March 23, 2017
Research shows DV certificates can be a prime target for phishing and malware operators, but experts are unsure how certificate authorities should deal with the issue.
March 22, 2017
HTTPS interception in security products and services may be reducing security rather than improving it, according to US-CERT, which puts middleboxes in a precarious position.
December 14, 2016
A new Certificate Transparency Monitoring tool from Facebook may help webmasters track and vet TLS certificates, as well as improve integrity and security for HTTPS traffic.
November 01, 2016
A new nematode worm proof of concept could help the internet avoid the next massive Mirai IoT botnet DDoS attack, but experts are unsure of the legality of the option.
HTTP Get Started
Bring yourself up to speed with our introductory content
An HTTPS session with a reused nonce is vulnerable to the Forbidden attack. Expert Nick Lewis explains how the attack works, and how to properly secure HTTPS-authenticated sites. Continue Reading
An application delivery controller (ADC) sits between you and the web server farm to manage the traffic between you and any number of back-end servers. In other words, app delivery controllers control the delivery of the web application to you -- hence the name.
Older ADCs required custom ASICs, which raised costs, but processing power has advanced so that ADCs with sophisticated functionality can be implemented in software and run on cost-effective general-purpose processors. This allows today's app delivery controllers to be implemented not only as standalone hardware devices but quite effectively as virtual appliances as well or as a hosted service. In other words, more companies than ever can afford an ADC.
This Buyer's Guide explains key developments in app delivery controller technology and reviews the features ADCs can have. It serves as a manual for networking professionals and others involved in acquiring an app delivery controller for their particular company.Continue Reading
Application delivery controllers have advanced in ways that make ADCs more useful for a wider range of companies than ever before. This guide outlines what you need to know in order to buy the best application delivery controller for your company. Continue Reading
Evaluate HTTP Vendors & Products
Weigh the pros and cons of technologies, products and projects you are considering.
Web application firewalls are more essential than ever when it comes to halting app attacks. Learn what features and functions you should look for when choosing a new WAF. Continue Reading
Runbooks help admins automate certain processes within the Azure cloud. But what capabilities do I gain if I kick-off Azure runbooks through a webhook? Continue Reading
Using HTTP as the bus for traffic between microservices can create some unwanted impacts, including more TCP/IP overhead. Mark Betz goes over some useful alternatives to HTTP. Continue Reading
Learn to apply best practices and optimize your operations.
HEIST, a new HTTP/2 protocol exploit, can steal encrypted content from HTTPS traffic. Expert Michael Cobb explains how this attack works and how to stop it. Continue Reading
Enterprises can't avoid dealing with cloud-based application security any longer. Expert Dejan Lukan discusses the challenges and why they're not as bad as they seem. Continue Reading
Advanced persistent threat groups are using public cloud services to their advantage. Expert Ed Moyle explains how enterprises can protect themselves. Continue Reading
Problem Solve HTTP Issues
We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.
HTTP public key pinning, a security mechanism to prevent fraudulent certificates, was not used by Firefox, and left it open to attack. Expert Michael Cobb explains how HPKP works. Continue Reading
Some AWS users have difficulty setting HTTP response headers based on Lambda functions. Chris Moyer explains how to accomplish that task, and how it can be helpful for developers. Continue Reading
The security of the individual data center server can get lost in the shuffle of protecting enterprise networks. These server security tools will help. Continue Reading