smashing Magazine.

Getting Ready For HTTP/2: A Guide For Web Designers And Developers


  

The Hypertext Transfer Protocol (HTTP) is the protocol that governs the connection between your server and the browsers of your website’s visitors. For the first time since 1999, we have a new version of this protocol, and it promises far faster websites for everyone.

Getting Ready For HTTP/2: A Guide For Web Designers And Developers

In this article, we’ll look at the basics of HTTP/2 as they apply to web designers and developers. I’ll explain some of the key features of the new protocol, look at browser and server compatibility, and detail the things you might need to think about as we see more adoption of HTTP/2. By reading this article, you will get an overview of what to consider changing in your workflow in the short and long term. I’ll also include plenty of resources if you want to dig further into the issues raised.

The post Getting Ready For HTTP/2: A Guide For Web Designers And Developers appeared first on Smashing Magazine.

Eliminating Known Vulnerabilities With Snyk


  

The way we consume open source software (OSS) dramatically changed over the past decade or two. Flash back to the early 2000s, we mostly used large OSS projects from a small number of providers, such as Apache, MySQL, Linux and OpenSSL. These projects came from well-known software shops that maintained good development and quality practices. It wasn’t our code, but it felt trustworthy, and it was safe to assume it didn’t hold more bugs than our own code.

Eliminating Known Vulnerabilities With Snyk

Fast-forward to today and OSS has turned into crowd-sourced marketplaces. Node’s npm carries over 210,000 packages from over 60,000 contributors; RubyGems holds over 110,000 gems, and Maven’s central repository indexes nearly 130,000 artifacts. Packages can be written by anybody, and range from small utilities that convert milliseconds to full-blown web servers. Packages often use other packages in turn, ending with a typical application holding hundreds if not thousands of OSS packages.

The post Eliminating Known Vulnerabilities With Snyk appeared first on Smashing Magazine.

Why Passphrases Are More User-Friendly Than Passwords


  

A user’s account on a website is like a house. The password is the key, and logging in is like walking through the front door. When a user can’t remember their password, it’s like losing their keys. When a user’s account is hacked, it’s like their house is getting broken into.

Why Passphrases Are More User-Friendly Than Passwords

Nearly half of Americans (47%) have had their account hacked in the last year alone. Are web designers and developers taking enough measures to prevent these problems? Or do we need to rethink passwords?

The post Why Passphrases Are More User-Friendly Than Passwords appeared first on Smashing Magazine.

Why Passphrases Are More User-Friendly Than Passwords


  

A user’s account on a website is like a house. The password is the key, and logging in is like walking through the front door. When a user can’t remember their password, it’s like losing their keys. When a user’s account is hacked, it’s like their house is getting broken into.

Why Passphrases Are More User-Friendly Than Passwords

Nearly half of Americans (47%) have had their account hacked in the last year alone. Are web designers and developers taking enough measures to prevent these problems? Or do we need to rethink passwords?

The post Why Passphrases Are More User-Friendly Than Passwords appeared first on Smashing Magazine.

P Vs. NP: The Assumption That Runs The Internet


  

Let’s get a few things out of the way first. This isn’t your regular Smashing Magazine article. It’s not a “how to“; it won’t show you how to build a better menu or improve your project tomorrow. This article shows you how a core problem in computer science works and why we’re all pretending we know something for certain when we really have no idea.

P Vs. NP: The Assumption That Runs The Internet

You’re looking at Smashing Magazine right now because you’re standing on the shoulders of a giant assumption called “P versus NP”. It’s a math problem that protects governments, runs the Internet and makes online shopping possible.

The post P Vs. NP: The Assumption That Runs The Internet appeared first on Smashing Magazine.

Tips to Keep WordPress Secure

With each passing day, strong security becomes more important. This article explains some ways to keep WordPress secure while improving the overall security of your WordPress-powered site. Most of the tips provided here are practice-based security steps that require no plugins or hacks. The idea here is that you don’t need to make changes to […]

Top