Title 3: Security & Privacy
ascott1 opened this issue · 4 comments
ascott1 commented
Potential titles
- Building Apps that Respect A User's Privacy
- Security & Privacy
Table of contents (draft)
- Series introduction
- https
- Web tracking
- Introduction
- Browser "do not track"
- Detecting "do no track"
- Establishing a "do not track" policy
- Web application security best practices
- Conclusion, tips, & tools
konklone commented
Some suggested resources when it comes to HTTPS:
- https://https.cio.gov/everything/ <-- USG rationale for "everything"
- https://konklone.com/post/were-deprecating-http-and-its-going-to-be-okay <-- rationale for moving beyond HTTP
- https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/ <-- Mozilla deprecating HTTP
In general, feel free to @ me in any tickets about it, and I'm always happy to offer suggestions and feedback as desired.
ascott1 commented
Thanks @konklone! I've been digging through the cio.gov site recently and it's fantastic.
I just laid out my outline for the https chapter and am going to be drafting it over the next week or two.
Here's the current plan:
- Intro
- How https works (quick overview of SSL/TLS)
- Why use https (definitely going to dive into your blog post as support for this)
- Implementing https
- let's encrypt/certbot
- other certificate options
- Further reading
konklone commented
Awesome! Oh, and I remembered a couple more resources:
- Introducing HTTPS (rationale and description for a non-technical audience): https://www.youtube.com/watch?v=d2GmcPYWm5k
- Migrating HTTPS (covers HSTS and certificate issues in detail): https://www.youtube.com/watch?v=X5H8JRULDOo
ascott1 commented
Excellent! Thank you!