Free Post Report URI Increasing entropy in our CSP nonces I've talked many times about CSP and CSP nonces, the easy way to control JavaScript on your page, but someone recently pointed out an area we could improve. Report URI...
Free Post CSP PCI DSS 4.0; It's time to get serious on Magecart The latest version of PCI DSS just dropped and it's really awesome to see that one of the most notorious threats that we face online when it comes to payment...
Free Post Log4j Responding to the Log4j 2 vulnerability (CVE-2021-44228) This blog post isn't going to be a deep dive into the vulnerability itself, but instead how Report URI reacted as an organisation and the things we've improved, even though...
Free Post Probabilistic Data Structures Frequency analysis on hundreds of billions of reports at Report URI: Top-K After looking at how a Bloom Filter works and moving on to understand a Count-Min Sketch, we were left with the final problem of identifying the most frequent reports we...
Free Post Report URI Report URI is now using CSP nonces in an enforced policy Hurrah! Sometimes it takes a little while for projects to make it through your backlog and into production, but the nonce-based policy for CSP on Report URI can now be...
Free Post Report URI Report URI Penetration Test 2021 Wow, where did that last year go?! It's time for our annual penetration test again over at Report URI and just like we did last year, we'll be publishing the...
Free Post Report URI Frequency analysis on hundreds of billions of reports at Report URI: Count-Min Sketch At the time of writing, Report URI has processed a total of 669,142,999,794 reports. That's a lot of reports and sometimes it can be difficult to work...
Free Post Report URI When Pwned Passwords Bloom! I recently wrote about Bloom Filters, the hugely space efficient, probabilistic data structures, and how great they can be. I wanted to create a demonstration of just how useful they...
Free Post Report URI Frequency analysis on hundreds of billions of reports at Report URI: Bloom Filters Have we seen this report before? It sounds like a simple question to ask of a service that collects and processes hundreds of millions of reports per day, and in...
Free Post Report URI Introducing Data Watch: Detect Magecart style attacks, fast! We recently announced a new feature that we'd been working towards for quite some time called Script Watch. Allowing you to be quickly notified of new JavaScript dependencies that appear...