diff --git a/.vscode/settings.json b/.vscode/settings.json
index af95173..e08f89c 100644
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -12,5 +12,6 @@
"editor.defaultFormatter": "esbenp.prettier-vscode"
},
"prettier.enable": true,
- "prettier.useEditorConfig": true
+ "prettier.useEditorConfig": true,
+ "sarif-viewer.connectToGithubCodeScanning": "off",
}
diff --git a/Makefile b/Makefile
index fd5dd1c..9a41e66 100644
--- a/Makefile
+++ b/Makefile
@@ -218,6 +218,7 @@ build:
## serve: [website] Perform a development build of the website, and run a local web server.
serve:
HUGO_ENV=development hugo serve \
+ --baseURL=http://devsec.local \
--buildDrafts \
--cleanDestinationDir \
--disableFastRender \
@@ -231,6 +232,7 @@ serve:
--templateMetricsHints \
--watch \
;
+# --appendPort=false \
# Implement make test
diff --git a/config/_default/server.toml b/config/_default/server.toml
index f451475..e5465e0 100644
--- a/config/_default/server.toml
+++ b/config/_default/server.toml
@@ -3,14 +3,9 @@
[[headers]]
for = '/**'
[headers.values]
- # Content-Security-Policy = 'script-src localhost:1313'
- Referrer-Policy = 'strict-origin-when-cross-origin'
- X-Content-Type-Options = 'nosniff'
- X-Frame-Options = 'DENY'
- X-XSS-Protection = '1; mode=block'
-
- # [[redirects]]
- # force = false
- # from = '/myspa/**'
- # to = '/myspa/'
- # status = 200
+ Access-Control-Allow-Origin = "*"
+ # Content-Security-Policy = 'script-src localhost:1313 devsec.local devsec.local:1313; style-src localhost:1313 devsec.local devsec.local:1313'
+ Referrer-Policy = 'strict-origin-when-cross-origin'
+ X-Content-Type-Options = 'nosniff'
+ X-Frame-Options = 'DENY'
+ X-XSS-Protection = '1; mode=block'
diff --git a/config/development/hugo.toml b/config/development/hugo.toml
index 88954b7..9c349cb 100644
--- a/config/development/hugo.toml
+++ b/config/development/hugo.toml
@@ -1,4 +1,4 @@
-baseURL = "http://localhost:1313"
+baseURL = "http://devsec.local"
[params]
-apiHostname = "http://127.0.0.1:8080"
+apiHostname = "http://api.devsec.local"
diff --git a/content/learning/http-version.md b/content/learning/http-version.md
index fa09075..485c0d3 100644
--- a/content/learning/http-version.md
+++ b/content/learning/http-version.md
@@ -6,13 +6,13 @@ layout: learn-single
good_better_best:
1good:
title: OK
- description: 'HTTP/1.1'
+ description: 'HTTP/1.1'
2better:
title: Better
- description: 'HTTP/1.1 + HTTP/2'
+ description: 'HTTP/1.1 + HTTP/2'
3best:
title: Best
- description: 'HTTP/1.1 + HTTP/2 + HTTP/3'
+ description: 'HTTP/1.1 + HTTP/2 + HTTP/3'
docs:
aws:
diff --git a/content/learning/recommended-cipher-suites.md b/content/learning/recommended-cipher-suites.md
index c829e10..471088c 100644
--- a/content/learning/recommended-cipher-suites.md
+++ b/content/learning/recommended-cipher-suites.md
@@ -10,19 +10,19 @@ In {{% year %}}, there are only two configurations which are considered fully se
## TLS versions
-* {{< svg-check >}} TLS 1.3+ {{< svg-check >}} TLS 1.2
+* {{< svg-check >}} TLS 1.3+ {{< svg-check >}} TLS 1.2
-* {{< svg-x >}} TLS 1.1, {{< svg-x >}} TLS 1.0, {{< svg-x >}} SSLv3, and {{< svg-x >}} SSLv2
+* {{< svg-x >}} TLS 1.1, {{< svg-x >}} TLS 1.0, {{< svg-x >}} SSLv3, and {{< svg-x >}} SSLv2
## TLS 1.3 cipher suites
In order to simplify configuration and increase security, [TLS 1.3] _only defines_ three cipher suites which are meant to be non-configurable.
-1. {{< svg-check >}} TLS_AES_128_GCM_SHA256
+1. {{< svg-check >}} TLS_AES_128_GCM_SHA256
-1. {{< svg-check >}} TLS_AES_256_GCM_SHA384
+1. {{< svg-check >}} TLS_AES_256_GCM_SHA384
-1. {{< svg-check >}} TLS_CHACHA20_POLY1305_SHA256
+1. {{< svg-check >}} TLS_CHACHA20_POLY1305_SHA256
## TLS 1.2 cipher suites with _Forward Secrecy_
@@ -32,23 +32,23 @@ In order to simplify configuration and increase security, [TLS 1.3] _only define
As a result, these are the only cipher suites with no known vulnerabilities left, and are likely to work with most server software.
-1. {{< svg-check >}} TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+1. {{< svg-check >}} TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
-1. {{< svg-check >}} TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+1. {{< svg-check >}} TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
-1. {{< svg-check >}} TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
+1. {{< svg-check >}} TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
-These are equivalent to the cipher suite identifiers used in **TLS 1.3**. The only difference being that they specify the key exchange (`ECDHE`) and the authenticating signing mechanism (`ECDSA`), whereas the TLS 1.3 cipher suites do not.
+These are equivalent to the cipher suite identifiers used in **TLS 1.3**. The only difference being that they specify the key exchange (`ECDHE`) and the authentication signing mechanism (`ECDSA`), whereas the TLS 1.3 cipher suites do not.
### Tolerable
The following cipher suites are **also secure**, and you can add them **in addition to** the _Recommended_ cipher suites. However they aren't **recommended** because _RSA Authentication Signing_ with keys over 2048 bits can have a notable impact to performance.
-1. {{< svg-check >}} TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+1. {{< svg-check >}} TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
-1. {{< svg-check >}} TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+1. {{< svg-check >}} TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-1. {{< svg-check >}} TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+1. {{< svg-check >}} TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
[TLS 1.2]: https://datatracker.ietf.org/doc/html/rfc5246
[TLS 1.3]: https://datatracker.ietf.org/doc/html/rfc8446
diff --git a/content/learning/tls/_index.md b/content/learning/tls/_index.md
index e31efba..0d6bf95 100644
--- a/content/learning/tls/_index.md
+++ b/content/learning/tls/_index.md
@@ -6,13 +6,13 @@ layout: list
good_better_best:
1abysmal:
title: Not secure at all
- description: 'SSLv2 SSLv3'
+ description: 'SSLv2 SSLv3'
2better:
title: Security broken
- description: 'TLS 1.0 TLS 1.1'
+ description: 'TLS 1.0 TLS 1.1'
3best:
title: Safe and secure
- description: 'TLS 1.2+ TLS 1.3'
+ description: 'TLS 1.2+ TLS 1.3'
---
diff --git a/themes/dst2024 b/themes/dst2024
index d6cf6b7..c0d73a5 160000
--- a/themes/dst2024
+++ b/themes/dst2024
@@ -1 +1 @@
-Subproject commit d6cf6b7fbf825b15fd8f3dd67440c5373004b287
+Subproject commit c0d73a5b86050c98aae9e2283947b9fe9de99178