CSS-Based Fingerprinting

Fingerprinting is bad. It’s a term that refers to building up enough metadata about a user that you can essentially figure out who they are. JavaScript has access to all sorts of fingerprinting possibilities, which then combined with the IP address that the server has access to, means fingerprinting is all too common. You don’t […]

Ain’t No Party Like a Third Party

I’d like to tell you something not to do to make your website better. Don’t add any third-party scripts to your site. That may sound extreme, but at one time it would’ve been common sense. On today’s modern web it sounds like advice from a tinfoil-hat-wearing conspiracy nut. But just because I’m paranoid doesn’t mean they’re not out to get […]

Don’t Snore on CORS

Whatever, I just needed a title. Everyone’s favorite web security feature has crossed my desk a bunch of times lately and I always feel like that is a sign I should write something because that’s what blogging is. The main problem with CORS is that developers don’t understand CORS. The basic concept of it is […]

Pin It on Pinterest