There are two main reasons websites are popping up cookie disclosures - the CCPA and GDPR - two sets of privacy laws that may (or may not) apply to your website.
Tag – Security
The importance of randomness in online security
I recently visited the website random.org, which is a free/fee-based generator of random numbers. It's been around for a long time - since 1998. It made me revisit the concept of randomness and how oddly hard it is to achieve. Why is randomness important? It's amazing how many things rely…
Adding Conditional Multifactor Authentication
The ability to bypass multifactor authentication can be useful in certain use cases.
The case for a Django upgrade
It boils down to this. An upgrade costs money, sometimes a lot of money, but the result has no visible outcome. In fact, in many cases the only outcome is an assurance that you've reduced the probability of attack, intrusion, breach and related unpleasantness. By any measure, that's a tough...
New Top 10 List of the Most Critical Security Risk to Web Applications, Is Your Application Vulnerable?
Independent OWASP Top 10 Security Risk Audit for Python-based Websites.
Encrypted Postgres Backups
When creating a Postgres Database backup, one convenient approach is to export the database to disk via the pg_dump command. This postgres export file can then be picked up by a regular filesystem backup. A possible security risk with this approach is that your sensitive database data could be situated...
Where HIPAA and your website collide
As a Web developer with a specialty in creating and maintaining hospital websites, it is important that we fully understand where these things intersect with HIPAA. In fact, any agency that is charged with the creation, care and maintenance of a hospital website must fully understand these things. One of...
Security for Mobile Applications
As people put more faith in mobile devices, the impact of security breaches can be all the more devastating. From the perspective of a mobile Web application developer, mobile devices can be an additional entry point into an application. Creating mobile-friendly Web applications with security as a top priority is...
New Study: 93% of Passwords Protecting Medical Records Cracked
The study was conducted by researchers at Children's Hospital of Eastern Ontario Research Institute and the University of Ottawa in Ottawa, Ontario. The test was conducted using files provided by volunteer stakeholders in 15 clinical trials. And, although the samples were not representative of all clinical trials in Canada, they...
Keep masking passwords, for now
I always find Jakob Nielsen's usability columns interesting. I rarely disagree with his mostly common sense approach, however I found myself at odds with a recent Alertbox column, entitled "Stop Password Masking." In a nutshell, he believes the common practice of displaying dots or asterisks when typing in a password...
Form security, under the hood
I recently wrote a feature article for eHealthcare Strategy & Trends magazine entitled, "How secure are your Web-based forms?" The article explored what happens after you press the submit button. It turns out that lots of things can happen - many of them bad. To clarify, "bad" is the wrong...