Weekly Update 113

Presently sponsored by: Netsparker – a scalable and dead accurate web application security solution. Scan thousands of web applications within just hours.

Bit of a change of scenery this week; I’ve gone to the other end of the house whilst invasive palm tree roots are water blasted out from beneath my office window as part of our garden renos. But hey, that’s a nice place to be on a day like this 😎

Other than the location, it’s business as usual. There’s been some interesting discussion on biometric this morning, I’m appealing to developers of extensions and add-ons to whitelist themselves when a CSP is present and I’m talking about Google’s U2F implementation. That last one in particular has had a heap of traction so appears to have struck a bit of a chord. Checking out Google Analytics, it looks it made it to the front page of Hacker News and whilst I always take those comments with a grain of salt, it’s nice to see it getting air time.

Weekly Update 113
Weekly Update 113
Weekly Update 113

References

  1. Let’s retain some pragmatism when talking about biometric auth (that’s a link to my Face ID piece from last year; still relevant today)
  2. We need to get extension and add-on developers whitelisting themselves in CSPs (not doing so breaks their tools and floods site owners with invalid reports)
  3. Google U2F implementation for 2FA is very slick! (particularly for the tech folks, you definitely want to get in on this)
  4. Netsparker is sponsoring my blog again this week (I’ve been a long-time fan of their work, check ’em out!)

Leave a Reply