Free Post HPKP Guidance on setting up HPKP Having recently released my HPKP toolset [https://scotthelme.co.uk/hpkp-toolset/], I thought I'd give some guidance on the various ways you can setup HPKP and the benefits...
Free Post HPKP The HPKP toolset! HPKP is an incredibly powerful response header that allows you to whitelist the fingerprints of specific cryptographic identities. This offers you protection against a rogue Certificate Authority issuing a certificate...
Free Post report-uri.io The first 3 months of report-uri.io 3 months ago I launched report-uri.io [https://report-uri.io], my CSP and HPKP violation reporting service. Since then the service has seen steady growth and I've been...
Free Post HSTS How widely used are security based HTTP response headers? With my recent interest in security based HTTP headers like CSP and HPKP following the launch of my new service report-uri.io [https://report-uri.io], I found myself wondering just...
Free Post HPKP Demonstrating HPKP validation failures I have a couple of subdomains on scotthelme.co.uk to show how good a TLS config can be and how bad a TLS config can be and still not...
Free Post report-uri.io Build a cloud scale PHP session store with Azure Table Storage Whilst building https://report-uri.io I knew that I was going to need some form of load balancing to be able to accommodate the kind of load I wanted to...
Free Post CSP Major update for report-uri.io Over the weekend I finalised a major update for https://report-uri.io, my new CSP and HPKP violation reporting service. Designed to make setting up and using your CSP even...
Free Post report-uri.io Working with Azure Table Storage - The Basics I recently launched https://report-uri.io, my new CSP and HPKP violation reporting service that is built on, amongst other things, Azure Table Storage. Using Table Storage required a little...
Free Post steelcon SteelCon 2015 Following a fantastic first year for SteelCon in 2014, I've just returned from an amazing weekend attending SteelCon 2015. With great speakers, networking, location, food and drink, there&...
Free Post chrome Chrome Address Spoofing PoC An address spoofing vulnerability has been disclosed in Google Chrome that not only allows a site to change the address you see in the address bar, but the certificate if...
