This story was originally published on HackerNoon at:
https://hackernoon.com/what-i-learned-from-scanning-dozens-of-small-government-websites-and-why-the-same-bugs-keep-coming.
What I found while scanning dozens of small U.S. government websites with an open-source tool — the same five security mistakes and how to fix them.
Check more stories related to cybersecurity at:
https://hackernoon.com/c/cybersecurity.
You can also check exclusive content about
#web-security,
#cybersecurity,
#govtech-user-experience,
#govtech,
#opensource,
#webdev,
#devops,
#legacy-cms, and more.
This story was written by:
@civicmeshflow. Learn more about this writer by checking
@civicmeshflow's about page,
and for more stories, please visit
hackernoon.com.
I built an open-source scanner and pointed it at small U.S. government websites. The same five security mistakes kept showing up: weak HTTPS, no CSP, leaky test files, insecure cookies and outdated JS – plus a simple baseline to fix them.