Free Post Security Headers Can you get pwned with CSS? I recently started to consider changing the grading criteria on Security Headers which isn't something that happens very often. I wanted to make a change that would result...
Free Post Community Projects I Support As we roll further into 2022, I wanted to outline the projects and other activities in the community that I support in the hope that it might inspire you to...
Free Post EV If it looks like a duck, swims like a duck, and QWACs like a duck, then it's probably an EV Certificate For a little while now I've been following a new type of certificate that you may soon be hearing a lot more about. They're called a...
Free Post Log4j Responding to the Log4j 2 vulnerability (CVE-2021-44228) This blog post isn't going to be a deep dive into the vulnerability itself, but instead how Report URI reacted as an organisation and the things we'...
Free Post Crawler Report Top 1 Million Analysis - November 2021 Wow! It's been quite a while since I've had time to do my regular analysis of security in the Top 1 Million site, but it'...
Free Post Probabilistic Data Structures Frequency analysis on hundreds of billions of reports at Report URI: Top-K After looking at how a Bloom Filter [https://scotthelme.co.uk/frequency-analysis-on-hundreds-of-billions-of-reports-at-report-uri-bloom-filters/] works and moving on to understand a Count-Min Sketch [https://scotthelme.co.uk/frequency-analysis-hundreds-billions-reports-report-uri-count-min-sketch/] , we were left with...
Free Post Report URI Report URI is now using CSP nonces in an enforced policy Hurrah! Sometimes it takes a little while for projects to make it through your backlog and into production, but the nonce-based policy for CSP on Report URI can now be...
Free Post Report URI Report URI Penetration Test 2021 Wow, where did that last year go?! It's time for our annual penetration test again over at Report URI and just like we did last year, we'...
Free Post Pwned Passwords Sketchy Pwned Passwords After playing with some more probabilistic data structures and talking about Count-Min Sketch [https://scotthelme.co.uk/frequency-analysis-hundreds-billions-reports-report-uri-count-min-sketch/] , I wanted to expand on my previous work with the Pwned Passwords...
Free Post Report URI Frequency analysis on hundreds of billions of reports at Report URI: Count-Min Sketch At the time of writing, Report URI [https://report-uri.com] has processed a total of 669,142,999,794 reports. That's a lot of reports and sometimes it...
Follow