Four Things To Check NOW

We've looked at many topics over the past few weeks. It's easy to delay taking action by focusing on the concepts. And with so much information, it can be difficult to know where to start.

So today I am giving you a list of four things that you can - and must - tackle right now. I'll also give you the links to the articles again, in case you want a quick refresher.

#1 Check the protocol

Make sure right now that your application is using HTTPS.

I covered the importance of this in the blog post: "Is this site secure?"

If you are not using HTTPS, make this your top priority. Depending on your role, you might be able to fix this yourself. If not, put in the necessary change request.

It's common practice to set up websites so that any HTTP links still work. But don't get lazy. Make sure that all the links within your application also use HTTPS. It's easy to copy and paste older links to resources like images, and forget to change the link to use HTTPS. If some of these links are not your responsibility, take the necessary steps to make sure it gets done.

#2 Check the security headers

Are you using security headers in your response? I discussed this in "Your first line of defense".

If you didn't do it then, go to and type in the URL of your application. What rating did you get? Read any warnings, and take steps to get the right headers added.

#3 Read the error messages

Test the application and deliberately generate error messages. Check if the error message tells an attacker what technology you are using on the server.

Why is this important? Read the blog post: "Beware the error message" again as a reminder.

You might not be able to find or address all the error messages, but you can improve some of them.

#4 Research your plugins

Most of us use third-party plug-ins, especially JavaScript libraries like JQuery. It's easy to forget that these also have vulnerabilities.

Did you follow the instructions I gave you in my post "One broken egg"?

If you didn't, go and do it now:

  • Make a list of all the components you are using in your applications. Note their version numbers and where they are being used.
  • Check the National Vulnerability Database to see if there are any known vulnerabilities.
  • Set up an action plan to install the latest version, and of course, test everything again.

If you can tick these four things off as done, then you are already on your way to a more secure application.

Please share your views and comments.

Leave a Comment

Your email address will not be published. Required fields are marked *

Thank You

We're Excited!

Thank you for completing the form. We're excited that you have chosen to contact us about training. We will process the information as soon as we can, and we will do our best to contact you within 1 working day. (Please note that our offices are closed over weekends and public holidays.)

Don't Worry

Our privacy policy ensures your data is safe: Incus Data does not sell or otherwise distribute email addresses. We will not divulge your personal information to anyone unless specifically authorised by you.

If you need any further information, please contact us on tel: (27) 12-666-2020 or email

How can we help you?

Let us contact you about your training requirements. Just fill in a few details, and we’ll get right back to you.