Free Post hashing Disclosing password storage policies on report-uri.io After every breach hits the news, I, along with everyone else, receive the dreaded email asking me to reset my password. The email told me that my leaked password was...
Free Post ECDSA Testing out ECDSA certificates Let's Encrypt recently started signing certificates that use ECDSA keys so I figured I'd grab one and give it a try. ECDSA offers considerable increases in...
Free Post report-uri.io Optimising for performance with Azure Table Storage I recently announced another huge update for https://report-uri.io and I covered all of the new features in a separate blog [https://scotthelme.co.uk/better-performance-and-custom-subdomains-on-report-uri-io/] . Alongside that I&...
Free Post HTTPS Still think you don't need HTTPS? Very often people tell me "we don't need HTTPS" and most of the time the justification is based on 1 of 2 arguments. It's...
Free Post report-uri.io The next major update for report-uri.io! I've just pushed the next major update to https://report-uri.io and there are some great new features that I'm really excited to be launching! The...
Free Post CSRF Let your framework do the heavy lifting I recently found myself in a conversation about the difficulties of building and implementing effective CSRF protection. Not only was I struggling to get across the technical details of a...
Free Post nginx Monitoring Server and Application Health with New Relic As the number of servers you manage increases, keeping an eye on them all can become a bit of a task in itself. I've used Munin [http://munin-monitoring....
Free Post nissan leaf The vulnerable web API for my Nissan Leaf I've driven a purely Electric Vehicle (EV) for over 2 years now and had intended to write about the experience at some point on my blog. Writing about...
Free Post securityheaders.io The SecurityHeaders.io Chrome and Firefox Extension In a little over 2 months my HTTP header analysing service, securityheaders.io [https://securityheaders.io], has seen over 300,000 scans performed! In order to make the service easier...
Free Post CSP Security headers in the Alexa Top 1 Million I did a scan of the Alexa Top 1 Million back in August 2015 and published the results for everyone to see. Having just completed another scan of the current...
