Locks and Security News: your weekly locks and security industry newsletter
22nd November 2017 Issue no. 387
Your industry news - first
We strongly recommend viewing Locks and Security News full size in your web browser. Click our masthead above to visit our website version.
93% of websites fail to meet security standard
April King, a security engineer at Mozilla, found that the vast majority of the world's largest sites - 93.45% to be exact - are not implementing many modern security technologies which provide secure connections to their users and protect them from attacks such as cross-site scripting (CSS) and content injection.
The assessment of these sites was made by Mozilla's own Observatory tool (which King designed). It conducts 11 different tests to see what security technologies a website is using, including HTTPS, HPKP (Key Pinning), CSP (Content Security Policy), and Subresource Integrity. It also scores sites on how well they use those technologies. Websites with sub-par configurations - like supporting HTTPS without automatically redirecting users - receive penalties.
12th July 2017