How the web changes with HTTP/2: Performance and Security

Changes to the web: HTTP/2 Performance and Security On invitation by the Dutch consultancy firm Snow, I attended their Snow Unix Event (SUE). It was the third time in a row, with again an impressive lineup of speakers. As I worked previously for the company, I expected no less than that. The theme was about knowledge sharing. That sounds like an invitation to also share some of the biggest insights I learned. Let’s start with the HTTP/2 insights by Daniel […]

Read more

Delete a HSTS Key Pin in Chrome

Delete a HSTS Key Pin in Chrome Key pinning can be tricky and sometimes you might encounter a website having an incorrect key pin. This is usually caused by renewing certificates. In that case the duration time of the key pin might overlap the expire time of the moment of renewal. Chrome Error You will be seeing an error something like: Your connection is not private   Attackers might be trying to steal your information from domain.com (for example, passwords, […]

Read more

Deleting Outdated HPKP Key Pins in Firefox

Deleting Outdated HPKP Key Pins in Firefox HPKP is a great technology to pin a certificate to a website. On first use of a domain, the browser of the client checks if key pinning is available. Upon a next visit, the browser applies an additional check if the certificate(s) provided is available in the previous list of whitelisted sites. HPKP error Sometimes things go wrong with HPKP and you won’t be able to access a particular page. The best action is […]

Read more

Hardening WordPress Security and Reduce Information Disclosure

WordPress and Reducing Information Leakage For years, WordPress is used as a platform for blogging. Last years, more and more companies have even built their website in WordPress. Unfortunately, this also means it is more often targetted by scripts, searching for their next victim. The primary reasons for a WordPress hack, are often disclosed information and outdated software components. This is applicable to the WordPress version itself and modules, like the plugins. In this article, we have a look at dealing […]

Read more

Quick Tip: Disable Adobe Flash Player in Chrome

How to disable Flash The end of Adobe’s Flash Player is near. Most of the remaining Flash on the web are advertisements or “fancy” movies, created years ago. If you don’t need Flash any longer, these steps help you to disable it in Chrome. Step 1: Open plugins Go to chrome://plugins This will show an overview of all your plugins. Step 2: Disable Abode Flash Player Press Disable on the Adobe Flash Player. The color of the plugin changes and […]

Read more

Protecting the browser: Web of Trust

Protecting the web browser Usually we focus on the blog on the server side of things, helping to protect the data of users, customers and ourselves. What we commonly overlook is the end of the connection, the web browser of the user. In the upcoming posts we will look at alternative measures we can take, to protect data there as well. Malware, spam, scam? As we all know, the web is full of good things. But unfortunately it happens also […]

Read more

Optimize SSL/TLS for Maximum Security and Speed

Optimize SSL/TLS for Maximum Security and Speed High Goal Setting Recently we changed our corporate website into a “HTTPS only” version. Most of the content is not secret information, still we have some sensitive areas. The ordering section and downloads, and additional our portal. While some areas were already covered with a lock, we felt it was time to make the jump to cover it all. Additionally, we believe that we doing everything we can on our website, practicing security […]

Read more

Securing nginx configurations: implementing OCSP stapling

Securing nginx configurations Implementing OCSP stapling in nginx OCSP stapling is a logical follow-up on Online Certificate Status Protocol. OCSP itselfs just checks if certificate is still valid by determining if it is on a revocation list. The original OCSP protocol forces the client to check for the status of a certificate. This results in a lot of traffic for the CA behind the certificate. OCSP stapling moves the check to the owner of the certificate. On a regular basis […]

Read more
12