Draft for the peer review of the 2021 edition of the OWASP Top 10.

This blog post investigates HTTP/2 implementation issues and some of the resulting security implications.

This site and the related paper focuses on same-site attacks on the modern web through the takeover of insufficiently secured subdomains.

Web server scanner.

Yes, running unsupported, unpatched servers on the Internet is a bad idea.

»NAT Slipstreaming allows an attacker to remotely access any TCP/UDP service bound to a victim machine, bypassing the victim's NAT/firewall (arbitrary firewall pinhole control), just by the victim visiting a website.«

Cache-Poisoned Denial-of-Service (CPDoS) is a new class of web cache poisoning attacks aimed at disabling web resources and websites.

HTTPSWatch tracks the HTTPS support of prominent websites.

Transport Layer Security Secure Remote Password (TLS-SRP) ciphersuites are a set of cryptographic protocols that provide secure communication based on passwords, using an SRP password-authenticated key exchange.

A tiny web auditor with strong opinions.