Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

A Little Help Improving Your Website's Transport Security

DZone's Guide to

A Little Help Improving Your Website's Transport Security

Ivan Ristic of Qualys blogged last year about a TLS Maturity Model, citing that “over time, … deploying TLS securely is getting more complicated, rather than less”.

· Web Dev Zone
Free Resource

Start coding today to experience the powerful engine that drives data application’s development, brought to you in partnership with Qlik.

Ivan Ristic of Qualys blogged last year about a TLS Maturity Model, citing that “over time, … deploying TLS securely is getting more complicated, rather than less”.

The article goes on to describe five levels of maturity for a TLS implementation:

  1. Chaos
  2. Configuration
  3. Application Security
  4. Commitment
  5. Robust Security

At section.io we have reached level 4 for our own website and our management portal (Aperture) and we are working toward achieving level 5. The work required for us to achieve this now means our platform can help you improve the TLS maturity of your websites too.

By using section.io for your website, you immediately achieve Level 2 because our platform is handling the TLS protocol configuration which we maintain at a Qualys “Grade A” level.

This frees you to focus on the application-level changes required to achieve Level 3, eg ensuring you don’t have mixed-mode resources on your pages, that cookies use the httponly and secure attributes appropriately, and that your origin validates anti-CSRF tokens.

When you’re ready to switch your website to HTTPS-only and enable Strict Transport Security, section.io’s Varnish proxy can help you redirect all insecure HTTP requests to their HTTPS alternative and also inject the necessary HSTS response headers so browsers will use HTTPS for your site by default. This brings you to level 4.

HPKP fingerprint

Finally, to make level 5 just a little bit easier, the HTTPS configuration page in our Aperture management portal displays the public key fingerprint of your HTTPS certificate that you will need when adding Public Key Pinning response headers.

Create data driven applications in Qlik’s free and easy to use coding environment, brought to you in partnership with Qlik.

Topics:
implementation ,requests ,hsts ,security ,https ,tls ,portal ,transport

Published at DZone with permission of Jason Stangroome, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

THE DZONE NEWSLETTER

Dev Resources & Solutions Straight to Your Inbox

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

X

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}