Do you ever get that sense that [insert culture here] seems to totally dominate everything to the total oblivion of everyone else out there? This sort of thing usually gets people a bit cranky but it turns out I’ve kind of being doing it a little bit myself with ASafaWeb [https://asafaweb.com]. You see, ASafaWeb works by looking at how a website responds to certain requests then and from those responses it draws some conclusions about how the thing is configured. For example, if ASafaWeb sees a...

[http://tv.ssw.com/] There’s an excellent home-grown Aussie free learning resource which I suspect is a bit new to a lot of developers: SSW TV [http://tv.ssw.com/]. SSW is a local Sydney development shop headed up by Adam Cogan [http://www.adamcogan.com/], a Microsoft Regional Director and ALM MVP. I offered to talk a little about web app security to their user group a couple of months back and we recorded Protecting your Web Apps from the Tyranny of Evil with OWASP [http://tv.ssw.com/1492/pr...

As many of you know by now, I’m particularly fond of AppHarbor [https://www.troyhunt.com/search/label/AppHarbor]. They continue to provide a totally awesome integrated CI and hosting environment, continue to offer a means of taking the service up for free (as well as recently adding some commercial offerings), and most importantly to this post, they still have a great selection of very cool add-ons. One of those add-ons is StillAlive [https://stillalive.com] which is awesome for two reasons: Fi...

I absolutely love coming to China. It’s a country that manages to hold onto a long, rich history whilst also moving into the future at an extraordinarily rapid pace. We also all know that China heavily censors the websites that can be accessed via the Internet. I work quite frequently with a number of people in China and I’m always conscious that there is certain material I’d like to share with them which they won’t be able to access. I’m not talking about anything politically or culturally sub...

Being awarded an MVP title and attending the annual summit is a little like getting your hands on one of these: Suddenly you feel all Charlie Bucket [http://en.wikipedia.org/wiki/Charlie_and_the_Chocolate_Factory], ready to gorge on the wonders that exist behind the doors of the mysterious Ballmer Wonka chocolate factory. Whilst an extensive amount of the information shared remains under NDA (more on that shortly), I’d like to share some insight from the program and the event which might shed...

Well this was a very nice email to receive: > Congratulations on being awarded MVP of the Year based on your contributions in 2011! It seems I must have done something(s) pretty right in my first year of MVPdom and word has it that my free OWASP Top 10 for .NET devs eBook [https://www.troyhunt.com/2011/12/free-ebook-owasp-top-10-for-net.html] tilted the voting in my favour. So for everyone who downloaded, RT’d, +1’d, liked, emailed and otherwise said nice things about my work, a heartfelt “t...

Last week I had the pleasure of catching up with fellow Aussie MVP Robert Crane [https://mvp.support.microsoft.com/profile=55EEF824-B195-49EC-A6EF-80D864CCC840] and recording an episode for his CIAOPS [http://ciaops.podbean.com] (the Computer Information Agency) “Need to Know” podcast. The podcast caters to those working in SMBs (small to medium businesses) and Robert and I have a good chat about a whole range of security considerations these folks should try to keep in mind. You can find the...

When it comes to our personal security, we’ve all grown a bit accustomed to keeping things on the down-low [http://en.wikipedia.org/wiki/Down-low]. For example, we cover the keypad on the ATM when entering our PIN and we shred our sensitive documents rather than throwing them straight in the trash. We do this not because any one single piece of information is going to bring us undone, but rather we try not to broadcast anything which may be used to take advantage of us. That PIN could be used...

A few months back I got a call one evening which was clearly a virus call centre scam; you know, the ones that call you out of the blue, tell you your PC is infected with all sorts of nasties and offer to fix it for you? Or maybe you don’t know, which of course is why these scams have been going on for quite some time and are still very active today. Fortunately I did know about such things so rather than summarily dismissing them with a level of disdain I normally reserve only for telemarketer...

Who here doesn’t write enough unit tests? I mean other than me? Somehow no matter how good my test coverage gets I always fell like there are some bits missing. Partly this is because unit testing practices tends to be one of those religious debates and you if you listen to enough people, it’s easy to convince yourself you’re doing it wrong. One area that’s always been a little tricky is testing anything with a database dependency. In part, this is because those tests often end up being depende...