As mentioned in my introduction, I recently changed positions at work, and I am now heading our newly created secure coding team. I’ve always had a strong interest in making sure our applications were as secure as possible, and in the early days at my company I spent a great deal of time researching ways to secure our Web sites and applications.
As the years passed and my role with the company changed, I had less and less time to devote to that side of application development (and really, development in general). So, when a reorganization of the development teams was announced – along with this new position – I decided to make the move.
One problem with the change, is that my knowledge of best practices, etc. was pretty rusty by now. Thankfully, my employer provides me with a Pluralsight subscription, so I went there and started going through some of the courses that fell under secure coding (mostly by Troy Hunt so far).
Some of those courses have led me down paths that aren’t specifically about secure coding, but about securing your Web sites in general. Since I have my own Web site, I thought it would be good to start with that. However, before most of them could be implemented, I had to purchase and install a TLS certificate for my domain so people – so that people could use https://www.briankavanaugh.com to open the site. This is important, because Google started flagging sites that aren’t encrypted with HTTPS as not secure in 2018, starting with the release of Chrome 68.