I thought I would share some of the hands-on how-to and learning of hardening some web sites and applications. I posted a bit about this here (and in vid @ bottom).
If you are interested in sharing learning on assessing a web app/api/site for security. How to harden it, showing some of the tools, come on out.
I will then show some of the complex things you can do w/ a Web Application Firewall (WAF) using resty-lua-waf (https://github.com/p0pr0ck5/lua-resty-waf) as an example, if you are stuck with a weak app and no way to fix its code.
- Cross Origin Request Sharing
- HTTP Strict Transport Security
- TLS setup
- DNS CAA
Feel free to open https://observatory.mozilla.org/analyze/www.rbcroyalbank.com and be amazed @ the score of 0/100 (F).
Link below for where/when etc.