Author image

283 posts

CSRF is (really) dead

A little while back I wrote a blog post about how "CSRF is dead". It focused on SameSite cookies, a powerful yet simple feature to protect your website against CSRF attacks. As powerful as it was, and as much as it will kill CSRF, you had to enable it on…

Continue Reading

Gone forEVer!

Regular readers will know my view on EV certificates but in the last week there have been 2 very significant announcements from the 2 largest browser vendors in the world. There's a big change coming to a browser UI near you and as big as the change is, my bet…

Continue Reading

Security Headers Updates

I've just deployed a few changes to Security Headers to bring it up to date with recent changes in the industry. Here are the details and how they might affect you. Security Headers SponsorI announced sponsorship of the Security Headers project back in December 2016 and that continues through to…

Continue Reading