Scott Helme

Free Post

HTTPS

HTTPS deployment tips

Migrating your site to HTTPS can be hard, really hard. There are countless different ways to perform your migration and various tools and techniques that can help you smooth out...

Free Post

CSP

Optimising Twitter's CSP header

I'm sat on a train right now and between bursts of WiFi connectivity I'm testing some code to parse a CSP header. Whilst looking for big...

Free Post

HTTPS

We need more phishing sites on HTTPS!

There, I said it! It might sound like a weird thing to stay but stick with me on this one. We really do need more phishing sites on HTTPS, all...

Free Post

table storage

Hacking Azure Table Storage to do LIKE queries

We use Azure Table Storage as our database for Report URI and it's an incredibly simple yet powerful storage solution. It scales transparently, has amazing performance and is...

Free Post

BBC Click

How we turned Average Joe into Psychic Joe

Last year I got an email offering me the opportunity to do some work with the BBC and show something security focused that would be broadcast live on the BBC&...

Free Post

Report URI

Powerful filtering and other updates for Report URI

We've been working hard in the run up to the holiday season and we're really happy to release some of the new features we've...

Free Post

security.txt

Say hello to security.txt

Security is a difficult process and organisations don't always get it right, I think everyone can agree on that. What's important though is that when things...

Free Post

Year In Review

Year in Review | 2017

Well, another year is drawing to a close already and it doesn't seem like very long since I was writing my last Year in Review post for 2016...

Free Post

Report URI

Overcoming the hurdles of VAT and VAT MOSS in the EU

In September 2017 I founded the company to take Report URI from being a free project that I ran out of my own pocket to being a sustainable, commercial service....

Free Post

HSTS

Bypassing HSTS or HPKP in Chrome is a badidea

I saw some research published at BlackHat EU recently that detailed various ways to bypass both HSTS and HPKP in a variety of mainstream browsers. It was a novel technique...