#web-security

Tin lập trình mới nhất về web-security, tóm tắt tiếng Việt bằng AI.

Scott Helme016 phút3 giờ trước

Top 1 Million Analysis – June 2026: Ten Years of Web Security

A ten-year retrospective crawl of the Tranco Top 1 Million websites measuring web security adoption as of June 2026. Key findings: HTTPS redirects now cover 658,038 sites (up from 62,043 in 2015), CSP has grown 12,360% over the decade but nearly half of all policies still contain unsafe-inline or unsafe-eval. HSTS is on 252,846 sites but only 21% are preload-eligible. Referrer-Policy tripled since 2022. New metrics this year include cookie security attributes, DMARC/SPF records, and cross-origin isolation headers (COOP/COEP). Cloudflare fronts over a third of responding sites, heavily skewing aggregate metrics. Over half the web still scores an F on security headers, though the F count dropped by ~124,000 since 2022. Part two will cover TLS, certificate lifetimes, and post-quantum cryptography.

#security #web-security Nguồn

Mozilla Hacks020 phút6 ngày trước

PACT: Anonymous Credentials for the Web

Mozilla proposes PACT (Private Access Control Tokens), a new web standard to replace CAPTCHAs and invasive bot-detection with privacy-preserving rate limiting. The system uses three roles: Anchors (entities that vouch for users via scarce signals like subscriptions or phone numbers), Moderators (rate-limit enforcers), and Credentials (stateful cryptographic tokens). Built on Privacy Pass and Anonymous Credit Tokens, PACT uses issuer blinding and zero-knowledge proofs so sites only learn whether a user is within a rate limit — nothing more. Unlike Google's Web Environment Integrity or Apple's Private Access Tokens, PACT avoids tying web access to specific hardware vendors. Mozilla plans to bring draft specs to IETF and W3C, with Cloudflare and Chrome already involved.

#web-security #zero-knowledge-proofs Nguồn