Free Post CloudFlare My TLS conundrum and why I decided to leave CloudFlare CloudFlare is an incredibly advanced content delivery network (CDN) that offers boosts to the security and performance of your site. They act as a reverse proxy and shield your web server from exposure to the wider Internet. You get huge bandwidth savings and a...
Free Post cookies Web Security - The hidden dangers of hunting for a new house When looking for a new house to buy in the UK, the chances are at some point you will end up on the website of RightMove or Zoopla. With RightMove claiming they are "the UK's number one property website" and...
Free Post HSTS Issuing HSTS policy in PHP HSTS is a great way of protecting visitors to your website by ensuring their browser only uses a secure connection to communicate. If you use shared hosting and don't have access to change the header configuration, or you simply want to test...
Free Post HSTS Manually enforcing HSTS in Google Chrome HSTS Policies are usually distributed by a web server as a HTTP Response Header. Whilst some sites enforce HTTPS by issuing a redirect, many do not implement HSTS and leave the user vulnerable to a MiTM attack. HSTS Policies can be added to Google...
Free Post encryption HSTS - The missing link in Transport Layer Security HTTP Strict Transport Security (HSTS [https://scotthel.me/d8j3]) is a policy mechanism that allows a web server to enforce the use of TLS [https://scotthel.me/s8d7]in a compliant User Agent (UA), such as a web browser. HSTS allows for a more...
Free Post code injection Code Injection - TLS (SSL) is not all about privacy, it's about integrity too TLS isn't just about ensuring your data remains private whilst transiting the Internet, it's also about ensuring the integrity of the data. In this post I will demonstrate a HTML injection attack and show you what a man in the...
Free Post cain Advanced Session Hijacking - Is coffee shop WiFi such a good idea? Learn just how easy it is to hijack sessions over the LAN or Wifi and why using that free WiFi at your local coffee shop could cost you more than you expect! In a previous blog post [https://scotthelme.co.uk/session-hijacking-ssl-doesnt-mean-secure/] I gave...
Free Post HTTPS Session Hijacking, why SSL doesn't always mean secure Many sites lead you to believe that just because there is a padlock icon in the corner of your screen, or https:// at the beginning of the address, that data being exchanged on these pages is secure. This isn't always the case....
Follow