Free Post Supply Chain Attack A dead CDN, a wildcard, and an attack waiting to happen: the netdna-ssl.com takeover Every now and then I go digging through Report URI's Threat Intelligence data feeds, looking for domains that show up in CSP reports where they really shouldn'...
Free Post Passkeys Passkeys, Permissions Policy and Bug Hunting in 1Password's WebAuthn Wrapper Passkeys are the best thing to happen to web authentication in years, but a passkey ceremony is only as secure as the stack enforcing it. The browser, the relying party,...
Free Post Report URI Eating Our Own Dogfood: What Running Report URI on Report URI Taught Us Dogfooding is often talked about as a best practice, but I don't often see the results of such activities. For all new features introduced on Report URI, we...
Free Post CSP Content Security Policy - An Introduction Content Security Policy is delivered via a HTTP response header, much like HSTS, and defines approved sources of content that the browser may load. It can be an effective countermeasure...
Follow