Setting a good Content Security Policy
2024-08-22
Setting a good CSP can be hard. Here I go through what it is, and how to set it up well.
Archive: Security
XSS Through the Referer Header
2021-10-14
In this blog post, I document how I achieved reflected XSS though a malicious http header.
Enumerating Users on WordPress
2020-09-05
Finding valid usernames can significantly improve your chances of breaking into a WordPress account. In this blog post I cover some of the methods I use to find valid users and how you can protect your own site against them.
3 Simple Steps to Improve Your Freelance Business's Security
2020-04-09
All too often, security advice is aimed at large companies who can afford to spend hundreds or thousands of pounds on security procedures. In this blog, I will try and lay out some advice for freelancers and small businesses can follow, without breaking the bank.