In the last post we talked about HTTP Strict Transport Security (HSTS), and today we’re covering Subresource Integrity (SRI). While HSTS ensures that the browser only communicates with you over a secure channel, SRI ensures that it only loads content that exactly matches what you expect. This is particularly important when you rely on delivery of content via a third party, as you want to make sure that they only deliver exactly what you expect.
HTTP Strict Transport Security
Welcome to the first article in my series on Web Security. Today we’ll be looking at HTTP Strict Transport Security (HSTS) with more related topics following in the coming weeks. I hope this series helps those looking to improve the security of their web apps. Please get in touch with me if you’re looking for help with your project. I’d be very interested in hearing about what you’re doing and working with you on providing a user-friendly, secure experience for your users.
Updates to dropwizard-cassandra
I recently released two new versions of dropwizard-cassandra that are now available on Maven Central. The 3.0.2 release is the last upgrade in the Dropwizard 0.x line and brings all projects up to the latest version of the Cassandra driver (version 3.1.0). If you haven’t yet upgraded to Dropwizard 1.0 but want to use some of the newer features in the updated driver, this is the one for you. The 4.0.0 release brings dropwizard-cassandra in line with the recently released Dropwizard 1.0, along with its base requirement for Java 8.
Instead of blindly following the hype, I’ll lay out some of my thoughts of where microservices are heading. Of course, the danger in making predictions is that some will think you’re stating the obvious and others will think you’re insane or have your head in the clouds. I’m very conscious of that risk, but diving in head first regardless. Hopefully my predictions will make you think about where things are going, regardless of whether they resonate with you or not.