Sean Wright


Personal blog of app security guy, blogging about application security related topics, focused primarily on web based applications.

Sean Wright

My Journey To This Blog

25th October 2017

Background

So it’s finally here! I’ve been itching to get my own blog up and running for some time now. It has just been a matter of finding the time to spend on doing so, as well as coming up with some ideas on what content I could post on this blog (first of which will be coming in the upcoming weeks).

Choosing a Platform

This was by far one of the most difficult parts of getting this blog up and running. On the one hand I wanted to make sure I had something which at least looked kind of professional, but on the other hand I did not want to sink a significant amount of money into this venture (in case this blog does not work out for what ever reason).

Self Hosted

I toyed with the idea of renting a server and essentially self hosting the platform myself. But quickly decided against this, since I am not too sure how much time I will have to invest in a self host platform (between juggling a full time job, 2 toddlers, and a mad dog I have my hands full as it is).

Hosted

So I decided to settled on a hosted solution. But at the same time I did not want to plunge a significant amount of money into this initially. If this blog works out, I will most certainly be investing further into it. So the options were essentially:

  • WordPress
  • Google Blogger
  • Ghost
  • Tumblr

I was hesitant about WordPress, given all the recent security issues they have had recently (granted most had to do with plugins and a hosted solution should be well patched). Another issue I had about WordPress is the lack of customisation for their more basic packages.

I tried Ghost a bit, but it was too complicated my initial blog. It is also quite expensive (especially when pays monthly).I decided to settle with Blogger because:

  • It’s free
  • Has some customization
  • I have already entangled myself into the Google ecosystem

Great! Platform chosen, plugin in a custom domain, present credit card and done right? Wrong!

Blogger’s Achilles Heel

As all good bloggers know, even if you going to start off a basic blog, it’s wise to invest in an individual domain for the blog. They often cheap, so there really is no reason why not to. However Blogger does not support HTTPS/TLS for custom domains. Now as a security professional who wants to create a security blog, this just doesn’t sit well with me. It will be interesting to see when and if Google introduces HTTPS support for custom domains. This is especially interesting given how hard Google has been pressing on enforce HTTPS across the Internet lately (ironically their own very browser will soon throw an error when visiting a blog on their very own infrastructure).

Thankfully there is a way to implement HTTPS for Blogger, albeit it is not as secure as I would like. However this is an initial blog of mine, and I plan to move onto something more suitable at a later stage, I think that the risk is acceptable for the time being. For those who are interested, follow the instructions at http://www.howtoshout.com/enable-https-blogger-blog-custom-domain/ (which ironically is only served over plain HTTP).

My next blog post will be covering the Cloudflare solution to enable HTTPS for Blogger, the pitfalls of the solution, as well as some of the benefits of the solution.

View Comments