Scott Helme

Report URI: Major new features, Threat Intelligence and more!

As Report URI has continued to grow, we're constantly hearing about new things that our users want. Alongside maintaining the site, fixing bugs and constantly scaling, we're always listening to...

Free Post

BMW M140i Project

The M140i project post - Part 16

It's been a while since I published something about my car and it's another big post! I've talked about alcohol based fuels before, like my methanol injection post or my...

Free Post

CSP

Top 1 Million Analysis - June 2022

Thanks to the sponsorship provided by Venafi for this post, we have another Top 1 Million Analysis just 6 months after the last one in November 2021! Let's take a...

Free Post

Report URI

Increasing entropy in our CSP nonces

I've talked many times about CSP and CSP nonces, the easy way to control JavaScript on your page, but someone recently pointed out an area we could improve. Report URI...

PCI DSS 4.0; It's time to get serious on Magecart

Free Post

CSP

PCI DSS 4.0; It's time to get serious on Magecart

The latest version of PCI DSS just dropped and it's really awesome to see that one of the most notorious threats that we face online when it comes to payment...

Free Post

Pwned Passwords

Re-bloom! Pwned Passwords v8

After the recent release of the Pwned Passwords v8 dataset, it was time to update my Bloom Filter implementation of Pwned Passwords! -------------------------------------------------------------------------------- Bloom Filters If you aren't familiar with...

Free Post

Security Headers

Can you get pwned with CSS?

I recently started to consider changing the grading criteria on Security Headers which isn't something that happens very often. I wanted to make a change that would result in more...

Free Post

Community

Projects I Support

As we roll further into 2022, I wanted to outline the projects and other activities in the community that I support in the hope that it might inspire you to...

If it looks like a duck, swims like a duck, and QWACs like a duck, then it's probably an EV Certificate

Free Post

EV

If it looks like a duck, swims like a duck, and QWACs like a duck, then it's probably an EV Certificate

For a little while now I've been following a new type of certificate that you may soon be hearing a lot more about. They're called a "Qualified Website Authentication Certificate"...

Free Post

Log4j

Responding to the Log4j 2 vulnerability (CVE-2021-44228)

This blog post isn't going to be a deep dive into the vulnerability itself, but instead how Report URI reacted as an organisation and the things we've improved, even though...

Scott Helme

Hi, I'm Scott Helme, a Security Researcher, Entrepreneur and International Speaker. I'm the creator of Report URI and Security Headers and I deliver world renowned training on Hacking and Encryption.

Report URI: Major new features, Threat Intelligence and more!

The M140i project post - Part 16

Top 1 Million Analysis - June 2022

Increasing entropy in our CSP nonces

PCI DSS 4.0; It's time to get serious on Magecart

Re-bloom! Pwned Passwords v8

Can you get pwned with CSS?

Projects I Support

If it looks like a duck, swims like a duck, and QWACs like a duck, then it's probably an EV Certificate

Responding to the Log4j 2 vulnerability (CVE-2021-44228)

Upcoming Events

Cheat Sheets

Projects

Upcoming Events

Cheat Sheets

Projects

Follow