Scott Helme

Open-Sourcing passkeys-php: A Security-Focused WebAuthn Library for PHP

We've open-sourced passkeys-php, the WebAuthn server library we use at Report URI to protect logins with passkeys, security keys, and platform authenticators like Touch ID, Face ID, and...

XSS Is Deadly for Passkeys: The Hidden Risk of Attestation None

Free Post

XSS

XSS Is Deadly for Passkeys: The Hidden Risk of Attestation None

A single XSS vulnerability can turn passkeys from a phishing-resistant login mechanism into a persistent account takeover backdoor. If malicious JavaScript can run on your page, it may be able...

Free Post

Passkeys

Passkeys 101: An Introduction to Passkeys and How They Work

Passwords have been the weak point in online authentication for decades. They can be reused, guessed, stolen, phished, leaked, sprayed, stuffed, and captured by malware. Passkeys are one of the...

Anatomy of a WooCommerce Skimmer: A Technical Deep-Dive

Free Post

Report URI

Anatomy of a WooCommerce Skimmer: A Technical Deep-Dive

One malicious change to a trusted JavaScript file can turn your checkout page into a silent credit-card skimmer, siphoning customer data off to criminals while the website looks secure and...

Under Attack: Responding to the Rise of Info-Stealer Threats

Free Post

Report URI

Under Attack: Responding to the Rise of Info-Stealer Threats

We recently received a claim that Report URI had been breached and that customer credentials had been stolen. The claim was false: we do not store passwords in a recoverable...

Security considerations when using Passkeys on your website

Free Post

Report URI

Security considerations when using Passkeys on your website

Passkeys are awesome and that's why we implemented them on Report URI! You can read about our implementation here and get the basics on how Passkeys work and...

Free Post

Fighting an active Magecart Campaign

We’ve been tracking an active Magecart campaign targeting ecommerce sites, with payloads customised per victim and evasion logic designed to stay hidden from site owners. We spotted it because...

Amazing Refresh — A Malicious Chrome Extension Running Malware in the Browser

Free Post

Report URI

Amazing Refresh — A Malicious Chrome Extension Running Malware in the Browser

We recently uncovered a malicious browser extension affecting visitors to customer websites. It injected JavaScript into pages, hijacked outbound clicks through affiliate infrastructure, and quietly monetised user traffic. We spotted...

Bringing in the experts; Having our Passkeys implementation Security Tested

Free Post

Report URI

Bringing in the experts; Having our Passkeys implementation Security Tested

We recently announced support for Passkeys on your Report URI account, and everyone should go and enable Passkeys for the amazing security benefits they offer. As a new implementation of...

Free Post

Passkeys

Launching Passkeys support on Report URI! 🗝️

As we're always wanting to keep ahead in the security game, I'm happy to announce that we now support Passkeys on Report URI! Let's...

Scott Helme

Hi, I'm Scott Helme, a Security Researcher, Entrepreneur and International Speaker. I'm the creator of Report URI and Security Headers, and I deliver world renowned training on Hacking and Encryption.

Open-Sourcing passkeys-php: A Security-Focused WebAuthn Library for PHP

XSS Is Deadly for Passkeys: The Hidden Risk of Attestation None

Passkeys 101: An Introduction to Passkeys and How They Work

Anatomy of a WooCommerce Skimmer: A Technical Deep-Dive

Under Attack: Responding to the Rise of Info-Stealer Threats

Security considerations when using Passkeys on your website

Fighting an active Magecart Campaign

Amazing Refresh — A Malicious Chrome Extension Running Malware in the Browser

Bringing in the experts; Having our Passkeys implementation Security Tested

Launching Passkeys support on Report URI! 🗝️

Upcoming Events

Cheat Sheets

Projects

Upcoming Events

Cheat Sheets

Projects

Follow