Randomblogz

April 14, 2020

X-XSS-Protection

We know that inline javascript code execution causes XSS (i.e. cross site scripting), hence to fight this at browser level X-XSS-Protection header was introduced. This header is enabled by default on browsers chrome, IE and safari but to enforce it its better to enabled it. Firefox does not support this HTTP header as it makes use of CSP (Content Security Policy) to provide protection. This header will be replaced...

Read More
July 20, 2019

X-Frame-Options

X-Frame-Options is a simple HTTP header to define if a website is allowed to be loaded in a frame by browser or not. It provides protection against click jacking attacks where attacker loads the legitimate website either from a malicious website or by embedding HTML frame code in side another website.

Read More
July 18, 2019

HSTS

HTTP Strict Transport Security(HSTS) is server side response header from web server to browser to force browser to use HTTPS protocol for website and its contents. After getting this response from browser will reach the website on HTTPS connection only till the header defined timeout is achieved .

Read More
December 10, 2018

Chaos Engineering-Part 1

“Chaos engineering” is planning and performing various failure tests on the live production environments to check its high availability, RTO and RPOs. The idea may sound absurd at first and may raise eyebrows of many in your organization. But when implemented right , with proper panning it can keep the organization fully prepared for any critical component/module failure. “Chaos Engineering” by itself is very planned and detailed and involves...

Read More
November 2, 2018

Threat libraries

The threat library, is exactly what it sounds like, is a place to store the threats encountered by your organization or related to your organization and have impact to it. This library is used to store the threat event details, attributes, chronology of events, related files and softwares etc. It’s important for an organization to keep so that if in future if similar incidents occur, old incident can be...

Read More
RSS