Lawrence, thanks for posting the "Inherently Insecure" article.
The article inspired me to use a TOR browser and get DuckDuckGo to search for information on what they referred to as a "security hardened website". I was thinking there might be an ISO specification on security hardening of websites and I could contemplate
parting with 118 Swiss Francs to buy the pdf and download it. i.e. Something Like
One of the web-sites that came up in the search is www.serverhardening.com.
However when I try to make a secure HTTPS connection to this website my browser reports "Your connection is not secure". The advanced information reveals:
www.serverhardening.com uses an invalid security certificate.
The certificate is not trusted because it is self-signed.
The certificate is not valid for the name www.serverhardening.com.
The certificate expired on 21 November 2018, 9:31 PM.
If I take the risk and connect with just http, then their web-site has a section on "Server Hardening Tips & Tricks:" and the first bullet point in this section states, "- Use Data Encryption for your Communications".
Feel free to take the risk and check out this one page website at
...30 bullet points is a little short for an ISO specification, but it is free ;-)