Sign in / up

back to article Docker proffers guide to better headers

Docker security bod Diogo Monica is offering a guide to help system administrators flip their security header report card marks from a Fs to As. Good security headers do things like ward-off click-jacking and cross-site scripting attacks, malicious certificates, and secure sockets downgrading. Many big e-commerce and banking …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Anonymous Coward
    Anonymous Coward

    YAWN

    Another containerisation article. As a loyal reader of 15 years I'm seriously considering switching to Slashdot!

    4 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: YAWN

      ^ this.

      1 0 Reply
  2. Ole Juul

    Cloudflare

    SSL Labs on the other hand will hand out top marks to anyone using Cloudflare, he says. (El Reg is a Cloudflare customer.)

    Since El Reg went to Cloudflare the site occasionally doesn't load and is often very slow. I've been here since 2007 and it's sad to see them taking up fashionable technology at the expense of their readers.

    Another downside is that now I can't recommend articles to my friends in the security world because Cloudflare doesn't pass encrypted traffic without throwing insolvable (literally) captchas in the way. I connect over clearnet so don't have such a problem, but that both SSL Labs and El Reg come out on the wrong side of anonymous browsing is a disappointment.

    1 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Cloudflare

      Since a VPN is the least of my designed settings, I get to see CAPTCHA several times a session. Definitely not fun on a tablet. Much worse on a 11.3" notebook. Give up being a commontard sounds like a plan.

      1 0 Reply
  3. Seajay#

    Obligatory SSL comment

    A pretty meaningless test then if it gives an A to www.theregister.co.uk despite the fact that it doesn't use SSL.

    9 0 Reply
  4. Anonymous Coward
    WTF?

    Shock! El Reg promotes self shamelessly for something it doesnt do

    How can you trumpet using Cloudflare for security when you don't even offer TLS on the site? You also get grade 'F' from the securityheaders.io test...

    https://securityheaders.io/?q=http%3A%2F%2Fwww.theregister.co.uk

    8 0 Reply
  5. riramar

    OWASP Secure Headers Project

    That's interesting! I'm reborning the OWASP Secure Headers Project from the ashes. I have plans to write guides for all these Security Headers and others about how to implement on Apache, nginx, IIS, ...

    If someone wants to help me send me an email (ricardo.iramar@gmail.com).

    I've already made a command line (github.com/riramar/hsecscan) that may help DevOps team to automate some process.

    Project URL: https://www.owasp.org/index.php/OWASP_Secure_Headers_Project

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like