Web Site Security


Web Server

Web Server SSL Test - test your web server for robust SSL/TLS support.  Determine if your server allows insecure sessions, which is an issue if your site deals with PII or financial data.

Recommended cipher suites for web servers - list of safest cipher suites for SSL/TLS. Updated periodically, so check back regularly.

Web Browser

Qualys BrowserCheck - a free tool to help users check their browsers for plugins which might be old or insecure, exposing the user to risk.

Mozilla PluginCheck - another free alternative, and though it is sponsored by Mozilla, who brings us Firefox, it works in most any browser.

Securing Your Browser (US-CERT) - helps users understand concepts like "trusted sites" and how they impact security.

NoScript- a Firefox plugin which allows users to visit web sites with scripting disabled by default. Not for the faint of heart, but can dramatically reduce the risk of a browser-based compromise.

Web Programs

Web Application Security - a PowerPoint presentation concerning web site security "best practices", and how to address various web security issues. Updated periodically, so check back!