Scott Helme

Frequency analysis on hundreds of billions of reports at Report URI: Top-K

After looking at how a Bloom Filter works and moving on to understand a Count-Min Sketch, we were left with the final problem of identifying the most frequent reports we...

Free Post

Report URI

Report URI is now using CSP nonces in an enforced policy

Hurrah! Sometimes it takes a little while for projects to make it through your backlog and into production, but the nonce-based policy for CSP on Report URI can now be...

Free Post

Report URI

Report URI Penetration Test 2021

Wow, where did that last year go?! It's time for our annual penetration test again over at Report URI and just like we did last year, we'll be publishing the...

Free Post

Pwned Passwords

Sketchy Pwned Passwords

After playing with some more probabilistic data structures and talking about Count-Min Sketch, I wanted to expand on my previous work with the Pwned Passwords data set. This is quite...

Free Post

Report URI

Frequency analysis on hundreds of billions of reports at Report URI: Count-Min Sketch

At the time of writing, Report URI has processed a total of 669,142,999,794 reports. That's a lot of reports and sometimes it can be difficult to work...

Free Post

Report URI

When Pwned Passwords Bloom!

I recently wrote about Bloom Filters, the hugely space efficient, probabilistic data structures, and how great they can be. I wanted to create a demonstration of just how useful they...

Free Post

Report URI

Frequency analysis on hundreds of billions of reports at Report URI: Bloom Filters

Have we seen this report before? It sounds like a simple question to ask of a service that collects and processes hundreds of millions of reports per day, and in...

Working around expired Root Certificates

Free Post

Let's Encrypt

Working around expired Root Certificates

Should clients care about when a Root Certificate expires? That's a bit of an odd question, and the first time I asked myself this question, the answer was a resounding...

Free Post

Let's Encrypt

Let's Encrypt Root Expiration - Post-Mortem

Well, the Internet Apocalypse came and went! Due to the recent expiration of the Let's Encrypt intermediate and root certificates, I saw more widespread issues than I was expecting, but...

Free Post

Let's Encrypt's Root Certificate is expiring!

On 30th September 2021, the root certificate that Let's Encrypt are currently using, the IdentTrust DST Root CA X3 certificate, will expire. You may or may not need to do...

Scott Helme

Hi, I'm Scott Helme, a Security Researcher, Entrepreneur and International Speaker. I'm the creator of Report URI and Security Headers and I deliver world renowned training on Hacking and Encryption.

Frequency analysis on hundreds of billions of reports at Report URI: Top-K

Report URI is now using CSP nonces in an enforced policy

Report URI Penetration Test 2021

Sketchy Pwned Passwords

Frequency analysis on hundreds of billions of reports at Report URI: Count-Min Sketch

When Pwned Passwords Bloom!

Frequency analysis on hundreds of billions of reports at Report URI: Bloom Filters

Working around expired Root Certificates

Let's Encrypt Root Expiration - Post-Mortem

Let's Encrypt's Root Certificate is expiring!

Upcoming Events

Cheat Sheets

Projects

Upcoming Events

Cheat Sheets

Projects

Follow