Haha, thats me! Had this image in my mind after seeing a advanced selfie video on youtube. Turned out great althought i wish the monitor in front of me was a bit more brighter so that you could understand that it is an monitor without me having to describe it. But, it was too dark to pull out the shadows from that area.

Cyber Security Month 2016

The best time to upgrade the security on my projects!

2 minutes

As it is Cyber Security Month, now is the perfect time to work on improving the security on my websites, projects, and servers. But, upgrading them for now isn’t good enough for me, I wanted to add a way of scanning projects automatically, to check for any new issues.

As most of my projects revolve around Javascript and Python, these are the languages I’ll be concentrating on.


#Express Server

Express is one of the most popular JS servers, and fortunately, they have a security guide, that contains some of the best ways to write secure servers. One of the best and simplest ways is to add the helmet middleware, a combination of other middleware that drastically increase security. It’s incredibly easy to add too, at just 3 lines of code!

You can use securityheaders.io to check if any headers are being sent by your server that shouldn’t be, As well as see how you can improve. Here’s the report for my website, powered by my static server tstatic.

#NodeJS Dependencies

One of the easiest ways to keep your code secure is to make sure your dependencies are secure. Fortunately there’s a tool to check this, nsp. It checks the Node Security Project for known vulnerabilities, and reports them to you, as well as how to mitigate them.

#Checking for updates

Keeping dependencies up to date is generally a good thing, and likely to help with the above. Upload you package.json to npm.click, and it’ll tell you what’s out of date, and what the most recent version is!



Any of the projects I work on that are more advance that a simple static server, are probably Django. Checking the python code itself is nice and simple thanks to bandit. It checks your code to make sure you’re writing it properly, catching errors, and using libraries securely.


As with NodeJS, there’s a tool that checks dependencies for security issues. But, unlike nsp, safety not only checks your dependencies, but also their dependencies, recursively.

It’s also possible to check for updates using pypiup. Working in much the same way as npm.click (and written by the same person), except it’s a CLI rather than a website.


To check your hard work has made a difference, seositecheckup contains a helpful section on security, as well as the previously mentioned securityheaders.io. I’ve enabled these tricks on my website, and you can see their results here for securityheaders.io and seositecheckup.

Share this page

Similar content

View all →


Securing public servers

10 minutes

At some point, servers need to be put on the public internet. Whether that be a VPS in the cloud, or your new homelab. Once a server is on the internet, it’s subject to anything and everything the internet has to offer, from botnets to hackers and script kiddies. It’s…


7 minutes

Yesterday, an email was sent to django-announce, informing of an upcoming security update, labelled “high” severity. Previous notifications like this have been one week before the actual disclosure; This email, just 12 hours. The updates were scheduled to be released 12:00 UTC the next day (today). Already, not the best…