Improve our security score #842
Comments
|
I have issues getting that report to load Missing:
I ran the CNCF website through this checker
Imparting a stricter control on what can embedded / included on our site. This could cause problems with the CNCF blog, which currently embeds content from many sources. But the blog is also where our site could be exploited, so some control could be good. We would need to discuss this and weight up the potential extra work involved. This plugin seems to be recommended a lot for WP - https://wordpress.org/plugins/gd-security-headers/ Can also implement ourselves - Pantheon has some guidance. CSP Evaluator - https://csp-evaluator.withgoogle.com For monitoring CSP, https://report-uri.com (to hand off reporting and alerts)
We would need to generate the DMARC DNS record, add it to our DNS (I think through https://dnsimple.com) and monitor it. Reporting could be fed back to https://report-uri.com OverallFrom reading around, CSP is a large part of the security score, but this could also cause us the most problems with content. Let's discuss next steps on our call. |
Let's improve this security score which currently gives us an F.
The text was updated successfully, but these errors were encountered: