4 Nov
2017
4 Nov
'17
12:42 a.m.
Here <http://www.theregister.co.uk/2017/11/03/uk_bank_security_audit/> are the results of an audit on UK banks to check their adherence to various established security practices: * HTTP Strict Transport Security <https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security> * Security Headers <https://securityheaders.io/> * Content Security Policy <https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP> * avoidance of weak and obsolete encryption (e.g. RC4) The result: a real mixed bag. Has anyone done a similar thing for our banks?