Ensuring that your website or open web application is secure is critical. Even simple bugs in your code can result in private information being leaked, and bad people are out there trying to find ways to steal data. The web security oriented articles listed here provide information that may help you secure your site and its code from attacks and data theft.
- Information Security Basics
- A basic understanding of information security can help you avoid unnecessarily leaving your software and sites insecure and vulnerable to weaknesses that can be exploited for financial gain or other malicious reasons. These articles can help you learn what you need to know.
- Insecure passwords
- This page details the security mechanisms Firefox has put in place to warn users and developers of risks surrounding insecure passwords and password theft.
- Mixed content
- An HTTPS page that includes content fetched using cleartext HTTP is called a mixed content page. Pages like this are only partially encrypted, leaving the unencrypted content accessible to sniffers and man-in-the-middle attackers.
- Referer header: privacy and security concerns
- There are privacy and security risks associated with the Referer HTTP header. This article describes them, and offers advice on mitigating those risks.
- Same-origin policy
- The same-origin policy is a critical security mechanism that restricts how a document or script loaded from one origin can interact with a resource from another origin.
- Secure contexts
- A secure context is a
Workerfor which there is reasonable confidence that the content has been delivered securely (via HTTPS/TLS), and for which the potential for communication with contexts that are not secure is limited.
- Securing your site
- There are a number of things you can do to help secure your site. This article offers an assortment of suggestions, as well as links to other articles providing more useful information.
- Site Identity Button
- The Site Identity Button is a feature in Firefox that gives users more information about the sites they visit.
- Subresource Integrity
- Subresource Integrity (SRI) is a security feature that enables browsers to verify that resources they fetch (for example, from a CDN) are delivered without unexpected manipulation. It works by allowing you to provide a cryptographic hash that a fetched resource must match.
- Transport Layer Security
- The security of any connection using Transport Layer Security (TLS) is heavily dependent upon the cipher suites and security parameters selected. This article's goal is to help you make these decisions to ensure the confidentiality and integrity communication between client and server.
- Weak signature algorithms
- The strength of the hash algorithm used in signing a digital certificate is a critical element of the security of the certificate. This article provides some information about signature algorithms known to be weak, so you can avoid them when appropriate.