As 2016 is getting closer to the end, I wanted to give you some brief insight in what has been happening in the past month or so, with additional information about updates on RootNetSec and plans for the future.
WordPress is the most popular content management system (27.2% of all websites in 2016), bringing an ease in creating websites even for non technical users. Perfect option? Unfortunately not, as WordPress is also the most hacked platform (around 70% of all hacked CMS are WordPress based sites).
Krypton is another wargame from OverTheWire, that is based on cryptography and cryptoanalysis. As I really love this topic I decided to give it a try, unfortunately level 6 was way harder than I thought and I couldn't complete this, but I'm still happy with the results.
About half of a year ago, my girlfriend got e-mail from post office saying that the the package was ready to pickup, with a quick note saying that more information is available in the attachment. I was asked to look at it, as she found it suspicious - mail was written very poorly - definitely not what official mail would sound like. Firstly I took a look at the domain, from where this mail was sent, and as I excepted, it was not connected to domains of our post service. But what I really wanted to know was, what's the goal of the attachment?
Today we're going to start with Web Security - in particular I want to discuss security headers - small steps to keep your web application more secure. Without wasting your time, let's move to the content.