With web applications being a target of numerous cyber attacks, the SANS Internet Storm Center has released an article sharing the three must have security HTTP headers for controlling many easily preventable vulnerabilities. The first is HTTP Strict Transport Security. This tells the browser to only connect to the web server using HTTPS secure connections. Doing that helps avoid MITM attacks. The second is to set a Content-Security-Policy. This helps protect against attacks like cross-site-scripting, cross-site-injection and clickjacking. And the final HTTP security header is Access-Control-Allow-Origin. This header ensures that external resources are only being sourced from a specific origin and therefore avoid possible cross-site attacks from untrusted domains. So, there you go, make sure you have those three security HTTP headers configured for your web application to increase your cyber risk protection.
https://isc.sans.edu/diary/rss/29720
This segment was created for the It’s 5:05 podcast