Safe website settings

Websites are great for marketing. They are always great for gaining personal information. Yes, personal information. How do attackers gain advantage? Simple, by “listening” to your encrypted transactions. The latest issue is about the SHA-1 use for signing the message which is deemed not secure anymore.
How do you then secure your site which holds personally identifiable information? Get certificates with SHA2 as a signing algorithm. Google Chrome has made it easy for us to identify how secure our website is.

First step; update Google Chrome.
Second step; tell your website admin to update your certs to cover SHA2 and use TLS1.2
Third Step; practise safe coding practices. Like CSP.

For more information; hit me a note.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s