Web security

During the next few days I will tell you about the incredible and perilous journey of a web request… ok, just some posts regarding security of web applications.

Disclaimer: I'm not a security expert, but I know enough on the subject to see that not enough web developers care about security. So those posts are reminders for me and I think talking more about a subject make more people aware of it. Script kiddies can deface hundreds of websites because of stupid common errors that not enough web developers know.

Some of the things I will talk about are old, some are current and some are for the future (and probably lots of important things I won't talk about because I don't know them (please send comments)).

• Web security: DNSSEC
• Web security: HTTPS
• Web security: HPKP
• Web security: DANE/TLSA
• Web security: HSTS
• Web security: more headers
• Web security: CSP
• Web security: XSS
• Web security: SQL injection
• Web security: cookies
• Web security: passwords
• Web security: CSRF
• Web security: misc