Web Application Security
Overview
Web Applications are the dominate form of how most of us interact with data. From the early days of the world-wide-web where it was a read-only view of data we have evolved to highly dynamic 2-way real-time views of everything we hold dear.
Securing a web application is complex owing to the many risks. And, it is certainly an area many sites can improve.
A high(ish) profile nodejs library is compromised. No multi-factor authentication used by developer. The ripples are far and wide. Including you!
The personal verification question. The dumb, slow cousin of the password. Stored in plaintext, findable in social media. Not multi-factor auth
Your cyber insurance is up for review. IGet all applications authenticated with multi-factor, simply, quickly, compliantly.
Spam. The cat and mouse game of advertisers seeking to reach more people for less cost, and, people seeking to spend more to not be reached. The current state of the art in proving “I am not a spam-sending robot” is the …
Content-Security-Policy protects our application, but challenging with external scripts like Google Tag Manager. We show in Angular Single Page Application.
Certificate Transparency Logs in SSL can be a useful diagnostic tool as well as a security forensic.