Douane Since Let’s Encrypt started, the adaption of HTTPS picked up speed. In Firefox the percentage of HTTPS page loads is now at 42%. Browsers also campaign for it. More & more of them mark forms with sensitive information as insecure. More about this in today’s interesting security news:
Injecting Ruby method and class names. This is a pretty frequent „guest“ in my security code audits, so I wrote about it.
Opinion by Ivan Ristić about HTTP Public Key Pinning (HPKP) being too complicated and dangerous to implement.
As password cracking methods get faster & faster, it might be time to move from bcrypt to Argon2. Ruby gem.
Interesting new tools and research about Content-Security-Policy
Are you affected by the latest MySQL critical vulnerability?
Screencast on how to add 2FA to your application
Also Chrome will mark login screens as insecure if served over plain HTTP.