Let's Fix The Web

I am heavily frustrated from the way the Web works today. Everything seems to be broken beyond reason. I really want to fix the damn thing but I realize that it is not up to me to do that. It is up to all of us to make sure that code is written in the most secure possible way. Can we do that? Perhaps not! What can we do then?

Before I get to the point, I need to tell you how I fixed my insecure Wordpress blog. Wordpress has many security shortcomings and I was so frustrated that I decided to fix whatever I can once and for all. I believe that we can fix the Web in a similar way, but first these are all the patches that were implemented:

I believe that this makes the blog a lot more secure. There still might be ways to attack it but this is all I can do in the most reasonable possible way, without completely breaking Wordpress. All of these fixes are implemented as a plugin which I will make available for free download soon.

So how can we fix the Web? I have a few ideas in mind and all of them can be implemented. Here they are:

I think that this type of solution will make the Web a lot more secure. It definitely wont fix it, but it will make the majority of attacks not easy at all. It will block the majority of CSRF and XSS attacks. It will provide certain mitigations against persistent XSS attacks. It will provide some mitigations against Browser exploits which employ Flash or Java technology to exploit the browser. It is not perfect, but it looks good enough to me.

Next stop: actually fixing the browser!