Scott Helme

Free Post

HTTPS

Do SSL warranties protect you? As much as rocks keep tigers away...

This post is the first of two that I will be publishing over the coming days to address a few concerns that seem to be rising in the wider community....

Free Post

Security Headers

Alexa Top 1 Million Analysis - February 2018

It's that time of year again! I'm really excited to publish the 6th installment of my Alexa Top 1 Million analysis so we can take a...

Free Post

HTTPS

Why we need to do more to reduce certificate lifetimes

In the early days of the encrypted web you could get certificates valid for any period of time. Long gone are those days and as more time goes by we...

Free Post

nissan leaf

Analysing variations in EV efficiency

This blog is a break from the normal security focus of articles I write but I do have other interests outside of security! I drive an Electric Vehicle and one...

Free Post

PKI

Are you ready for the Symantec distrust?

It's been common knowledge in the wider PKI community that Symantec, the Certificate Authority, is currently being distrusted and will soon cease to exist as a CA. My...

Free Post

CSP

Protect your site from Cryptojacking with CSP + SRI

We saw a pretty big event take place over the weekend where a 3rd party provider was compromised and their JS library was altered. The alteration introduced a crypto mining...

Free Post

Report URI

Hacking Azure Table Storage to do ORDER BY on Timestamp

I recently wrote about a little hack we did with Azure Table Storage to give us functionality equivalent to a LIKE query in SQL, something not natively supported in Table...

Free Post

Report URI

Launching Report URI JS

The most common way to set a Content Security Policy on your site is to deliver it as a HTTP response header, but that's not always possible. On...

Free Post

HTTPS

HTTPS deployment tips

Migrating your site to HTTPS can be hard, really hard. There are countless different ways to perform your migration and various tools and techniques that can help you smooth out...

Free Post

CSP

Optimising Twitter's CSP header

I'm sat on a train right now and between bursts of WiFi connectivity I'm testing some code to parse a CSP header. Whilst looking for big...