Recent Posts

    Authors

    Published

    Tag Cloud

    HTTPS versus HTTP, the debate is over.


    SSL is
    secure socket layer  ie. HTTPS:// instead of HTTP://

    Every web page that is sent via HTTP:// is in plan text and can easily be intercepted or even changed via what is know as "man in the middle" or "man on the side" attacks.

    Mobile network provides often  "improve" HTTP web pages by injecting their own scripts & images, often these unwanted "improvements" break the page being served. HTTPS prevents the carriers from being able to inject their own content.

    Even when you only access the system via


    by:Nigel Leck - 19 Mar 2015
    How to test Access Control Limits (ACLs)?

    Overview

    Access Control Limits (ACLs) are the expression of the systems information security policies, they can be complex in their nature and vital to not only be correct but also to be seen as correct. The ACLs sanity checks allow for this business level visibility to the information security policies.

    All sanity checks in the base product are run as part of the system build process which does not proceed  if there are any failures.

    The sanity checks allow for dummy data to be generated ( but not saved) and the


    by:Nigel Leck - 19 Mar 2015
    Upgraded the default site SSL to get an A+ grade

    Overview

    The default SSL handler for the hosted sites has been upgraded to include "perfect forward secrecy" and we have dropped support for the weaker SSL ciphers. 

    The drop of the weaker SSL ciphers means old browsers such as Windows XP IE7 will no longer be able to connect via HTTPS. IE7 will still be able to connect to the non-encrypted HTTP sites or alternatively Windows XP users can use more modern browsers Chrome or Firefox. 

    HTTP Strict Transport Security (HSTS) has been enabled by default, HSTS


    by:Nigel Leck - 8 Mar 2015