Testing out ECDSA certificates

on ECDSA

Let's Encrypt recently started signing certificates that use ECDSA keys so I figured I'd grab one and give it a try. ECDSA offers considerable increases in both security and performance compared to RSA and boy can you see it!   ECDSA I'm not going to do a deep dive on…

Optimising for performance with Azure Table Storage

on report-uri.io | table storage

I recently announced another huge update for https://report-uri.io and I covered all of the new features in a separate blog. Alongside that I'm going to be publishing a mini-series on the various performance changes I've made to boost performance.     Azure Table Storage I've written a few…

Still think you don't need HTTPS?

on HTTPS | Let's Encrypt | performance

Very often people tell me "we don't need HTTPS" and most of the time the justification is based on 1 of 2 arguments. It's either "we don't have a login screen" or "we don't serve any sensitive data". Supporting HTTPS on your site has so much more to offer than…

The next major update for report-uri.io!

on report-uri.io | CSP | HPKP

I've just pushed the next major update to https://report-uri.io and there are some great new features that I'm really excited to be launching! The service has come a long way in the 12 months it's been running and usage has soared. Here is your next batch of new…

Let your framework do the heavy lifting

on CSRF | report-uri.io | codeigniter

I recently found myself in a conversation about the difficulties of building and implementing effective CSRF protection. Not only was I struggling to get across the technical details of a CSRF attack, but there was a big focus on building a 'bespoke' solution.   Cross-Site Request Forgery explained CSRF can…