Scott Helme offers insights into web security, HTTPS adoption, and best practices for securing online services, providing articles, workshops, and security tools to help organizations protect against cyber threats. By exploring Scott Helme's curated content, developers can learn about HTTP security headers, Content Security Policy (CSP), and TLS encryption for securing web applications and APIs. Whether you're a web developer, sysadmin, or security professional, Scott Helme offers resources to enhance your cybersecurity knowledge and defend against common vulnerabilities.

Scott Helme

Report URI shares the results of a targeted penetration test on their newly implemented Passkeys (WebAuthn-based 2FA) feature. Eight findings were identified by Pentest Ltd., including empty/overlong/duplicate credential IDs, an origin mismatch bug in the WebAuthn library, cross-origin validation failure, unvalidated user handle, invalid attestation statements, invalid backup flags, and improper token binding handling. None of the findings posed an actual security risk or allowed unauthorized access. Several bugs were patched both locally and upstreamed to the WebAuthn library. The full penetration test report is published publicly.

Bringing in the experts; Having our Passkeys implementation Security Tested