263
edits
Changes
GC HTTPS Future Proofing (view source)
Revision as of 12:11, 5 November 2018
, 12:11, 5 November 2018→Additional Considerations of HTTPS
Line 12:
Line 12:
<br>
* Use strong authentication mechanisms (for example, multi-factor authentication) where possible to protect from unauthorized access.
* Use strong authentication mechanisms (for example, multi-factor authentication) where possible to protect from unauthorized access.
* Design web services so that they are protected from common security vulnerabilities such as SQL injection and others described in widely-used publications such as the [https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project Open Web Application Security * Project (OWASP) Top 10].
* Design web services so that they are protected from common security vulnerabilities such as SQL injection and others described in widely-used publications such as the [https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project Open Web Application Security * Project (OWASP) Top 10].
−For more information on best practices, refer to [https://www.cse-cst.gc.ca/en/group-groupe/its-advice-and-guidance Communications Security Establishment’s (CSE’s) IT security advice and guidance].
For more information on best practices, refer to [https://www.cse-cst.gc.ca/en/group-groupe/its-advice-and-guidance Communications Security Establishment’s (CSE’s) IT security advice and guidance].
<br><br>
<br><br>
Line 28:
Line 27:
* [https://http2.github.io/faq/ HTTP/2 Working Group FAQ]
* [https://http2.github.io/faq/ HTTP/2 Working Group FAQ]
* [https://tools.ietf.org/html/rfc7540 RFC 7540], the final spec
* [https://tools.ietf.org/html/rfc7540 RFC 7540], the final spec
+<br>
===Next Steps: TLS 1.3===
===Next Steps: TLS 1.3===