HackDig : Dig high-quality web security articles for hackers

HTTP Strict Transport Security (HSTS) Preload Lists

There is a growing wave of websites and other web applications that are now moving to be TSL-only (transport layer security only, aka SSL-only).Apart from the web site being browsed using "https", the server can also send a policy instruction in the form of a HTTP Strict Transport Security (HSTS) header. There are of course considerations for HSTS
Publish At:2015-07-07 17:20 | Read:3824 | Comments:0 | Tags:administrative SSL preventative technical operation policies

Facebook Policies and New Terms of Use Have Been under Scrutiny in Europe

A recent report about the privacy policy of Facebook has shed light to potential problems and disagreements with legal concerns in the EU. There is a recent report from Belgium focusing on the revised terms of use that have to do with Facebook. Due to its enormous popularity even apart from the fact that it’s blocked in some c
Publish At:2015-03-02 18:00 | Read:6931 | Comments:0 | Tags:Breaking News Digital ID Laws and regulations Security Socia

FTC Final Order Against Snapchat

Following a public comment period in May-June 2014, at the end of December the US consumer protection body Federal Trade Commission has approved a final order settling charges against Snapchat that lasts for twenty years.The charges related to how Snapchat deceived consumers about the automatic deletion of private images sent through the service.The key FTC
Publish At:2015-01-10 21:25 | Read:3483 | Comments:0 | Tags:technical privacy retention administrative specification pol

Guidance on the ASA's Online Remit Extension

The UK's Advertising Standards Authority (ASA) has had a digital remit since 2011 in the form of the CAP Code Digital Remit for Advertisements and Other Marketing Communications.Advertisements and other marketing communications by or from companies, organisations or sole traders on their own websites, or in other non-paid-for space online under their control
Publish At:2014-12-17 21:35 | Read:3376 | Comments:0 | Tags:administrative safety privacy awareness operation policies g

Business Failure at the Speed of Software

This week we saw two events where the automated nature of processes lead to major business failures.On Friday, a number of Amazon retailers were affected by a pricing problem. Those that had chosen to subscribe to the third-party RepricerExpress service that automatically adjusts prices to match or better competitors, found their products were being sold for
Publish At:2014-12-17 21:35 | Read:3232 | Comments:1 | Tags:policies administrative incidents threats operation design p

HTTP Security Headers

Earlier this year there was a useful post about implementing Hypertext Transfer Protocol (HTTP) security headers from Veracode.On Wednesday in a follow-up post, Isaac Dawson presents an analysis of the security headers of the top one million web sites, and compares the findings with a similar assessment in March. That's quite a lot of sites, but not enough t
Publish At:2014-10-24 07:45 | Read:6172 | Comments:0 | Tags:XSS policies standards hosting trust guidelines technical co

Application Security and Privacy Mapping 2014

The chart detailing the most important guidance, standards, legislation and organisations that can influence mobile and web application development security and privacy in the UK has been comprehensively updated.Principal Influences on UK Applications is managed by me and published on my company's web site as a mind map diagram and text tree, together with a
Publish At:2014-10-11 10:45 | Read:4529 | Comments:0 | Tags:policies standards legislation administrative information as


Tag Cloud