https://gbhackers.com/owasp-top-10-2017-released/ Open Web Application Security Project(OWASP) released new Top 10 Most Critical Web Application Security Risks list. With the new release, they have completely refactored the methodology of categorizing risks. →
https://arstechnica.com/tech-policy/2017/11/an-alarming-number-of-sites-employ-privacy-invading-session-replay-scripts/ If you have the uncomfortable sense someone is looking over your shoulder as you surf the Web, you’re not being paranoid. A new study finds hundreds of sites—including microsoft.com, adobe.com, and godaddy.com—employ scripts that record visitors’ keystrokes, mouse movements, and scrolling behavior in real time… →
https://hacks.mozilla.org/2017/10/saying-goodbye-to-firebug/ Firebug has been a phenomenal success over its 12-year lifespan. So it’s sad that Firebug is now reaching end-of-life in the Firefox browser, with the release of Firefox Quantum (version 57) soon. The good news is that all the capabilities of Firebug are now present in current Firefox Developer Tools. So the work pioneered by the →
https://staltz.com/the-web-began-dying-in-2014-heres-how.html Here are some key points from this long article: Before the year 2014, there were many people using Google, Facebook, and Amazon. Today, there are still many people using services from those three tech giants (respectively, GOOG, FB, AMZN). However, the underlying dynamics of power on the Web have drastically changed. Internet activity itself →
https://m.slashdot.org/story/333069 The Internet Task Engineering Group (IETF) has approved the new HTTP status code 103. The 103 (Early Hints) informational status code indicates to the client that the server is likely to send a final response with the header fields included in the informational response. →
https://blog.cloudflare.com/performing-preventing-ssl-stripping-a-plain-english-primer/ Article on SSL security. It is beyond doubt that it is simply not secure to blindly trust the medium that connects your users to the internet. HTTPS was created to allow HTTP traffic to be transmitted in encrypted form This blog post presents a plain-english primer on how HTTPS protection can be stripped and →
https://opensource.com/article/17/10/4-website-maintenance-mistakes-avoid?sc_cid=7016000000127ECAAY Maintenance is a good idea for every website, but it’s a requirement for websites using open source code. The upside of open source is that everyone can participate. The downside is that means keeping up with everyone’s changes. Maintenance is a simple process, but there are basic mistakes that many people make at least →
https://dev.to/anthonydelgado/javascript-is-eating-the-world JavaScript and NodeJS are single handedly eating the world of software. Once only thought of as “hipster” technology, NodeJS is quickly becoming one of the most commonly used environments for building web applications. This article has a list of 5 huge companies who have adopted NodeJS for use inside high traffic, high profile production projects. →
https://spectrum.ieee.org/telecom/internet/make-the-web-better-for-everyone The Web has serious problems: peddler of unreliable information, haven for criminals, spawning ground for irrational conspiracy fears, and tool for destructive people to broadcast their violence in real time and with posted recordings But surely you agree that the Web disappoints as much as it delights. Now the hard part—what to do about →
http://charleshughsmith.blogspot.fi/2017/09/are-facebook-and-google-new-colonial.html?m=1 To qualify as colonial powers, Facebook and Google must effectively limit the choices and power of users, and punish or coerce those who question or resist their power. The phrase that captures this broad narrative is: When an online service is free, you’re not the customer. You’re the product. In other words, if you’re not →