Free Post CSP CSP nonces the easy way with Cloudflare Workers Everybody knows I'm a rather large fan of CSP and an even bigger fan of CSP reporting, but CSP can be hard. Part of my personal mission has...
Free Post EV Extended Validation not so... extended? How I revoked $1,000,000 worth of EV certificates! Personal like or dislike of EV aside for a moment, we can all agree on what the name of EV certs implies. Organisations get their company details in the certificate...
Free Post Certificate Authorities Ballot SC22: Reduce Certificate Lifetimes We've made some great progress in the TLS and PKI ecosystem in recent years, driven largely by the actions of browser vendors. We could have just taken another...
Free Post Certificate Transparency Announcing CT Monitoring for Report URI! I've spoken a lot about Certificate Transparency on my blog recently and how powerful it is for site operators to be able to keep track of certificates issued...
Free Post CSRF CSRF is (really) dead A little while back I wrote a blog post about how "CSRF is dead". It focused on SameSite cookies, a powerful yet simple feature to protect your website against CSRF attacks. As powerful as it was, and as much as it will...
Free Post EV Gone forEVer! Regular readers will know my view on EV certificates but in the last week there have been 2 very significant announcements from the 2 largest browser vendors in the world....
Free Post Report URI Thinking more about bots and whether we do enough I've worked at some great companies during my career and worked alongside some great people too. Many of those I still keep in contact with and recently I...
Free Post Security Headers Security Headers Updates I've just deployed a few changes to Security Headers to bring it up to date with recent changes in the industry. Here are the details and how they...
Free Post Report URI Maintaining state in a Cloudflare Worker It's no secret that we use Cloudflare Workers extensively at Report URI and once you're using a Worker, you can keep adding more functionality to it....
Free Post Hack Yourself First The Hack Yourself First UK Tour now has Hotel Packages Ticket sales are still open for the Hack Yourself First UK Tour and to make it even easier to attend, we're now offering Hotel Packages! -------------------------------------------------------------------------------- The HYF...