Learn to CSP like a pro!

on CSP | Training

For those that follow my blog, you will know that I'm a pretty big fan of Content Security Policy, or CSP. I've blogged about CSP fairly extensively and even done some international conference talks on it. I'm now really excited to announce that I'm offering CSP training!   What? Content…

Hybrid RSA and ECDSA certificates with NginX

on RSA | ECDSA | Let's Encrypt

NginX version 1.11.0 just became available and that means we can now serve both RSA and ECDSA certificates for maximum performance without having to drop support for older clients.   Nginx 1.11.0 As I noted a couple of days ago, the 1.11.0 release of…

Disclosing password storage policies on report-uri.io

on hashing | report-uri.io

After every breach hits the news, I, along with everyone else, receive the dreaded email asking me to reset my password. The email told me that my leaked password was 'encrypted' but gave no more details than that. Despite the fact that I can't think of any reason my password…

Testing out ECDSA certificates

on ECDSA

Let's Encrypt recently started signing certificates that use ECDSA keys so I figured I'd grab one and give it a try. ECDSA offers considerable increases in both security and performance compared to RSA and boy can you see it!   ECDSA I'm not going to do a deep dive on…

Optimising for performance with Azure Table Storage

on report-uri.io | table storage

I recently announced another huge update for https://report-uri.io and I covered all of the new features in a separate blog. Alongside that I'm going to be publishing a mini-series on the various performance changes I've made to boost performance.     Azure Table Storage I've written a few…