I recently posted about Testing your website with sonarwhal, a great dynamic analysis tool that you can simply enter your website address into, and they’ll scan and return a report. What I failed to mention (shame on me) is that you can also run this tool via the command line. That’s right, they’re on npm as sonarwhal too. Install It’s…
Tag: security
Testing your website with sonarwhal
Yesterday I was watching a great Pluralsight course called Play by Play: Javascript Security by Troy Hunt and Aaron Powell. In this course they discuss a number of security related things, including auth tokens, caching, service workers, third-party library vulnerabilities and client-side validation. Aaron also introduced me to a tool that I hadn’t heard of before, called sonarwhal. If you’re…
HTTP is dead
I really should stop with the clickbait headlines! A couple of months ago I posted about how SEO is dead and now I’m doing it again. Well, this time I can safely say that HTTP is not in fact dead. But it is losing out to HTTPS, as more and more websites are going secure. There are…
Going HTTPS with Cloudflare
Having already made my WCG Online project secure (as detailed in a previous post), it’s been on my list for a while to do the same with this website. But I’d heard good things about Cloudflare and wanted to give them a try. Well I’m glad I did, it was so easy and straight forward.…
Response headers – adding Content-Security-Policy
I recently wrote an update as I continue to work on my response headers, in which I said that I was working on adding Content Security Policy (CSP), with the help of Scott Helme, who has written a great blog post on this. He has also created an excellent site called report-uri.com which has a number of tools, including one to…
Response headers – an update
I previously wrote about what response headers I was sending back from my website – now I have an update. Part of the problem was that extra headers were being sent, which I didn’t particularly want to be sent. So I’ve been working on getting rid of them. X-Hostname I believe this is added by…