Scott Helme offers insights into web security, HTTPS adoption, and best practices for securing online services, providing articles, workshops, and security tools to help organizations protect against cyber threats. By exploring Scott Helme's curated content, developers can learn about HTTP security headers, Content Security Policy (CSP), and TLS encryption for securing web applications and APIs. Whether you're a web developer, sysadmin, or security professional, Scott Helme offers resources to enhance your cybersecurity knowledge and defend against common vulnerabilities.

Scott Helme

XSS (CWE-79) has been ranked the #1 top software vulnerability threat for 2025 by MITRE and CISA, with 7,303 CVEs — nearly double its closest competitor. Historical data going back to 2010 shows XSS has never ranked lower than #4. Content Security Policy (CSP) is highlighted as the primary mitigation strategy, with a mention of Report URI as a tool to help deploy and monitor CSP.

XSS Ranked #1 Top Threat of 2025 by MITRE and CISA