Web Site Identity
From MgmtWiki
Revision as of 20:32, 4 September 2018 by Tom (talk | contribs) (Created page with "==Full Title and Meme== The current manner in which a Web Site can be identified by a User is badly broken. ==Context== * The day when a personal computer was for run...")
Contents
Full Title and Meme
The current manner in which a Web Site can be identified by a User is badly broken.
Context
- The day when a personal computer was for running application for the user is long gone, never to return.
- Today a personal computer depends on cloud based service for nearly all of its functionality.
- Web Site security is becoming widely known as Cyber-Security, probably because that sounds more important somehow.
- This page will only consider the use of a trusted User Agent, typically a web browser from a well-known and trusted vendor.
- For the case of the user allowing a Native App to be installed on their personal device, see the page Native App Security.
Problems
Solutions
- The Web Site exposes its name in a manner that allows the user to make a meaningful trust decision.
- Most browsers come with a feature that will evaluate any file downloaded to a computer based on a set of constantly updated filters installed in the cloud.
References
Organizational Support
- The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of web site software.
- ISACs are member-driven organizations, delivering all-hazards threat and mitigation information to asset owners and operators.