I’ve got a heap of resources I constantly come back to in talks, workshops and just during the course of my everyday work. Frankly, I have trouble remembering them all myself plus I reckon they’re kinda useful for other people too so I thought I’d drop them all into a post here. If you’ve got good stuff I’ve missed (and you almost certainly will), drop it into the comments below as I’d love to add to my own set of resources plus that way it gets shared with everyone. Enjoy!
SSL / TLS / HTTPS
- Is TLS fast yet – A great site debunking the myths of SSL/TLS speed cost
- Firesheep – A watershed moment for SSL by demonstrating the ease with which unprotected traffic can be intercepted and sessions hijacked
- Qualys SSL Labs – Tests a variety of attributes of the SSL implementation by pointing it at any URL
- CloudFlare – Get SSL for free on any website
- Let’s Encrypt – It’s coming, and it promises to fix the current mess that is CAs and configuring certs
- Betsy’s free wifi – Shows a young girl standing up a rogue wifi hot spot
- Chromium HSTS preload list – All the sites submitted for HTTP strict transport security preload (a depressingly small number of them)
- HTTP Shaming – Sensitive data sent insecurely? Name and shame!