44r0n7/privacy.sexy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
940febc3e80cfd0c01b5cc8282ebaab6b024d1b5
privacy.sexy/SECURITY.md
undergroundwires ba5b29a35d Improve security and privacy with strict meta tags 
This commit introduces two meta tags to strengthen the application's
security posture and enhance user privacy, following best practices and
OWASP recommendations.

- Add Content-Security-Policy (CSP) to strictly to strictly control
  which resources the application is allowed, mitigating the risk of
  code injection attacks such as Cross-Site Scripting (XSS).
- Add `referrer` meta tag to prevent the users' browser from sending the
  page's address, or referrer, when navigating to another site, thereby
  enhancing user privacy.
2023-12-06 15:08:58 +01:00

3.0 KiB
Raw Blame History

Security Policy

Security is a top priority at privacy.sexy. Please report any discovered vulnerabilities responsibly.

Reporting a Vulnerability

Efforts to responsibly disclose findings are greatly appreciated. To report a security vulnerability, follow these steps:

Security Report Handling

Upon receiving a security report, the process involves:

  • Confirming the report and identifying affected components.
  • Assessing the impact and severity of the issue.
  • Fixing the vulnerability and planning a release to address it.
  • Keeping the reporter informed about progress.

Security Practices

Application Security

privacy.sexy adopts a defense in depth strategy to protect users on multiple layers:

  • Link Protection: privacy.sexy ensures each external link has special attributes for your privacy and security. These attributes block the new site from accessing the privacy.sexy page, increasing your online safety and privacy.
  • Content Security Policies (CSP): privacy.sexy actively follows security guidelines from the Open Web Application Security Project (OWASP) at strictest level. This approach protects against attacks like Cross Site Scripting (XSS) and data injection.
  • Context Isolation: The desktop application isolates different code sections based on their access level. This separation prevents attackers from introducing harmful code into the app, known as injection attacks.

Update Security and Integrity

privacy.sexy benefits from automated update processes including security tests. Automated deployments from source code ensure immediate and secure updates, mirroring the latest source code. This aligns the deployed application with the expected source code, enhancing transparency and trust. For more details, see CI/CD Documentation.

Every desktop update undergoes a thorough verification process. Updates are cryptographically signed to ensure authenticity and integrity, preventing tampered versions from reaching your device. Version checks are conducted to prevent downgrade attacks.

Testing

privacy.sexy's testing approach includes a mix of automated and community-driven tests. Details on testing practices are available in the Testing Documentation.

Support

For help or any questions, submit a GitHub issue. Addressing security concerns is a priority, and we ensure the necessary support.

Support privacy.sexy's commitment to security by making a donation ❤️. Your contributions aid in maintaining and enhancing the project's security features.

Active contribution to the safety and security of privacy.sexy is thanked. This collaborative effort keeps the project resilient and trustworthy for all.

Reference in New Issue View Git Blame Copy Permalink