Free Post CSRF CSRF is (really) dead A little while back I wrote a blog post about how "CSRF is dead". It focused on SameSite cookies, a powerful yet simple feature to protect your website against CSRF attacks. As powerful as it was, and as much as it will kill CSRF,...
Free Post nomx nomx: The world's most secure communications protocol I was recently invited to take part in some research by BBC Click [http://www.bbc.co.uk/programmes/n13xtmd5], alongside Professor Alan Woodward [https://twitter.com/ProfWoodward], to analyse...
Free Post CSRF Cross-Site Request Forgery is dead! After toiling with Cross-Site Request Forgery on the web for, well forever really, we finally have a proper solution. No technical burden on the site owner, no difficult implementation, it's trivially simple to deploy, it's Same-Site Cookies. As old as the Web itself Cross-Site...
Free Post CSRF Let your framework do the heavy lifting I recently found myself in a conversation about the difficulties of building and implementing effective CSRF protection. Not only was I struggling to get across the technical details of a...
Free Post BrightBox EE BrightBox router patched - still vulnerable EE have released a patch for their BrightBox routers which addresses some of the issues that I disclosed. Whilst the device now takes more care of user credentials and doesn't...
Follow