Free Post CSRF Let your framework do the heavy lifting I recently found myself in a conversation about the difficulties of building and implementing effective CSRF protection. Not only was I struggling to get across the technical details of a...
Free Post nginx Monitoring Server and Application Health with New Relic As the number of servers you manage increases, keeping an eye on them all can become a bit of a task in itself. I've used Munin [http://munin-monitoring....
Free Post nissan leaf The vulnerable web API for my Nissan Leaf I've driven a purely Electric Vehicle (EV) for over 2 years now and had intended to write about the experience at some point on my blog. Writing about the discovery of an insecure API that allows an attacker to remotely control features...
Free Post securityheaders.io The SecurityHeaders.io Chrome and Firefox Extension In a little over 2 months my HTTP header analysing service, securityheaders.io [https://securityheaders.io], has seen over 300,000 scans performed! In order to make the service easier...
Free Post CSP Security headers in the Alexa Top 1 Million I did a scan of the Alexa Top 1 Million back in August 2015 and published the results for everyone to see. Having just completed another scan of the current...
Free Post securityheaders.io securityheaders.io update I've just pushed a few changes to securityheaders.io [https://securityheaders.io] that should make the service a little easier to use! Syntax validation of header values The...
Free Post Let's Encrypt Let's Encrypt Smart Renew In a previous blog I wrote about how to get started with Let's Encrypt certificates and auto-renewing them. Free certificates are awesome and auto-renewal is even better, but...
Free Post CSP Micro-optimisation for fun! I stumbled across what I assume is a performance optimisation being used by Twitter and wondered how much I could optimise my site using a similar principle. The changes would...
Free Post securityheaders.io Scoring transparency for securityheaders.io The new version of my HTTP header analysing service, https://securityheaders.io, was launched a little over a month ago and is doing really well! To ease myself into the...
Free Post CSP Fixing mixed content with CSP As more and more sites are migrating to HTTPS, one of the biggest problems that will need solving is tracking down all of your HTTP resources to avoid mixed content...