Here
<http://www.theregister.co.uk/2017/11/03/uk_bank_security_audit/> are
the results of an audit on UK banks to check their adherence to various
established security practices:
�� * HTTP Strict Transport Security
�� �� <https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security>
�� * Security Headers <https://securityheaders.io/>
�� * Content Security Policy
�� �� <https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP>
�� * avoidance of weak and obsolete encryption (e.g. RC4)

The result: a real mixed bag.

Has anyone done a similar thing for our banks?
_______________________________________________
wlug mailing list | wlug@list.waikato.ac.nz
Unsubscribe: https://list.waikato.ac.nz/mailman/listinfo/wlug