And now for my fourth Pluralsight instalment: more OWASP [http://pluralsight.com/training/courses/TableOfContents?courseName=web-security-owasp-top10-big-picture] ! Wait – hasn’t this been done already?! Yes and no. My first course from April last year was OWASP Top 10 Web Application Security Risks for ASP.NET [http://pluralsight.com/training/Courses/TableOfContents/owasp-top10-aspdotnet-application-security-risks] and as the title suggests, it contains a heap of stuff on how OWASP applies to...

Heard of SSW’s FireBootCamp [http://firebootcamp.com/] before? It’s like those boot camps you see down at the local beaches and parks each morning, you know, the ones where a bunch of (apparently) willing participants are incessantly hammered by some drill-sergeant-like personal trainer for 30 minutes of blood, sweat and tears (I assume). But unlike this mob, the FireBootCamp folks don’t then towel off and chill for the rest of the day, instead they do this day after day, week after week for a w...

These real world experiences with Azure are now available in the Pluralsight course "Modernizing Your Websites with Azure Platform as a Service" [http://www.pluralsight.com/courses/modernizing-websites-microsoft-azure]I was rather proud of my little effort last week in producing The World’s Greatest Azure Demo [https://www.troyhunt.com/2014/03/the-worlds-greatest-azure-demo.html] and by all accounts, it’s been exceptionally well received (hey, what did you expect from the world’s greatest demo?!...

This high-level overview has now been turned into a full-blown Pluralsight course "Modernizing Your Websites with Azure Platform as a Service" [http://www.pluralsight.com/courses/modernizing-websites-microsoft-azure]I had an opportunity recently, an opportunity to give a really impactful demonstration of Windows Azure to people who had not yet drunk from the Microsoft cloud fountain of love. These were people from the “old world” where men were men and infrastructure wasn’t a service, it was col...

So we were about halfway through watching the Wolf of Wall Street at the local cinema the other day and the iPhone starts buzzing like a mad thing. It’s on silent, of course, but you get that sense that something important is happening just by virtue of the frequency of the thing randomly jumping around in your pocket every few seconds. But it’s a night out with my wife – a rare night out – and I’m not about to risk a sneaky glance at the phone. Now this is a long movie (as awesome as it was),...

I just had an absolutely tremendous trip over to Salt Lake City for the annual Pluralsight authors’ summit where 100 or so of us got together with the Pluralsight folks and talked about many wonderful things. Included in that time was a number of “lightening talks” or in other words, presos limited to 5 minutes during which you make as much impact as you possibly can. Clearly this called for me to break out the trusty wifi Pineapple [https://www.troyhunt.com/2013/04/the-beginners-guide-to-breaki...

As prophesised, it has happened – Tesco has had a serious security incident [http://www.bbc.co.uk/news/technology-26171130]. The prophecy, for new readers, was my piece on Lessons in website security anti-patterns by Tesco [https://www.troyhunt.com/2012/07/lessons-in-website-security-anti.html] from a couple of years back. The catalyst for that post was this now infamous tweet in response to my pointing out that they had mixed content on an otherwise secure page: [https://twitter.com/Tesco/sta...

These real world experiences with Azure are now available in the Pluralsight course "Modernizing Your Websites with Azure Platform as a Service" [http://www.pluralsight.com/courses/modernizing-websites-microsoft-azure]“The Cloud” is infinite. It can scale to eternity. It’s entirely redundant and resilient to any outage. Except when it isn’t: And when it isn’t, stuff kinda stops working: Why is it always at 2am that stuff goes offline?! Hey, it happens, even though there are those who d...

In the end, I decided the fairest, most balanced way was to piss everyone off equally. Of course I’m talking about API versioning and not since the great “tabs versus spaces” debate have I seen so many strong beliefs in entirely different camps. Imagine this: HTTP GET: https://haveibeenpwned.com/api/breachedaccount/foo Response: ["Adobe","Gawker"] This was just fine. When I built Have I been pwned? [https://haveibeenpwned.com] (HIBP) in late November, it was intended to be a simple, fas...

This content is now available in the Pluralsight course "Ethical Hacking: SQL Injection" [http://www.pluralsight.com/courses/ethical-hacking-sql-injection]Yes, yes, it’s happened again – OWASP’s number one risk in the Top 10 [https://www.troyhunt.com/2010/05/owasp-top-10-for-net-developers-part-1.html] has featured prominently in a high-profile attack this time resulting in the leak of over 40,000 records from Bell in Canada [http://o.canada.com/technology/bell-canada-security-breach-391451/]. I...