{% set baseFontFamily = "Open Sans" %} /* Add the font family you wish to use. You may need to import it above. */

{% set headerFontFamily = "Open Sans" %} /* This affects only headers on the site. Add the font family you wish to use. You may need to import it above. */

{% set textColor = "#565656" %} /* This sets the universal color of dark text on the site */

{% set pageCenter = "1400px" %} /* This sets the width of the website */

{% set headerType = "fixed" %} /* To make this a fixed header, change the value to "fixed" - otherwise, set it to "static" */

{% set lightGreyColor = "#f7f7f7" %} /* This affects all grey background sections */

{% set baseFontWeight = "normal" %} /* More than likely, you will use one of these values (higher = bolder): 300, 400, 700, 900 */

{% set headerFontWeight = "normal" %} /* For Headers; More than likely, you will use one of these values (higher = bolder): 300, 400, 700, 900 */

{% set buttonRadius = '40px' %} /* "0" for square edges, "10px" for rounded edges, "40px" for pill shape; This will change all buttons */

After you have updated your stylesheet, make sure you turn this module off

Verify the Application's Authenticity to the User

by Serge Truth on August 23, 2011

What to Do

Allow the user to verify the authenticity of your application.

Why

Some applications are targets for phishing attacks. Failure to authenticate against the user allows attackers to spoof the application. This can fool the users into submitting their credentials or other sensitive information into an attacker's malicious application.

When

If your application handles sensitive data and allows public access, verify your application's authenticity to your users.

How

Use the following measures to authenticate your application to its users:

  1. Use SSL. Due to the nature of the SSL certificates, SSL can be used to certify the remote host's name. Because of SSL's chain of trust and DNS limitations, spoofing a host that uses SSL is very difficult.

  2. Display personalized and identifiable content. Do not ask the user for credentials in one step. Instead, after the user enters a valid username, display personal and identifiable content to which the user can relate, for example: a personal user-supplied question, an image that has been pre-selected from a library, or a personalized color schema. After the user has authenticated the application, they may enter their password.

Topics: developer guidance, application security

Most Recent

What's Trending

Featured Resource