Scott Helme

United Kingdom

Writer, Security Researcher at Freelance

Hacker, researcher, builder of things. Founded @securityheaders/@reporturi, Pluralsight author, Microsoft MVP, award winning entrepreneur. Likes cars.

Featured in: Favicon

arstechnica.com Favicon

zdnet.com

theiet.org Favicon

grahamcluley.com Favicon

digital-library.theiet.org

Articles

Let's Encrypt to offer 6-day certificates!

1 month ago | scotthelme.co.uk | Scott Helme

Continuing their trend of radical change for the better, Let's Encrypt have announced that, this year, you will be able to request certificates with a validity period of only 6 days!Let's EncryptI remember sitting in the room for this DEF CON 23 panel discussion in Las Vegas, almost 10 years ago in 2015(!), discussing the launch of Let's Encrypt.
Stronger Than Ever: How We Turned a DDoS Attack Into a Lesson in Resilience

2 months ago | scotthelme.ghost.io | Scott Helme

Operating an online service like Report URI, it comes with the territory. The ever present threat of attack is something we are fully aware of, and prepare for as best we can. Being the regular subject of attacks, mostly handled by our robust systems and automated defences, these attacks mostly go unnoticed, but not the most recent one!Transparency is at our coreI've been open about how things work at Report URI since the beginning, almost a decade ago.
XSS Ranked #1 Top Threat of 2024 by MITRE and CISA

Dec 10, 2024 | scotthelme.ghost.io | Scott Helme

As we draw near the end of 2024, MITRE have taken a look back at the security vulnerabilities discovered throughout the year and published their list of the Top 25 Most Dangerous Software Weaknesses, and Report URI is here to help you with the #1 Top Threat: XSS. Common Weakness EnumerationThe CWE Program is a standardised way of referring to types of security vulnerabilities with a unique ID, allowing a common classification to be used for a particular type of vulnerability across industry.
Report URI Penetration Test 2024

Dec 4, 2024 | scotthelme.ghost.io | Scott Helme

It's that time of year again! At Report URI, we've just been through our 5th penetration test, and as usual, we're going to publish the results, take a look at what was found, and what we're going to do about it.
Report URI: Simplifying pricing and changes to free accounts

Oct 28, 2024 | scotthelme.ghost.io | Scott Helme

We've been making great progress on developing new features at Report URI recently, and over the coming months, you're going to see many of them launched! As we've expanded the team to achieve this, and as we want to continue to grow, we're going to be making some changes to support our ongoing activities. The Paradox of ChoiceOne of the first things that many will notice is that there are now fewer subscription options to choose from.
Are shorter certificates finally coming?!

Oct 15, 2024 | scotthelme.ghost.io | Scott Helme

Regular readers will know my views on the validity period of TLS certificates, and how they definitely need to be made shorter than they currently are! We made some good progress on reducing their lifetime over the last few years, but recently, that progress seems to have stalled out... Well, now, we might have our first glimmer of hope!The story so farThere's a lot of really good information out there on this topic, and I myself have covered this in various ways over the years.
iOS 18 Quick Tips; Security Edition

Oct 2, 2024 | scotthelme.co.uk | Scott Helme

Having recently updated to iOS 18, there are a couple of features that I've immediately enabled now that they're available! I'm going to share with you what those features are, and, a security tip that has been available prior to the release of iOS 18 too. iOS 18There are a bunch of good reasons that you should always be making sure that your devices are fully updated, so if you have a recent iPhone, you can update it now.
Scan results for troyhunt.com

Aug 18, 2024 | securityheaders.com | Scott Helme

Security Report Summary Site: https://www.troyhunt.com/ IP Address: 2606:4700::6812:1929 Report Time: 18 Aug 2024 22:13:14 UTC Headers: Advanced: Raw Headers HTTP/2 200 date Sun, 18 Aug 2024 22:13:14 GMT content-type text/html; charset=utf-8 cf-ray 8b553ffe0cf76428-SJC cf-cache-status MISS cache-control public, max-age=14400 expires Mon, 19 Aug 2024 02:13:14 GMT strict-transport-security max-age=31536000; includeSubDomains; preload vary Cookie, Accept-Encoding via 1.1 varnish, 1.1 varnish,...
Introducing Frame Watch: Monitor payment page activity with ease!

Jul 29, 2024 | scotthelme.co.uk | Scott Helme

For a long time, Report URI has been helping website owners deliver a more secure browsing experience for their users. With this latest release of a new feature, called Frame Watch, we're adding yet another capability to our platform to give you more visibility into payment processing on your site. Payment Pages and Card Holder DataWhile Report URI has been around for almost a decade now, there has been a very recent and sharp increase in the demand for our services.
I'm a Microsoft MVP again!

Jul 15, 2024 | scotthelme.co.uk | Scott Helme

After getting my first MVP Award last year, I'm super happy to see that I have been renewed for 2024! MVP Developer Security I'm glad that all of the activities I've continued to do throughout the years has once again received this recognition, and I plan to continue those actitvities into the future! It's been a busy year over the last year, and while I haven't published quite as many blogs as usual, many of my other activities have certainly ramped up! If you want to drop by my MVP page on...