Web ARX Security

Securing websites can be a tricky business, but it’s something I pride myself at being pretty good at.  However, when you’re setting up and managing multiple WordPress sites, it can be hard to keep on top of them all at once. Step in Web ARX Security (affiliate link). In their own words… Website firewall, uptime monitoring and…

CA, CAA and CT in Cloudflare

There’s a lot of acronyms there, so I guess I should start by explaining what I’m talking about! Certificate Authority (CA) A Certificate Authority (CA) is where you go in order to get the certificate for your website, whatever flavour you prefer.  They have the power to generate a certificate for any domain, which is…

HSTS preloading

For a while now, my website has been using HSTS.  HSTS stands for HTTP Strict Transport Security, and essentially it’s a response header that your server sends back with your website to tell that browser that in future, this page should always be requested securely (via HTTPS).  I talked about it briefly last year in…

Sonarwhal via the command line

I recently posted about Testing your website with sonarwhal, a great dynamic analysis tool that you can simply enter your website address into, and they’ll scan and return a report. What I failed to mention (shame on me) is that you can also run this tool via the command line.  That’s right, they’re on npm as sonarwhal too. Install It’s…

Testing your website with sonarwhal

Yesterday I was watching a great Pluralsight course called Play by Play: Javascript Security by Troy Hunt and Aaron Powell.  In this course they discuss a number of security related things, including auth tokens, caching, service workers, third-party library vulnerabilities and client-side validation.  Aaron also introduced me to a tool that I hadn’t heard of before, called sonarwhal. If you’re…