Barry Frost

This is Barry Frost’s personal website.

Tagged #security

Analyse your HTTP response headers. Gives recommendations and advice on security and referrer policies.


This tool helps you check what data-protecting measures a site has taken to help you exercise control over your privacy.

DNSdumpster is a FREE domain research tool that can discover hosts related to a domain. Finding visible hosts from the attackers perspective is an important part of the security assessment process.

Building account systems

Advice on dealing with accounts and passwords when building a web app

^Lift Security

Application Security / Penetration Testing – used by Panic to audit its Panic Sync service


590+ usernames in this dictionary! A list of reserved usernames to prevent url collision with resource paths. This repository hosts the list in multiple formats like JSON, CSV, SQL and plain text. You can use its just download its by wget.

Reposted gRegor Morrill gRegor Morrill’s post on Twitter
Today is a good day to review your permissions on various silos. Handy links on


This is a collection of thoughts on securing a modern Apple Mac computer using macOS (formerly OS X) 10.12 “Sierra”, as well as steps to improving online privacy.

Moving to HTTPS

Guide to how to move your site from HTTP to HTTPS

Liked Pinboard Pinboard’s post on Twitter
In which Teen Vogue tears the Guardian a new one through the simple trick of interviewing actual security experts:


This is a opinionated blacklist of words that you might not like to see used as usernames in your service.

e.g. “admin” or “help”.

Liked Jeff Waugh Jeff Waugh’s post on Twitter
Good time for a reminder: Your fingerprint is your user name, *not* your password.

Let them paste passwords

Advice from the National Cyber Security Centre (terrible name, good advice) that stopping pasting passwords is a bad thing and does nothing for security.

Reposted Alastair Campbell Alastair Campbell’s post on Twitter
The UK’s digital security centre recommends *against* forced password expiry, at last someone has said it.…


Secure random number generation for Ruby using system RNG facilities

Security Guide for Developers

JSON Web Tokens (JWT) vs Sessions is a handy site for testing whether your website’s server is sending sensible headers. Think of it like SSL Test for a few nitty-gritty details.


PAN / Credit Card Scanner

Password guidance: executive summary - GOV.UK