Tag: CSP

Total 40 Posts

XSS on etherscan.io

I got a DM from a journalist called Jordan Pearson this evening and what started out as a quick comment for an article turned into an investigation of an ongoing issue. etherscan.io Etherscan is ranked as the 1,379th site in the world according to Alexa, so they're pretty…

Continue Reading

Launching Report URI JS

The most common way to set a Content Security Policy on your site is to deliver it as a HTTP response header, but that's not always possible. On hosted platforms like GitHub Pages, Ghost Pro or WordPress it's not always easy or even possible to set a HTTP response header.…

Continue Reading

Malware hunting with CSP

I recently had some great fun using CSP in a way that I've been really excited to talk about. We are starting to utilise the full power of CSP reports to find a way to hunt down malware infected endpoints on a corporate network! Building on previous work I have…

Continue Reading

Adding security headers to Prism JS

I recently came across the Prism JS syntax highlighting library whilst looking at a few options to spruce up my blog. I was very disappointed, though not at all surprised, that they didn't have support for my favourite security headers, so I added it. Prism JS The Prism JS library…

Continue Reading