Secure Website With security.txt: Fight Web Vulnerabilities
in Web Dev
Two days ago, I talked about adding a robots.txt file to your site to inform web crawlers like Googlebot for better Google search indexing of your website. Today, with this PR, I have added a security.txt file to blogthedata.com, giving security researchers a way to contact me about new web services vulnerabilities potentially affecting my site.
It’s easy to set this up yourself! You're adding two routes to your app containing information about how to contact you.
https://blogthedata.com/pgp-key.txt
https://blogthedata.com/.well-known/security.txt
“When security risks in web services are discovered by independent security researchers who understand the severity of the risk, they often lack the channels to disclose them properly. As a result, security issues may be left unreported. security.txt defines a standard to help organizations define the process for security researchers to disclose security vulnerabilities securely.”
The first step is to fill out a form on https://securitytxt.org. The tricky part is the encryption section. It's asking for the public key of a GPG asymmetric key pair. There are smarter ways of generating keys, but I used this online PGP generator. Once you create the keys, you'll want to stash the private key somewhere safe and put your public key at a publically accessible endpoint.
Add a security.txt file to your website and join companies like Google, Facebook, and Github to make the web safer for everyone.
Related Posts
Improve SEO With a Sitemap.xml & Robots.txt - A Guide
4 min read
Learn how to improve your website's SEO with a sitemap.xml and robots.txt file. A step-by-step guide on how to create and use these files to boost SEO.
0
How I Improved My Security Score With Mozilla Observatory: A Guide
13 min read
Discover how to improve your rating using Mozilla Observatory's security assessment tool. See the steps I took to upgrade my score from a 'F' to an 'A+'.
0
Navigate the Digital Ocean: Tips & Tricks to Find Quality Information
4 min read
Learn tips and tricks for finding accurate and reliable information online, such as using the Hierarchy of Evidence and searching specific top-level domains.
0
John Solly
Hi, I'm John, a Software Engineer with a decade of experience building, deploying, and maintaining cloud-native geospatial solutions. I currently serve as a senior software engineer at New Light Technologies (NLT), where I work on a variety of infrastructure and application development projects.
Throughout my career, I've built applications on platforms like Esri and Mapbox while also leveraging open-source GIS technologies such as OpenLayers, GeoServer, and GDAL. This blog is where I share useful articles with the GeoDev community. Check out my portfolio to see my latest work!
Comments