Skip to content

Instantly share code, notes, and snippets.

@esurdam

esurdam/web_server_setup.md

Last active December 2, 2021 02:42
Show Gist options
  • Save esurdam/9f3d9f3c04166149cc5a14a91c281ffe to your computer and use it in GitHub Desktop.
Save esurdam/9f3d9f3c04166149cc5a14a91c281ffe to your computer and use it in GitHub Desktop.
Download ZIP
Knowledge base for secure server setup.
Raw
web_server_setup.md

Secure Server

HTTP/2 and ALPN

HPKP

  • Convert your pem to pins: Link

CSP

At its core, the Content Security Policy header allows you to define where your web pages are allowed to load content from.

A mechanism web applications can use to mitigate a broad class of content injection vulnerabilities, such as cross-site scripting (XSS)

Oh, and it’s awesome.

  • Yetanother Generator: Link
  • CSP Generator: Link
  • Content Security Policy tester: Link

SSL

  • SSL Server test: Link
  • Proxy ELB SSL to instance: Link
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment