Scott Helme (Page 38)

Setting up HSTS in nginx

The HTTP Strict Transport Security (HSTS) header allows a host to enforce the use of HTTPS on the client side. By informing the browser to only use HTTPS, even if the user specifies HTTP as the protocol, the browser will enforce the use of...

Free Post

encryption

Public WiFi Hotspots; The Wild Wild West

Public WiFi hotspots can usually be found in abundance wherever we go. So much so that many of us are now frustrated when there is no WiFi for us to use. If you're at a coffee shop, hotel, bar, restaurant or even...

Free Post

CloudFlare

My TLS conundrum and why I decided to leave CloudFlare

CloudFlare is an incredibly advanced content delivery network (CDN) that offers boosts to the security and performance of your site. They act as a reverse proxy and shield your web server from exposure to the wider Internet. You get huge bandwidth savings and a...

Free Post

DNS Hijacking

How HSTS could have largely mitigated the Polish DNS hijacking attack

Last week, there was large scale cyber attack on Polish internet users that specifically targeted online banking activities. By modifying the DNS settings on victim's routers, the attackers were able to redirect users to malicious servers and intercept online banking traffic to...

Free Post

BrightBox

EE BrightBox router patched - still vulnerable

EE have released a patch for their BrightBox routers which addresses some of the issues that I disclosed. Whilst the device now takes more care of user credentials and doesn&...

Free Post

BrightBox

EE BrightBox router hacked - bares all if you ask nicely

Shortly after having my new fibre broadband installed, I discovered a method to permanently compromise the security of the BrightBox router provided by EE. After a brief period of traffic...

Free Post

cookies

Web Security - The hidden dangers of hunting for a new house

When looking for a new house to buy in the UK, the chances are at some point you will end up on the website of RightMove or Zoopla. With RightMove claiming they are "the UK's number one property website" and...

Free Post

HSTS

Issuing HSTS policy in PHP

HSTS is a great way of protecting visitors to your website by ensuring their browser only uses a secure connection to communicate. If you use shared hosting and don't have access to change the header configuration, or you simply want to test...

Free Post

HSTS

Manually enforcing HSTS in Google Chrome

HSTS Policies are usually distributed by a web server as a HTTP Response Header. Whilst some sites enforce HTTPS by issuing a redirect, many do not implement HSTS and leave the user vulnerable to a MiTM attack. HSTS Policies can be added to Google...

Free Post

encryption

HSTS - The missing link in Transport Layer Security

HTTP Strict Transport Security (HSTS [https://scotthel.me/d8j3]) is a policy mechanism that allows a web server to enforce the use of TLS [https://scotthel.me/s8d7]in a compliant User Agent (UA), such as a web browser. HSTS allows for a more...

Scott Helme

Hi, I'm Scott Helme, a Security Researcher, Entrepreneur and International Speaker. I'm the creator of Report URI and Security Headers, and I deliver world renowned training on Hacking and Encryption.

Setting up HSTS in nginx

Public WiFi Hotspots; The Wild Wild West

My TLS conundrum and why I decided to leave CloudFlare

How HSTS could have largely mitigated the Polish DNS hijacking attack

EE BrightBox router patched - still vulnerable

EE BrightBox router hacked - bares all if you ask nicely

Web Security - The hidden dangers of hunting for a new house

Issuing HSTS policy in PHP

Manually enforcing HSTS in Google Chrome

HSTS - The missing link in Transport Layer Security

Upcoming Events

Cheat Sheets

Projects

Upcoming Events

Cheat Sheets

Projects

Follow