re: Improving security in ASP.NET MVC using custom headers VIEW POST

TOP OF THREAD FULL DISCUSSION
re: Security headers are things of the best things you can add to a site to increase the security. They have a low time vs benefit cost, and they can s...
 

Good input, Jamie. I can see that quite a lot happened since I originally wrote that post. I also use Report URI now. Maybe I should give the post an overhaul :) Thanks!

 

I've use Feedify and QR Codes in one post (shortly before the first instance of MageCart), a discussion on OWASP, and how it could ruin your company or brand as examples about why folks should look into this in the past. Especially since it's a relatively easy problem to solve.

I feel like you could make it into a series of posts. Even as someone who knows this stuff and how to implement it, I'd love to read a series where the author goes from "here's the theory" through "here's my initial plan", to "here's why my assumptions were wrong" (because with CSP, they will be) to "here's the finished headers for my site".

A lot of folks who write about headers tend to focus on the first and last step here, but devs need to know that the middle part is hard. Maybe you could cover that, or nominate someone to do so. Maybe I'll take a whack at it with an app for one of my clients 😉

code of conduct - report abuse