Free Post BMW M140i Project The M140i project post - Part 16 It's been a while since I published something about my car and it's another big post! I've talked about alcohol based fuels before, like...
Free Post CSP Top 1 Million Analysis - June 2022 Thanks to the sponsorship provided by Venafi for this post, we have another Top 1 Million Analysis just 6 months after the last one in November 2021! Let's...
Free Post Report URI Increasing entropy in our CSP nonces I've talked many times about CSP and CSP nonces, the easy way to control JavaScript on your page, but someone recently pointed out an area we could improve....
Free Post CSP PCI DSS 4.0; It's time to get serious on Magecart The latest version of PCI DSS just dropped and it's really awesome to see that one of the most notorious threats that we face online when it comes...
Free Post Pwned Passwords Re-bloom! Pwned Passwords v8 After the recent release of the Pwned Passwords v8 dataset, it was time to update my Bloom Filter implementation of Pwned Passwords! -------------------------------------------------------------------------------- Bloom Filters If you aren't...
Free Post Security Headers Can you get pwned with CSS? I recently started to consider changing the grading criteria on Security Headers which isn't something that happens very often. I wanted to make a change that would result...
Free Post Community Projects I Support As we roll further into 2022, I wanted to outline the projects and other activities in the community that I support in the hope that it might inspire you to...
Free Post EV If it looks like a duck, swims like a duck, and QWACs like a duck, then it's probably an EV Certificate For a little while now I've been following a new type of certificate that you may soon be hearing a lot more about. They're called a...
Free Post Log4j Responding to the Log4j 2 vulnerability (CVE-2021-44228) This blog post isn't going to be a deep dive into the vulnerability itself, but instead how Report URI reacted as an organisation and the things we'...
Free Post Crawler Report Top 1 Million Analysis - November 2021 Wow! It's been quite a while since I've had time to do my regular analysis of security in the Top 1 Million site, but it'...