Chris Shiflett, the author of Essential PHP Security posted a cool idea on his blog about secure forms. His idea was to have browsers show visually that a form action is secure (going to a HTTPS page). A good idea, I hope to see that implemented.
- HTTP Strict Transport Security - September 17, 2010
- Web Form Security and the Middle Man - May 17, 2006
- How To Scream Unsecured - May 2, 2006
- How to Resolve Java HTTPS Exceptions - November 21, 2018
- HackMyCF Adds SSL/TLS Scanner - May 27, 2015
Chris used to be a ColdFusion developer, and I had a great deal of respect for him before I knew he wrote for O'Reilly. I was completely blown away by him when he explained a MSIE security hole to me several years ago when I met him on a consulting detail. He also writes for the 2600 Hacker's Quarterly. Chris: Next time, Corky's Barbeque is on me!
Nice ICON ;)
- Updating Java on ColdFusion or Lucee
- ColdFusion returning empty response with server-error: true
- Careful applying CF11u16, CF2016u8, CF2018u2
- Sessions don't work in Chrome but do in IE
- csrfVerifyToken does not invalidate the token
- The cf_sql_ is optional in cfqueryparam
- Cookie Expires / Max-Age 1969-12-31T23:59:59.000Z
- Burst Throttling on AWS API Gateway Explained