Scott Helme
@scotthelme.bsky.social
Hi, I'm Scott Helme, a Security Researcher, Entrepreneur and International Speaker. I'm the creator of Report URI and Security Headers, and I deliver world renowned training on Hacking and Encryption.
https://scotthelme.co.uk
https://scotthelme.co.uk
Reposted by Scott Helme
A strange Chromium bug triggered by a CSP directive that caused a crash went unsolved for months, and we had the data right in front of us in Report URI to explain why it was happening 😮 www.troyhunt.com/how-we-almos...
How We (Almost) Found Chromium's Bug via Crash Reports to Report URI
Tracking down bugs in software is a pain that all of us who write code must bear. When we're talking about outright errors in a web page, you typically have something to get you started (such as…
www.troyhunt.com
October 27, 2025 at 9:11 AM
A strange Chromium bug triggered by a CSP directive that caused a crash went unsolved for months, and we had the data right in front of us in Report URI to explain why it was happening 😮 www.troyhunt.com/how-we-almos...
We've just launched an awesome new feature at report-uri.com! You can now collect Integrity Metadata, natively from the browser, for JavaScript running on your site!
It takes seconds to deploy, so read the thread for the amazing benefits this will bring.
scotthelme.co.uk/capture-java...
It takes seconds to deploy, so read the thread for the amazing benefits this will bring.
scotthelme.co.uk/capture-java...
Capture JavaScript Integrity Metadata using CSP!
Today we're announcing the open beta of a brand new and incredibly powerful feature on the Report URI platform, CSP Integrity! Having the ability to collect integrity metadata for scripts running on y...
scotthelme.co.uk
September 29, 2025 at 11:09 AM
We've just launched an awesome new feature at report-uri.com! You can now collect Integrity Metadata, natively from the browser, for JavaScript running on your site!
It takes seconds to deploy, so read the thread for the amazing benefits this will bring.
scotthelme.co.uk/capture-java...
It takes seconds to deploy, so read the thread for the amazing benefits this will bring.
scotthelme.co.uk/capture-java...
Reposted by Scott Helme
New dates! Practical TLS and PKI Training - Nov 10-13 2025.
And if you can't wait that long, we still a few tickets for the training next week. Join us! From @ivanristic.com and with @scotthelme.bsky.social
www.feistyduck.com/training/pra...
And if you can't wait that long, we still a few tickets for the training next week. Join us! From @ivanristic.com and with @scotthelme.bsky.social
www.feistyduck.com/training/pra...
September 15, 2025 at 3:33 PM
New dates! Practical TLS and PKI Training - Nov 10-13 2025.
And if you can't wait that long, we still a few tickets for the training next week. Join us! From @ivanristic.com and with @scotthelme.bsky.social
www.feistyduck.com/training/pra...
And if you can't wait that long, we still a few tickets for the training next week. Join us! From @ivanristic.com and with @scotthelme.bsky.social
www.feistyduck.com/training/pra...
This is absolutely unbelievable!!!
We've just passed through 2 trillion events processed at
Report URI!!! report-uri.com
🤯🥳🎉
We've just passed through 2 trillion events processed at
Report URI!!! report-uri.com
🤯🥳🎉
July 2, 2025 at 6:10 PM
This is absolutely unbelievable!!!
We've just passed through 2 trillion events processed at
Report URI!!! report-uri.com
🤯🥳🎉
We've just passed through 2 trillion events processed at
Report URI!!! report-uri.com
🤯🥳🎉
Reposted by Scott Helme
New dates! Practical TLS and PKI, Sep 22-25. From @ivanristic.com, based on the Bulletproof book, with lots of exercises to give you hands-on experience. Your teacher will be @scotthelme.bsky.social. And now is a good time to grab an Early Bird ticket ($300 off).
www.feistyduck.com/training/pra...
www.feistyduck.com/training/pra...
May 28, 2025 at 12:17 PM
New dates! Practical TLS and PKI, Sep 22-25. From @ivanristic.com, based on the Bulletproof book, with lots of exercises to give you hands-on experience. Your teacher will be @scotthelme.bsky.social. And now is a good time to grab an Early Bird ticket ($300 off).
www.feistyduck.com/training/pra...
www.feistyduck.com/training/pra...
Reposted by Scott Helme
Our final TLS and PKI Training before the summer will take place on 3-6 June. Four half-days, with real-world exercises to work on during the training and afterwards. With @scotthelme.bsky.social and from @ivanristic.com Join us! www.feistyduck.com/training/pra...
May 15, 2025 at 1:31 PM
Our final TLS and PKI Training before the summer will take place on 3-6 June. Four half-days, with real-world exercises to work on during the training and afterwards. With @scotthelme.bsky.social and from @ivanristic.com Join us! www.feistyduck.com/training/pra...
Reposted by Scott Helme
Four weeks until the next Practical TLS and PKI Training - Join @scotthelme.bsky.social on June 3-6 to learn how to deploy secure servers and design secure web applications. Four half days, Pacific Time AM. From @ivanristic.com.
www.feistyduck.com/training/pra...
www.feistyduck.com/training/pra...
May 6, 2025 at 1:55 PM
Four weeks until the next Practical TLS and PKI Training - Join @scotthelme.bsky.social on June 3-6 to learn how to deploy secure servers and design secure web applications. Four half days, Pacific Time AM. From @ivanristic.com.
www.feistyduck.com/training/pra...
www.feistyduck.com/training/pra...
I've had a little fun with my Tesla Powerwalls, Home Assistant and Teslemetry over the holiday weekend!
scotthelme.co.uk/hacking-my-t...
scotthelme.co.uk/hacking-my-t...
Hacking my Tesla Powerwalls to be the ultimate home energy solution!
I've had solar and batteries at home for quite some time now, and despite my experience with them being really awesome, there were a few little things that were bugging me. Using systems from various ...
scotthelme.co.uk
April 21, 2025 at 8:35 PM
I've had a little fun with my Tesla Powerwalls, Home Assistant and Teslemetry over the holiday weekend!
scotthelme.co.uk/hacking-my-t...
scotthelme.co.uk/hacking-my-t...
This is pretty nuts, we've been having issues with our @fastmail.com emails where images aren't working...
They're suggesting rate limits at @cloudflare.social are the issue, but how much sense does that make?
Either way, Fastmail recommendation is to stop using their app and web interface?!
They're suggesting rate limits at @cloudflare.social are the issue, but how much sense does that make?
Either way, Fastmail recommendation is to stop using their app and web interface?!
February 7, 2025 at 9:57 AM
This is pretty nuts, we've been having issues with our @fastmail.com emails where images aren't working...
They're suggesting rate limits at @cloudflare.social are the issue, but how much sense does that make?
Either way, Fastmail recommendation is to stop using their app and web interface?!
They're suggesting rate limits at @cloudflare.social are the issue, but how much sense does that make?
Either way, Fastmail recommendation is to stop using their app and web interface?!
We've made a few more improvements to report-uri.com over the last week!
scotthelme.co.uk/stronger-tha...
scotthelme.co.uk/stronger-tha...
Stronger Than Ever: How We Turned a DDoS Attack Into a Lesson in Resilience
Operating an online service like Report URI, it comes with the territory. The ever present threat of attack is something we are fully aware of, and prepare for as best we can. Being the regular subjec...
scotthelme.co.uk
February 3, 2025 at 2:10 PM
We've made a few more improvements to report-uri.com over the last week!
scotthelme.co.uk/stronger-tha...
scotthelme.co.uk/stronger-tha...
Reposted by Scott Helme
New training dates! Practical TLS and PKI Training, 6-9 May 2025. Grab your Early Bird ticket now! From @ivanristic.com and taught by @scotthelme.bsky.social
www.feistyduck.com/training/pra...
www.feistyduck.com/training/pra...
January 30, 2025 at 11:55 AM
New training dates! Practical TLS and PKI Training, 6-9 May 2025. Grab your Early Bird ticket now! From @ivanristic.com and taught by @scotthelme.bsky.social
www.feistyduck.com/training/pra...
www.feistyduck.com/training/pra...
Reposted by Scott Helme
Four weeks until Practical TLS and PKI Training - February. Join @scotthelme.bsky.social for four half-days of work and fun! Learn how to deploy secure servers and encrypted web applications and understand theory and practice of Internet PKI. From @ivanristic.com www.feistyduck.com/training/pra...
January 7, 2025 at 4:07 PM
Four weeks until Practical TLS and PKI Training - February. Join @scotthelme.bsky.social for four half-days of work and fun! Learn how to deploy secure servers and encrypted web applications and understand theory and practice of Internet PKI. From @ivanristic.com www.feistyduck.com/training/pra...
In 2025, Let’s Encrypt are going to drop support for OCSP revocation checking in their certificates.
This shouldn't cause any problems at all, but I have a funny feeling that it will...
scotthelme.co.uk/lets-encrypt...
This shouldn't cause any problems at all, but I have a funny feeling that it will...
scotthelme.co.uk/lets-encrypt...
Let's Encrypt to end OCSP support in 2025
Well, the writing has been on the wall for some years now, arguably over a decade, but the time has finally come where the largest CA in the World is going to drop support for the Online Certificate S...
scotthelme.co.uk
December 30, 2024 at 11:08 AM
In 2025, Let’s Encrypt are going to drop support for OCSP revocation checking in their certificates.
This shouldn't cause any problems at all, but I have a funny feeling that it will...
scotthelme.co.uk/lets-encrypt...
This shouldn't cause any problems at all, but I have a funny feeling that it will...
scotthelme.co.uk/lets-encrypt...
Reposted by Scott Helme
I’m live with @scotthelme.bsky.social from an *epic* cabin in the Norwegian mountains! www.youtube.com/live/LpUpq7V...
YouTube
Share your videos with friends, family, and the world
www.youtube.com
December 23, 2024 at 4:10 PM
I’m live with @scotthelme.bsky.social from an *epic* cabin in the Norwegian mountains! www.youtube.com/live/LpUpq7V...
That pesky XSS has managed to get itself back to being the #1 threat?!
scotthelme.co.uk/xss-ranked-1...
scotthelme.co.uk/xss-ranked-1...
XSS Ranked #1 Top Threat of 2024 by MITRE and CISA
As we draw near the end of 2024, MITRE have taken a look back at the security vulnerabilities discovered throughout the year and published their list of the Top 25 Most Dangerous Software Weaknesses, ...
scotthelme.co.uk
December 10, 2024 at 10:19 PM
That pesky XSS has managed to get itself back to being the #1 threat?!
scotthelme.co.uk/xss-ranked-1...
scotthelme.co.uk/xss-ranked-1...
Last weekend, we headed to Whittlebury Hall at the legendary Silverstone Circuit for the Caterham Motorsport Awards. After a tough season, and fighting to the very end, I landed myself P2 in the championship and a pretty sizeable piece of silverware! 🥈🏆🏁🏎️🔥💨
Congrats to Paul on his well deserved P1!
Congrats to Paul on his well deserved P1!
December 5, 2024 at 4:13 PM
Last weekend, we headed to Whittlebury Hall at the legendary Silverstone Circuit for the Caterham Motorsport Awards. After a tough season, and fighting to the very end, I landed myself P2 in the championship and a pretty sizeable piece of silverware! 🥈🏆🏁🏎️🔥💨
Congrats to Paul on his well deserved P1!
Congrats to Paul on his well deserved P1!
The results are in for our 2024 Penetration Test, and things are looking good! 😎
scotthelme.co.uk/report-uri-p...
scotthelme.co.uk/report-uri-p...
Report URI Penetration Test 2024
It's that time of year again! At Report URI, we've just been through our 5th penetration test, and as usual, we're going to publish the results, take a look at what was found, and what we're going to ...
scotthelme.co.uk
December 4, 2024 at 12:12 PM
The results are in for our 2024 Penetration Test, and things are looking good! 😎
scotthelme.co.uk/report-uri-p...
scotthelme.co.uk/report-uri-p...
Upgrading my G4 Doorbell Pro to the PoE version, which requires a chunky cavity behind it. I didn’t fancy chiseling into our wall, so I designed and printed a spacer plate that mounts with no modifications! All you need is the longer screws that come in the box 😎
www.thingiverse.com/thing:6856105
www.thingiverse.com/thing:6856105
www.thingiverse.com
December 3, 2024 at 10:52 PM
Upgrading my G4 Doorbell Pro to the PoE version, which requires a chunky cavity behind it. I didn’t fancy chiseling into our wall, so I designed and printed a spacer plate that mounts with no modifications! All you need is the longer screws that come in the box 😎
www.thingiverse.com/thing:6856105
www.thingiverse.com/thing:6856105
🚨 24 hour warning! 🚨
Join @troyhunt.bsky.social and myself as we talk PCI DSS compliance, and how to avoid getting pwned by JavaScript!
Register for this free webinar:
report-uri.com/webinar/pci_...
Join @troyhunt.bsky.social and myself as we talk PCI DSS compliance, and how to avoid getting pwned by JavaScript!
Register for this free webinar:
report-uri.com/webinar/pci_...
Website security, made easy.
Real-Time Security Reporting
report-uri.com
November 25, 2024 at 6:57 PM
🚨 24 hour warning! 🚨
Join @troyhunt.bsky.social and myself as we talk PCI DSS compliance, and how to avoid getting pwned by JavaScript!
Register for this free webinar:
report-uri.com/webinar/pci_...
Join @troyhunt.bsky.social and myself as we talk PCI DSS compliance, and how to avoid getting pwned by JavaScript!
Register for this free webinar:
report-uri.com/webinar/pci_...
Exactly 9 years ago today, I committed the first line of code to the report-uri.com git repository!
So much has changed since then, and yet, much remains the same! Here's to one more year to hit that milestone of being a decade old! 💪
So much has changed since then, and yet, much remains the same! Here's to one more year to hit that milestone of being a decade old! 💪
November 24, 2024 at 5:31 PM
Exactly 9 years ago today, I committed the first line of code to the report-uri.com git repository!
So much has changed since then, and yet, much remains the same! Here's to one more year to hit that milestone of being a decade old! 💪
So much has changed since then, and yet, much remains the same! Here's to one more year to hit that milestone of being a decade old! 💪
Over the last 24 hours, report-uri.com has processed more than 1,000,000,000 pieces of telemetry!
This gives us a unique view of JavaScript behaviour across the Web, as observed by over 15,000,000 unique browsers around the World.
Talk about Threat Intelligence capabilities!
This gives us a unique view of JavaScript behaviour across the Web, as observed by over 15,000,000 unique browsers around the World.
Talk about Threat Intelligence capabilities!
November 19, 2024 at 10:39 AM
Over the last 24 hours, report-uri.com has processed more than 1,000,000,000 pieces of telemetry!
This gives us a unique view of JavaScript behaviour across the Web, as observed by over 15,000,000 unique browsers around the World.
Talk about Threat Intelligence capabilities!
This gives us a unique view of JavaScript behaviour across the Web, as observed by over 15,000,000 unique browsers around the World.
Talk about Threat Intelligence capabilities!
Join me, with world renowned cybersecurity expert @troyhunt.bsky.social, founder of
haveibeenpwned.com, for this live webinar!
We're going to give you a 'no nonsense' take on the new PCI DSS v4.0.1 requirements, and how to meet them!
report-uri.com/webinar/pci_...
haveibeenpwned.com, for this live webinar!
We're going to give you a 'no nonsense' take on the new PCI DSS v4.0.1 requirements, and how to meet them!
report-uri.com/webinar/pci_...
Website security, made easy.
Real-Time Security Reporting
report-uri.com
November 15, 2024 at 1:47 PM
Join me, with world renowned cybersecurity expert @troyhunt.bsky.social, founder of
haveibeenpwned.com, for this live webinar!
We're going to give you a 'no nonsense' take on the new PCI DSS v4.0.1 requirements, and how to meet them!
report-uri.com/webinar/pci_...
haveibeenpwned.com, for this live webinar!
We're going to give you a 'no nonsense' take on the new PCI DSS v4.0.1 requirements, and how to meet them!
report-uri.com/webinar/pci_...
I've updated my blog post to reflect the updated proposal, which has significantly extended the timeline for implementation.
We will now see no change until March 2026, and the final change has been pushed all the way back to March 2028.
scotthelme.co.uk/are-shorter-...
We will now see no change until March 2026, and the final change has been pushed all the way back to March 2028.
scotthelme.co.uk/are-shorter-...
November 14, 2024 at 9:26 PM
I've updated my blog post to reflect the updated proposal, which has significantly extended the timeline for implementation.
We will now see no change until March 2026, and the final change has been pushed all the way back to March 2028.
scotthelme.co.uk/are-shorter-...
We will now see no change until March 2026, and the final change has been pushed all the way back to March 2028.
scotthelme.co.uk/are-shorter-...
We continue to improve our features with a focus on making it easier for customers to comply with the new PCI DSS v4.0 requirements!
For requirement 6.4.3, you can now store your written justification for each script with us, and, produce a PCI DSS Inventory Report.
report-uri.com
For requirement 6.4.3, you can now store your written justification for each script with us, and, produce a PCI DSS Inventory Report.
report-uri.com
November 11, 2024 at 1:09 PM
We continue to improve our features with a focus on making it easier for customers to comply with the new PCI DSS v4.0 requirements!
For requirement 6.4.3, you can now store your written justification for each script with us, and, produce a PCI DSS Inventory Report.
report-uri.com
For requirement 6.4.3, you can now store your written justification for each script with us, and, produce a PCI DSS Inventory Report.
report-uri.com