WebAppSec/MozSecureWorld: Difference between revisions

Jump to navigation Jump to search

WebAppSec/MozSecureWorld (view source)

Revision as of 17:59, 18 July 2011

317 bytes added ,  18 July 2011
→‎Calendar
Line 220: Line 220:
** Have strict transport security header stuff
** Have strict transport security header stuff
** Read [http://michael-coates.blogspot.com/2011/07/enhancing-secure-communications-with.html Michael's blog about it]
** Read [http://michael-coates.blogspot.com/2011/07/enhancing-secure-communications-with.html Michael's blog about it]
** Read [https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet OWASP TLS]
** Read [http://www.slideshare.net/michael_coates/ssl-screw-ups understand problem=
** click around burp should show no HTTP anytime
** click around burp should show no HTTP anytime
* Only SSL, all scripts, img, SSL everything SSL,
* On top, do STS (Strict Transport Security) --> for browser
* secure flag for all cookies
</td>
</td>
<td></td>
<td></td>
Haoqili
67

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/330561"

Navigation menu