Date Author Title

HTTP STRICT

2011-06-29Johannes UllrichRandom SSL Tips and Tricks

HTTP

2023-11-07/a>Johannes UllrichWhat's Normal: New uses of DNS, Discovery of Designated Resolvers (DDR)
2023-08-01/a>Johannes UllrichSummary of DNS over HTTPS requests against our honeypots.
2023-03-31/a>Jan KoprivaUse of X-Frame-Options and CSP frame-ancestors security headers on 1 million most popular domains
2023-03-15/a>Jan KoprivaIPFS phishing and the need for correctly set HTTP security headers
2022-11-14/a>Jesse La GrewExtracting 'HTTP CONNECT' Requests with Python
2022-08-26/a>Guy BruneauHTTP/2 Packet Analysis with Wireshark
2022-08-01/a>Johannes UllrichA Little DDoS In the Morning
2022-07-19/a>Johannes UllrichRequests For beacon.http-get. Help Us Figure Out What They Are Looking For
2022-01-12/a>Johannes UllrichA Quick CVE-2022-21907 FAQ
2021-10-11/a>Johannes UllrichThings that go "Bump" in the Night: Non HTTP Requests Hitting Web Servers
2021-09-28/a>Jan KoprivaTLS 1.3 and SSL - the current state of affairs
2021-04-19/a>Jan KoprivaHunting phishing websites with favicon hashes
2021-04-16/a>Xavier MertensHTTPS Support for All Internal Services
2021-03-30/a>Jan KoprivaOld TLS versions - gone, but not forgotten... well, not really "gone" either
2021-01-25/a>Rob VandenBrinkFun with NMAP NSE Scripts and DOH (DNS over HTTPS)
2021-01-15/a>Guy BruneauObfuscated DNS Queries
2020-12-30/a>Jan KoprivaTLS 1.3 is now supported by about 1 in every 5 HTTPS servers
2020-08-01/a>Jan KoprivaWhat pages do bad bots look for?
2020-03-02/a>Jan KoprivaSecure vs. cleartext protocols - couple of interesting stats
2019-08-14/a>Brad DuncanRecent example of MedusaHTTP malware
2019-01-21/a>Didier StevensSuspicious GET Request: Do You Know What This Is?
2017-12-03/a>Xavier MertensStartSSL: Termination of Services is Now Scheduled
2017-08-18/a>Guy Bruneautshark 2.4 New Feature - Command Line Export Objects
2017-05-05/a>Xavier MertensHTTP Headers... the Achilles' heel of many applications
2016-07-18/a>Johannes UllrichHTTP Proxy Header Vulnerability ("httpoxy")
2016-07-05/a>Johannes UllrichApache Update: TLS Certificate Authentication Bypass with HTTP/2 (CVE-2016-4979)
2016-06-15/a>Richard PorterWarp Speed Ahead, L7 Open Source Packet Generator: Warp17
2016-01-19/a>Rob VandenBrinkPowershell and HTTPS ? It Ain?t All Rainbows And Lollipops! (or is it?)
2015-06-23/a>Kevin ShorttXOR DDOS Mitigation and Analysis
2015-04-15/a>Johannes UllrichMS15-034: HTTP.sys (IIS) DoS And Possible Remote Code Execution. PATCH NOW
2014-04-07/a>Johannes UllrichAttack or Bad Link? Your Guess?
2013-12-11/a>Johannes UllrichBrowser Fingerprinting via SSL Client Hello Messages
2013-11-15/a>Johannes UllrichThe Security Impact of HTTP Caching Headers
2013-07-16/a>Johannes UllrichWhy don't we see more examples of web app attacks via POST?
2013-02-22/a>Chris MohanPHP 5.4.12 and PHP 5.3.22 released http://www.php.net/ChangeLog-5.php
2013-02-06/a>Johannes UllrichHTTP Range Header and Partial Downloads
2012-05-29/a>Johannes UllrichSpeeding up the Web and your IDS / Firewall
2012-02-08/a>Jim ClausingChrome to stop checking Certificate Revocation List (CRL)?
2011-07-13/a>Guy BruneauNew Sguil HTTPRY Agent
2011-07-10/a>Raul SilesSecurity Testing SSL/TLS (HTTPS) Implementations
2011-06-29/a>Johannes UllrichRandom SSL Tips and Tricks
2011-03-16/a>Johannes UllrichAnalyzing HTTP Packet Captures
2011-02-15/a>Jason LamHTTP headers fun
2010-07-30/a>Guy BruneauWeb Traffic Analysis with httpry
2010-01-25/a>William Salusky"Bots and Spiders and Crawlers, be gone!" - or - "New Open Source WebAppSec tools, Huzzah!"

STRICT

2016-07-03/a>Guy BruneauIs Data Privacy part of your Company's Culture?
2011-06-29/a>Johannes UllrichRandom SSL Tips and Tricks
2010-06-07/a>Manuel Humberto Santander PelaezSoftware Restriction Policy to keep malware away