Scott Helme (Page 32)

Let your framework do the heavy lifting

I recently found myself in a conversation about the difficulties of building and implementing effective CSRF protection. Not only was I struggling to get across the technical details of a...

Free Post

nginx

Monitoring Server and Application Health with New Relic

As the number of servers you manage increases, keeping an eye on them all can become a bit of a task in itself. I've used Munin [http://munin-monitoring....

Free Post

nissan leaf

The vulnerable web API for my Nissan Leaf

I've driven a purely Electric Vehicle (EV) for over 2 years now and had intended to write about the experience at some point on my blog. Writing about the discovery of an insecure API that allows an attacker to remotely control features...

Free Post

securityheaders.io

The SecurityHeaders.io Chrome and Firefox Extension

In a little over 2 months my HTTP header analysing service, securityheaders.io [https://securityheaders.io], has seen over 300,000 scans performed! In order to make the service easier...

Security headers in the Alexa Top 1 Million

Free Post

CSP

Security headers in the Alexa Top 1 Million

I did a scan of the Alexa Top 1 Million back in August 2015 and published the results for everyone to see. Having just completed another scan of the current...

Free Post

securityheaders.io

securityheaders.io update

I've just pushed a few changes to securityheaders.io [https://securityheaders.io] that should make the service a little easier to use! Syntax validation of header values The...

Free Post

Let's Encrypt

Let's Encrypt Smart Renew

In a previous blog I wrote about how to get started with Let's Encrypt certificates and auto-renewing them. Free certificates are awesome and auto-renewal is even better, but...

Free Post

CSP

Micro-optimisation for fun!

I stumbled across what I assume is a performance optimisation being used by Twitter and wondered how much I could optimise my site using a similar principle. The changes would...

Free Post

securityheaders.io

Scoring transparency for securityheaders.io

The new version of my HTTP header analysing service, https://securityheaders.io, was launched a little over a month ago and is doing really well! To ease myself into the...

Free Post

CSP

Fixing mixed content with CSP

As more and more sites are migrating to HTTPS, one of the biggest problems that will need solving is tracking down all of your HTTP resources to avoid mixed content...

Scott Helme

Hi, I'm Scott Helme, a Security Researcher, Entrepreneur and International Speaker. I'm the creator of Report URI and Security Headers, and I deliver world renowned training on Hacking and Encryption.

Let your framework do the heavy lifting

Monitoring Server and Application Health with New Relic

The vulnerable web API for my Nissan Leaf

The SecurityHeaders.io Chrome and Firefox Extension

Security headers in the Alexa Top 1 Million

securityheaders.io update

Let's Encrypt Smart Renew

Micro-optimisation for fun!

Scoring transparency for securityheaders.io

Fixing mixed content with CSP

Upcoming Events

Cheat Sheets

Projects

Upcoming Events

Cheat Sheets

Projects

Follow