I’ll keep this one pretty much to the point and let the pictures do most of the talking. In my kitchen cupboard, I have this: It may well be related to the vicinity of the chocolate, but the kids seem to like hitting those switches. For some reason, they particularly like doing it when I’m right in the middle of this: Editing Pluralsight courses [http://www.pluralsight.com/author/troy-hunt] is laborious work. I do it on my desktop so I get all four screens to look at and I invariably have...

Regular readers here will recognise that if there’s one thing I’m generally not short of, it’s security stuff to talk about and personal opinions on the whole thing (maybe that’s two things). Oh and there’s also the thing about spending a whole heap of time writing security training material for Pluralsight [http://www.pluralsight.com/author/troy-hunt] and maintaining Have I been pwned? [https://haveibeenpwned.com/] which all keeps me rather immersed in what I reckon is a very exciting industry....

If I’m honest, I always found it a bit unusual to get this question: “How do I secure my Angular apps?” I mean, Angular is just JavaScript that runs in the client and a few HTML directives. Ok, it’s very good JavaScript and I don’t mean to trivialise the framework in any way whatsoever, but all the security grunt work still needs to happen on the server. Angular will do nothing for your SQL injection or your lack of access controls on server resources or any of the other really nasty security...

These real world experiences with Azure are now available in the Pluralsight course "Modernizing Your Websites with Azure Platform as a Service" [http://www.pluralsight.com/courses/modernizing-websites-microsoft-azure]I was helping out a consumer of Have I been pwned? [https://haveibeenpwned.com/] (HIBP) earlier today as they were trying to build up a profile of the pwnage state of their client base. This mean firing a heap of requests at the API [https://haveibeenpwned.com/API/v2] so that they...

These real world experiences with Azure are now available in the Pluralsight course "Modernizing Your Websites with Azure Platform as a Service" [http://www.pluralsight.com/courses/modernizing-websites-microsoft-azure]No really, they’re totally awesome! I used Azure WebJobs [http://azure.microsoft.com/en-us/documentation/articles/websites-dotnet-webjobs-sdk-get-started/] in the very early days and whilst they served a purpose, I wasn’t blown away with them at the time. In fact I went on to use...

These real world experiences with Azure are now available in the Pluralsight course "Modernizing Your Websites with Azure Platform as a Service" [http://www.pluralsight.com/courses/modernizing-websites-microsoft-azure] Here’s your situation: you’ve got a heap of websites on traditional hosting models. Shared tenancies on single logical machines, dedicated infrastructure or even worse, not really any idea because you just keep paying that $5 per month and stuff works. Most of the time. But you’v...

For the past year and a bit I’ve been building out features on Have I been pwned? [https://haveibeenpwned.com/] (HIBP) in response to things I think would be awesome and things I’m asked for. I’m constantly surprised at the ways people have found to use the data for good, which is a nice twist given that the data normally comes from very unpleasant circumstances. For some ideas on how the data has been used, have a look at the API consumers page [https://haveibeenpwned.com/API/Consumers]: variou...

For many regular readers here, this is probably not overly surprising: some of your apps may do nasty things. Yes, yes, we’re all very shocked about this but all jokes aside, it’s a rather nasty problem that kids in particular are at risk of. There was a piece a few days back on Channel 4 in the UK about Apps, ads and what they get from your phone [http://blogs.channel4.com/geoff-white-on-technology/apps-ads-phone/1415] where a bunch of kids had their traffic intercepted by a security firm. The...

I’ve just published my eighth Pluralsight course – Secure Account Management Fundamentals [http://www.pluralsight.com/courses/secure-account-management-fundamentals] – and it’s all about the things we need to do to properly look after the valuable customers that use the services we developers build. Normally when I launch a new course I’d write up a bunch of detail on what it’s all about but this time, I thought I’d reproduce a collection of the discussions I’ve had with many people over many ye...

It was the story that got weirder and weirder and will likely remain the high water mark for impactful security breaches for, well, probably not very long given this industry! Be that as it may, the Sony saga was unprecedented in many ways and it provoked some really interesting discussions. A couple of weeks back I suggested that many of us are working for the next Sony Pictures [https://www.troyhunt.com/2014/12/are-you-working-for-next-sony-pictures.html] insofar as a lot of the atrocious pr...