Scott Helme (Page 28)

A new security header: Referrer Policy

Regular readers will know how fond I am of the existing security headers so it's great to hear that we're getting another! Referrer Policy will allow...

Free Post

ocsp

OCSP Expect-Staple

OCSP Expect-Staple is a new reporting mechanism to allow site owners to monitor how reliable their OCSP Stapling implementation is. With live feedback coming direct from the browser, you can...

Free Post

OCSP Stapling

OCSP Must-Staple

Revocation checking is broken and has been for some time. Whilst some vendors have sort of worked around this with proprietary solutions, there is little that the smaller sites can...

Free Post

bug bounty

Bug bounties and extortion

As the popularity of my services like report-uri.io and securityheaders.io has increased they've started to attract more attention. Most of this is good but I've recently started to experience something a little concerning. Bug bounties I want to...

Free Post

CSP

CSP Nonce support in Nginx

Content Security Policy is an incredibly powerful security feature but in some circumstances it can be a little difficult to deploy. Removing inline scripts or styles often comes up as...

Free Post

cookies

Tough Cookies

Cookies are tiny pieces of data attached to requests that your browser sends. Their most important use is for authentication so that a web server can know if you are...

Free Post

CSP

Enforcing the use of SRI

Subresource Integrity is an awesome security feature that allows us to ensure that assets served by a CDN haven't been tampered with. Now, thanks to a new directive...

Free Post

Year In Review

Year in Review | 2016

2016 has been a pretty amazing year for me in many ways, so much so, I wanted to look back on just how much I've achieved in such...

Free Post

nginx

Doing the ChaCha with Nginx

ChaCha20-Poly1305 is the combination of a new cipher, ChaCha20, and a new MAC, Poly1305, to give us a new AEAD cipher suite. AEADs will be the only option that will...

Free Post

HTTPS

Setting up HTTPS on the UniFi Cloud Key

My new Ubiquiti home network is absolutely awesome but there was just one thing bothering me about it. Every time I logged in to the dashboard I'd have...

Scott Helme

Hi, I'm Scott Helme, a Security Researcher, Entrepreneur and International Speaker. I'm the creator of Report URI and Security Headers, and I deliver world renowned training on Hacking and Encryption.

A new security header: Referrer Policy

OCSP Expect-Staple

OCSP Must-Staple

Bug bounties and extortion

CSP Nonce support in Nginx

Enforcing the use of SRI

Year in Review | 2016

Doing the ChaCha with Nginx

Upcoming Events

Cheat Sheets

Projects

Upcoming Events

Cheat Sheets

Projects

Follow