Scott Helme (Page 31)

Azure Functions with the PHP Storage SDK

I recently made some changes to report-uri.io [https://report-uri.io] to introduce some sensible usage limits. As part of those limits I'd already introduced the...

Free Post

crawl

Alexa Top 1 Million Analysis - Feb 2017

It's time for the 4th instalment of my Alexa Top 1 Million scan and I've added a heap of new metrics to the crawler for analysis....

Free Post

Certificate Transparency

Certificate Transparency, an introduction

Certificate Transparency is an open framework for monitoring and auditing the certificates issued by Certificate Authorities in near real-time. By requiring a CA to log all certificates they generate,...

Free Post

CSRF

Cross-Site Request Forgery is dead!

After toiling with Cross-Site Request Forgery on the web for, well forever really, we finally have a proper solution. No technical burden on the site owner, no difficult implementation, it's trivially simple to deploy, it's Same-Site Cookies. As...

Free Post

securityheaders.io

A new security header: Referrer Policy

Regular readers will know how fond I am of the existing security headers so it's great to hear that we're getting another! Referrer Policy will allow...

Free Post

ocsp

OCSP Expect-Staple

OCSP Expect-Staple is a new reporting mechanism to allow site owners to monitor how reliable their OCSP Stapling implementation is. With live feedback coming direct from the browser, you...

Free Post

OCSP Stapling

OCSP Must-Staple

Revocation checking is broken and has been for some time. Whilst some vendors have sort of worked around this with proprietary solutions, there is little that the smaller sites can...

Free Post

bug bounty

Bug bounties and extortion

As the popularity of my services like report-uri.io and securityheaders.io has increased they've started to attract more attention. Most of this is good but I've recently started to experience something a little concerning. Bug bounties I want...

Free Post

CSP

CSP Nonce support in Nginx

Content Security Policy is an incredibly powerful security feature but in some circumstances it can be a little difficult to deploy. Removing inline scripts or styles often comes up as...

Free Post

cookies

Tough Cookies

Cookies are tiny pieces of data attached to requests that your browser sends. Their most important use is for authentication so that a web server can know if you are...

Scott Helme

Hi, I'm Scott Helme, a Security Researcher, Entrepreneur and International Speaker. I'm the creator of Report URI and Security Headers, and I deliver world renowned training on Hacking and Encryption.

Azure Functions with the PHP Storage SDK

Alexa Top 1 Million Analysis - Feb 2017

Certificate Transparency, an introduction

Cross-Site Request Forgery is dead!

A new security header: Referrer Policy

OCSP Expect-Staple

OCSP Must-Staple

Bug bounties and extortion

CSP Nonce support in Nginx

Upcoming Events

Cheat Sheets

Projects

Upcoming Events

Cheat Sheets

Projects

Follow