Free Post CSRF CSRF is (really) dead A little while back I wrote a blog post about how "CSRF is dead". It focused on SameSite cookies, a powerful yet simple feature to protect your website against CSRF attacks. As powerful as it was, and as much as it will kill CSRF,...
Free Post nomx nomx: The world's most secure communications protocol I was recently invited to take part in some research by BBC Click, alongside Professor Alan Woodward, to analyse a device that had quite a lot of people all excited....
Free Post CSRF Cross-Site Request Forgery is dead! After toiling with Cross-Site Request Forgery on the web for, well forever really, we finally have a proper solution. No technical burden on the site owner, no difficult implementation, it's trivially simple to deploy, it's Same-Site Cookies. As old as the Web itself Cross-Site...
Free Post CSRF Let your framework do the heavy lifting I recently found myself in a conversation about the difficulties of building and implementing effective CSRF protection. Not only was I struggling to get across the technical details of a...
Free Post BrightBox EE BrightBox router patched - still vulnerable EE have released a patch for their BrightBox routers which addresses some of the issues that I disclosed. Whilst the device now takes more care of user credentials and doesn't...
