Dan Poirier wrote an article on the Caktus Group blog about common web site security vulnerabilities. In it he talked about the CSRF protection in Django. Although he is right about a CSRF token having to be part of the POST request, this is not the entire story.
My notes from the second day of DevOpsDays Amsterdam 2016.
My notes from the first day of DevOpsDays Amsterdam 2016.
Before the ‘normal’ DevOpsDays, there was a day filled with workshops. These are the notes of the workshops that I attended.
My browser of choice has been Chromium for quite a while now. A couple of podcasts recently discussed how Chrome has become a memory hog and how Firefox has improved over the years. Time for an experiment.
This is a description of how I created a custom Vagrant box starting from a Lubuntu 14.04 desktop CD.
There are several technologies (in the Python world) to have isolated environments for projects. In this article I will describe how we use Virtualenv, Buildout and Docker for a project I’m working on at Fox-IT.
When I was experimenting with an SVG sprite to replace my current icon font, suddenly some of the icons disappeared without a clear reason. It worked fine when I accessed the demo page via the file URI scheme, but as soon as I used an HTTP server, some of them did not show up.
To introduce a coworker to our project and Django in general, I suggested that he would try PyCharm, a Python IDE. One of the (many) nice things of PyCharm is that you can easily jump to the place where something is declared—ideal for exploring a project.
The Heartbleed bug triggered a review of the configuration of my own web server. As a result I discovered that I had my Online Certificate Status Protocol (OCSP) stapling configured wrong. In this article I will briefly explain OCSP and OCSP stapling, what I had done wrong and what is a—as far as I now know—right way to implement OCSP stapling in Nginx.