HPKP is no more!

It's been an interesting ride over the last few years but HPKP, or HTTP Public Key Pinning, is finally coming to the end of its tenure. With support now gone in the last remaining browser, HPKP has been consigned to the scrap heap. HPKPI first wrote about HPKP back in…

Continue Reading

CSRF is (really) dead

A little while back I wrote a blog post about how "CSRF is dead". It focused on SameSite cookies, a powerful yet simple feature to protect your website against CSRF attacks. As powerful as it was, and as much as it will kill CSRF, you had to enable it on…

Continue Reading

Gone forEVer!

Regular readers will know my view on EV certificates but in the last week there have been 2 very significant announcements from the 2 largest browser vendors in the world. There's a big change coming to a browser UI near you and as big as the change is, my bet…

Continue Reading