We've just deployed some mega updates to our infrastructure at Report URI that will give us much more resilience in the future, allow us to apply updates to our servers even faster, and will probably go totally unnoticed from the outside! Our previous Redis setup I've| Scott Helme
So, a weird thing happened over the last couple of days, and my Tesla Powerwalls weren't working properly, or, at all, actually... What's even more strange is that Tesla has been completely silent about this and hasn't made a single announcement about the issue| Scott Helme
I've been a huge fan of OWASP for a very long time, having spoken at their conferences, contributed to their projects, consumed many of their resources and met some really awesome people along the way! Just recently, one of the very popular OWASP projects, the Application Security Verification Standard (ASVS)| Scott Helme
Hi, I'm Scott Helme, a Security Researcher, Entrepreneur and International Speaker. I'm the creator of Report URI and Security Headers, and I deliver world renowned training on Hacking and Encryption.| Scott Helme
We’ve just passed a monumental milestone: 2 trillion events processed through Report URI!!! That’s 2,000,000,000,000 events for CSP, NEL, DMARC, and other browser-generated and email telemetry reports—ingested, parsed, and processed for our customers! This is a phenomenal milestone to achieve in the year| Scott Helme
In my first blog post about hacking my Tesla Powerwalls, I laid out all of the foundations and information about my home energy setup. You really need to read that blog post first as I'm going to be building on all of that work here, and assuming that you're familiar| Scott Helme
Well, I was certainly hoping for this result, but wasn't necessarily expecting it! I'm pleased to report that Ballot SC-081v3 passed, and that shorter certificate lifetimes are now coming! The Schedule I will go into more detail later in the post, but right now, let'| Scott Helme
I've had solar and batteries at home for quite some time now, and despite my experience with them being really awesome, there were a few little things that were bugging me. Using systems from various different suppliers doesn't always provide the perfect integration, so I hacked together my own! No,| Scott Helme
I was trying to come up with a sensible title for this blog post, but I feel this one mirrors the thoughts and feelings of many of us about recent events in the PCI DSS compliance space! There have been some significant changes in recent weeks, and with just 18| Scott Helme
As we continue to expand and improve our offering, one particular area of focus over recent months has been on PCI DSS Compliance. Whilst 'compliance' might not be the first thing that many get excited about, the recent requirements introduced by the PCI SSC required some pretty solid| Scott Helme
Continuing their trend of radical change for the better, Let's Encrypt have announced that, this year, you will be able to request certificates with a validity period of only 6 days! Let's Encrypt I remember sitting in the room for this DEF CON 23 panel discussion| Scott Helme
I first deployed my Pi-hole back in 2018 and ever since then, I've never looked back! Pi-hole have just dropped a pretty major update and, of course, I wanted to get HTTPS up and running on the Web UI like I had before. Pi-hole v6 I won't focus too much| Scott Helme
Operating an online service like Report URI, it comes with the territory. The ever present threat of attack is something we are fully aware of, and prepare for as best we can. Being the regular subject of attacks, mostly handled by our robust systems and automated defences, these attacks mostly| Scott Helme
Well, the writing has been on the wall for some years now, arguably over a decade, but the time has finally come where the largest CA in the World is going to drop support for the Online Certificate Status Protocol. What is OCSP? The Online Certificate Status Protocol is a| Scott Helme
As we draw near the end of 2024, MITRE have taken a look back at the security vulnerabilities discovered throughout the year and published their list of the Top 25 Most Dangerous Software Weaknesses, and Report URI is here to help you with the #1 Top Threat: XSS. Common Weakness| Scott Helme
It's that time of year again! At Report URI, we've just been through our 5th penetration test, and as usual, we're going to publish the results, take a look at what was found, and what we're going to do about it. Penetration| Scott Helme
