November 23, 2016
November 12, 2016
"A sophisticated type of man-in-the-middle attack called SSL stripping was presented at the Blackhat Conference 2009. This type of attack defeats the security provided by HTTPS by changing the https: link into an http: link, taking advantage of the fact that few Internet users actually type "https" into their browser interface: they get to a secure site by clicking on a link, and thus are fooled into thinking that they are using HTTPS when in fact they are using HTTP." [https://en.wikipedia.org/wiki/HTTPS#Limitations]
SSL Stripping Mitigation
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
November 11, 2016
When you build your application you will have a native package. The application will then run in a native WebView (on iOS Objective-C UIWebView class; on Android android.webkit.WebView.)
Reference for regexp validation (javax.validation.constraints.Pattern): OWASP Validation Regex Repository
What is Clickjacking? https://en.wikipedia.org/wiki/Clickjacking
- Clickjacking Defense Cheat Sheet
Content-Security-Policy: frame-src 'self'
What is CSP, Content Security Policy? https://www.owasp.org/index.php/Content_Security_Policy
This is a security feature that helps prevent attacks based on MIME-type confusion.