はてなブックマーク

Scott Helme Security researcher, entrepreneur and international speaker who specialises in web technologies. More posts by Scott Helme. After toiling with Cross-Site Request Forgery on the web for, well forever really, we finally have a proper solution. No technical burden on the site owner, no difficult implementation, it's trivially simple to deploy, it's Same-Site Cookies. As old as the Web its

CSP Cheat Sheet Need a hand with Content Security Policy? This page is a concise overview of all supported features and directives in Content Security Policy. It can be used as a quick reference guide to identify valid and invalid directives and values, contains example policies and guidance on how to use CSP effectively. Quick Links Source List - how to define sources for loading content. Hosts |

Scott Helme Security researcher, entrepreneur and international speaker who specialises in web technologies. More posts by Scott Helme. Over the past week, rumours were circulating about a new vulnerability in SSLv3. No details were widely available until today and now we have POODLE, the 'Padding Oracle On Downgraded Legacy Encryption' attack. The attack, specifically against the SSLv3 protocol,