Scott Helme (Page 38)

Make your website faster with SPDY

SPDY, pronounced 'SPeeDY', is a web protocol developed by Google that is primarily aimed at reducing page load time and providing better security. With the latest stable release of nginx featuring SPDY 3.1 support, it's time for an upgrade!...

Free Post

Android

Trusting security in smartphone apps

As users become more and more accustomed to ensuring their data is safe when using the Internet, one area that it's still incredibly difficult to ensure your own safety is when using smartphone apps. There is no address bar to check for...

Free Post

DHE

Perfect Forward Secrecy - An Introduction

Perfect Forward Secrecy is a feature of specific key agreement protocols that gives assurances your session keys will not be compromised even if the private key of the server is compromised. By generating a unique session key for every session a user initiates, even...

Free Post

attack

Mitigating a HTTP GET DoS attack

My blog recently became the target of an orchestrated Denial of Service (DoS) attack using a HTTP GET flood. Aimed at generating huge amounts of load on the MySQL back end, it was very effective. As the attack ramped up, the sheer number of...

Free Post

CloudFlare

Replacing DynDNS with CloudFlare DDNS

As I'm about to lose my free DynDNS account, along with everyone else, it was time to find an alternative. DynDNS has served me well for a great many years in solving the problem of remotely connecting back to my house. Now...

Getting an A+ rating on the Qualys SSL Test

Free Post

cipher suite

Getting an A+ rating on the Qualys SSL Test

The SSL Test provided by Qualys does an incredibly thorough evaluation of the SSL configuration on your server. It's a great way to get a feel for whether...

Free Post

certificate revocation

Enabling Certificate Revocation Checks in Google Chrome

Following on from the announcement of Heartbleed, it's fair to assume that there will be a huge amount of certificate revocations both in progress and in the days and weeks to come. With an increased number of revocations, there's the...

Free Post

certificate

OCSP Stapling; SSL with added speed and privacy

Using SSL on your site comes with certain overheads and one of those overheads is checking the revocation status of your SSL certificate. Whilst this particular overhead resides on the client side, rather than the server side, it still affects the performance of your...

Free Post

HSTS

Setting up HSTS in nginx

The HTTP Strict Transport Security (HSTS) header allows a host to enforce the use of HTTPS on the client side. By informing the browser to only use HTTPS, even if the user specifies HTTP as the protocol, the browser will enforce the use of...

Free Post

encryption

Public WiFi Hotspots; The Wild Wild West

Public WiFi hotspots can usually be found in abundance wherever we go. So much so that many of us are now frustrated when there is no WiFi for us to use. If you're at a coffee shop, hotel, bar, restaurant or even...

Scott Helme

Hi, I'm Scott Helme, a Security Researcher, Entrepreneur and International Speaker. I'm the creator of Report URI and Security Headers, and I deliver world renowned training on Hacking and Encryption.

Make your website faster with SPDY

Trusting security in smartphone apps

Perfect Forward Secrecy - An Introduction

Mitigating a HTTP GET DoS attack

Replacing DynDNS with CloudFlare DDNS

Getting an A+ rating on the Qualys SSL Test

Enabling Certificate Revocation Checks in Google Chrome

OCSP Stapling; SSL with added speed and privacy

Setting up HSTS in nginx

Public WiFi Hotspots; The Wild Wild West

Upcoming Events

Cheat Sheets

Projects