Ensuring Secure Configuration of your Headers

 
Post new topic   Reply to topic    Aprelium Forum Index -> Tutorials
View previous topic :: View next topic  
Author Message
Toasty
-


Joined: 21 Feb 2008
Posts: 298
Location: Chicago, IL

PostPosted: Tue Oct 08, 2019 6:20 am    Post subject: Ensuring Secure Configuration of your Headers Reply with quote

I have built a site that audits the response headers of your web applications to determine if they are configured correctly. I still have a ways to go (for example, digging into CSP configuration a bit deeper).

Following this guide does a lot to reduce your risk profile being online. Anything from Cross Site Scripting to Resource Injection.

I don't host it with Abyss (my license expired some time ago), however I did want to share it with the folks who use the software.

I'm also hoping that the Aprelium Admin team can let me know which versions of Abyss are no longer supported officially. I'd like to add an EOL warning if we detect those so folks know it is time to upgrade. I already have this in place for IIS and Apache, and nginx will be there soon enough as well.

Anyways, here's the site. Would love to get some feedback.

https://secureheader.com/
_________________
Audit the secure configuration of your server headers!
Back to top View user's profile Send private message Visit poster's website
admin
Site Admin


Joined: 03 Mar 2002
Posts: 1295

PostPosted: Fri Oct 11, 2019 12:06 pm    Post subject: Re: Ensuring Secure Configuration of your Headers Reply with quote

Toasty,

That's a great initiative and the tool looks promising.

Coincidentally, we've been working on an article based on https://nullsweep.com/http-security-headers-a-complete-guide/ to help with headers settings. But obviously, your solution is better that a simple article.

Regarding, the lapsed license, please get in touch with us in case you need renewing it.

Regarding the score, it would be better to be more tolerant with some use cases: for example sites which have no iframes for example and which (knowingly) do not include headers related to frames and their origin.

The above suggestion may require some deep crawling work on all the site and can justify a paid option for example. ;)

Regarding Abyss Web Server versions EOL, we usually continue to support all versions (email support) but of course we do not offer patches for older versions. It is safe to say that a version that is 1 year old is probably no more supported since its SSL libraries are probably very old and have security issues.
_________________
Follow @abyssws on Twitter
Subscribe to our newsletter
_________________
Forum Administrator
Aprelium - https://aprelium.com
Back to top View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Aprelium Forum Index -> Tutorials All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB phpBB Group