Scott Helme

1. Leverage our treasure trove of Threat Intelligence data

   We've been working on CSP Integrity for a little while now, and it was only announced in open beta back in September. Since then, as more of our customers start to use it, we've continued to improve it and observe the potentially huge benefits. CSP Integrity

   Published Wed, Mar 18, 2026

2. XSS Ranked #1 Top Threat of 2025 by MITRE and CISA

   Look who's back! After we completed 2024, XSS managed to get itself ranked as the #1 top threat of the year. I wrote about that, and at the end of the blog post I said "Let's make sure that XSS isn't #1 in

   Published Tue, Mar 10, 2026

3. DNS-PERSIST-01; Handling Domain Control Validation in a short-lived certificate World

   This year, we have a new method for Domain Control Validation arriving called DNS-PERSIST-01. It is quite a fundamental change from how we do DCV now, so let's take a look at the benefits and the drawbacks.First, a quick recapWhen you approach a Certificate Authority, like

   Published Mon, Feb 9, 2026

4. The European Space Agency got hacked, and now we own the domain used!

   It's not often that two of my interests align so well, but we're talking about space rockets and cyber security! Whilst Magecart and Magecart-style attacks might not be the most common attack vector at the moment, they are still happening with worrying frequency, and they are

   Published Mon, Feb 2, 2026

5. Eating Our Own Dogfood: What Running Report URI on Report URI Taught Us

   Dogfooding is often talked about as a best practice, but I don't often see the results of such activities. For all new features introduced on Report URI, we are always the first to try them out and see how they work. In this post, we'll look

   Published Wed, Jan 28, 2026

6. Blink and you'll miss them: 6-day certificates are here!

   What a great way to start 2026! Let's Encrypt have now made their short-lived certificates available, so you can go and start using them right away.It wasn't long ago when the announcement came that by 2029, all certificates will be reduced to a maximum of

   Published Mon, Jan 19, 2026

7. What a Year of Solar and Batteries Really Saved Us in 2025

   Throughout 2025, I spoke a few times about our home energy solution, including our grid usage, our solar array and our Tesla Powerwall batteries. Now that I have a full year of data, I wanted to take a look at exactly how everything is working out, and, in alignment with

   Published Tue, Jan 13, 2026

8. Report URI Penetration Test 2025

   Every year, just as we start to put up the Christmas Tree, we have another tradition at Report URI which is to conduct our annual penetration test! 🎅🎄🎁 --> 🩻🔐🥷This will be our 6th annual penetration test that we've posted completely publicly,

   Published Mon, Dec 15, 2025

9. Report URI - outage update

   This is not a blog post that anybody ever wants to write, but we had some service issues yesterday and now the dust has settled, I wanted to provide an update on what happened. The good news is that the interruption was very minor in the end, and likely went

   Published Wed, Nov 19, 2025

10. Integrity Policy - Monitoring and Enforcing the use of SRI

    This has been a long time coming so I'm excited that we now have a working standard in the browser for monitoring and enforcing the use of SRI across your website assets!SRI refresherFor those that aren't familiar, or would like a quick refresher, here&

    Published Wed, Nov 19, 2025

11. CVE-2025-49844 - The Redis CVSS 10.0 vulnerability and how we responded

    We're very public and open about our infrastructure at Report URI, having written many blog posts about how we process billions of telemetry events every single week. As a result, it's no secret that we use Redis quite heavily across our infrastructure, and some have asked

    Published Tue, Oct 14, 2025

12. Capture JavaScript Integrity Metadata using CSP!

    Today we're announcing the open beta of a brand new and incredibly powerful feature on the Report URI platform, CSP Integrity! Having the ability to collect integrity metadata for scripts running on your site opens up a whole new realm of possibilities, and it couldn't be

    Published Mon, Sep 29, 2025

13. We're going High Availability with Redis Sentinel!

    We've just deployed some mega updates to our infrastructure at Report URI that will give us much more resilience in the future, allow us to apply updates to our servers even faster, and will probably go totally unnoticed from the outside!Our previous Redis setupI've

    Published Mon, Aug 18, 2025

14. Automation improvements after a Tesla Powerwall outage!

    So, a weird thing happened over the last couple of days, and my Tesla Powerwalls weren't working properly, or, at all, actually... What's even more strange is that Tesla has been completely silent about this and hasn't made a single announcement about the issue

    Published Mon, Aug 11, 2025

15. OWASP ASVS 5.0.0 is here!

    I've been a huge fan of OWASP for a very long time, having spoken at their conferences, contributed to their projects, consumed many of their resources and met some really awesome people along the way! Just recently, one of the very popular OWASP projects, the Application Security Verification

    Published Mon, Aug 4, 2025