Scott Helme

If it looks like a duck, swims like a duck, and QWACs like a duck, then it's probably an EV Certificate

For a little while now I've been following a new type of certificate that you may soon be hearing a lot more about. They're called a "Qualified Website Authentication Certificate"...

Free Post

Log4j

Responding to the Log4j 2 vulnerability (CVE-2021-44228)

This blog post isn't going to be a deep dive into the vulnerability itself, but instead how Report URI reacted as an organisation and the things we've improved, even though...

Free Post

Crawler Report

Top 1 Million Analysis - November 2021

Wow! It's been quite a while since I've had time to do my regular analysis of security in the Top 1 Million site, but it's happening again! As it's been...

Frequency analysis on hundreds of billions of reports at Report URI: Top-K

Free Post

Probabilistic Data Structures

Frequency analysis on hundreds of billions of reports at Report URI: Top-K

After looking at how a Bloom Filter works and moving on to understand a Count-Min Sketch, we were left with the final problem of identifying the most frequent reports we...

Free Post

Report URI

Report URI is now using CSP nonces in an enforced policy

Hurrah! Sometimes it takes a little while for projects to make it through your backlog and into production, but the nonce-based policy for CSP on Report URI can now be...

Free Post

Report URI

Report URI Penetration Test 2021

Wow, where did that last year go?! It's time for our annual penetration test again over at Report URI and just like we did last year, we'll be publishing the...

Free Post

Pwned Passwords

Sketchy Pwned Passwords

After playing with some more probabilistic data structures and talking about Count-Min Sketch, I wanted to expand on my previous work with the Pwned Passwords data set. This is quite...

Free Post

Report URI

Frequency analysis on hundreds of billions of reports at Report URI: Count-Min Sketch

At the time of writing, Report URI has processed a total of 669,142,999,794 reports. That's a lot of reports and sometimes it can be difficult to work...

Free Post

Report URI

When Pwned Passwords Bloom!

I recently wrote about Bloom Filters, the hugely space efficient, probabilistic data structures, and how great they can be. I wanted to create a demonstration of just how useful they...

Free Post

Report URI

Frequency analysis on hundreds of billions of reports at Report URI: Bloom Filters

Have we seen this report before? It sounds like a simple question to ask of a service that collects and processes hundreds of millions of reports per day, and in...

Scott Helme

Hi, I'm Scott Helme, a Security Researcher, Entrepreneur and International Speaker. I'm the creator of Report URI and Security Headers and I deliver world renowned training on Hacking and Encryption.

If it looks like a duck, swims like a duck, and QWACs like a duck, then it's probably an EV Certificate

Responding to the Log4j 2 vulnerability (CVE-2021-44228)

Top 1 Million Analysis - November 2021

Frequency analysis on hundreds of billions of reports at Report URI: Top-K

Report URI is now using CSP nonces in an enforced policy

Report URI Penetration Test 2021

Sketchy Pwned Passwords

Frequency analysis on hundreds of billions of reports at Report URI: Count-Min Sketch

When Pwned Passwords Bloom!

Frequency analysis on hundreds of billions of reports at Report URI: Bloom Filters

Upcoming Events

Cheat Sheets

Projects

Upcoming Events

Cheat Sheets

Projects

Follow