Rounding out a recent spate of new Pluralsight courses is one final one: Modern Browser Security Reports [https://pluralsight.pxf.io/c/1196446/424552/7490?u=https%3A%2F%2Fapp.pluralsight.com%2Flibrary%2Fcourses%2Fmodern-browser-security-reports] . This time, it's with Scott Helme [https://scotthelme.co.uk/] who for most of my followers, needs no introduction. You may remember Scott from such previous projects as securityheaders.io [https://securityheaders.com/], Report URI [https://report-uri.co...

Only a few weeks ago, I wrote about a new GDPR course with John Elliott [https://www.troyhunt.com/new-pluralsight-course-the-state-of-gdpr-common-questions-and-misperceptions/] . We've been getting fantastic feedback on that course and I love the way John has been able to explain GDPR in a way that's actually practical and makes sense! In my experience, that's a bit of a rare talent in GDPR land... When we recorded that course in London a couple of months back, we also recorded another one on D...

Earlier this year, I spent some time in San Fran with friend and Bugcrowd [https://www.bugcrowd.com/] founder Casey Ellis [https://twitter.com/caseyjohnellis] where we recorded a Pluralsight "Play by Play" titled Bug Bounties for Companies [https://www.troyhunt.com/new-pluralsight-course-bug-bounties-for-companies/]. I wrote about that in the aforementioned post which went out in May and I mentioned back then that we'd also created a second course targeted directly at researchers. We had to pull...

It's the coffee-machine weekly update! A slight change of scenery but other than that, it's business as usual. I'm going to keep this intro super-brief because it's very near beer o'clock and I have a very important task to go and take care of: > BBQ time ? pic.twitter.com/yq5hXOGABt [https://t.co/yq5hXOGABt] — Troy Hunt (@troyhunt) August 3, 2018 [https://twitter.com/troyhunt/status/1025220673092767744?ref_src=twsrc%5Etfw] [https://itunes.apple.com/au/podcast/troy-hunts-weekly-update-podcast/...

So that little project Scott Helme [https://scotthelme.co.uk/] and I took on - WhyNoHTTPS.com [https://whynohttps.com/] - seems to have garnered quite a bit of attention. We had about 81k visitors drop by on the first day and for the most part, the feedback has been overwhelmingly positive. Most people have said it's great to have the data surfaced publicly and they've used that list to put some pressure on sites to up their game. We're already seeing some sites on the Day 1 list go HTTPS (alth...

Alrighty, 2 big things to discuss today and I'll jump right into them here: Exactis: it's hard to know where to even start with this one and frankly, the more I think about the more frustrated I am that services like this even exist in the first place. But they do and it's worthwhile being aware of them so have a listen to the video this week and check out the links I've shared below. Why No HTTPS? This is Scott Helme's and my little project which turned out to be a much bigger project but one...

As of today, Google begins shipping Chrome 68 which flags all sites served over the HTTP scheme as being "not secure" [https://security.googleblog.com/2018/02/a-secure-web-is-here-to-stay.html]. This is because the connection is, well, not secure so it seems like a fairly reasonable thing to say! We've known this has been coming for a long time now both through observing the changes in the industry and Google specifically saying "this is coming". Yet somehow, we've arrived at today with a sizabl...

This week I'm doing my best "dress like a professional" impersonation as I prepare to record the next episode in our quarterly Creating a Security-centric Culture series [https://www.pluralsight.com/courses/security-culture-creating]. We're putting these out for free every few months and right after wrapping up this week's update, I recorded the next Pluralsight one and that's now gone off to them for editing. This week, I'm still on HTTPS. I don't mean for this to become a repetitive topic (an...

Two of my favourite developer things these days are Azure Functions [https://www.troyhunt.com/azure-functions-in-practice/] and Cloudflare Workers [https://scotthelme.co.uk/cloudflare-workers-report-uri/]. They're both "serverless" in that rather than running on your own slice of infrastructure, that concept is abstracted away and you get to focus on just code executions rather than the logical bounds of the server it runs on. So for example, when you have an Azure function and you deploy it und...

I love so many of the underlying principles of GDPR as it relates to protecting our personal data. I love the idea of us providing it for a specific purpose and it not being used beyond that. I love that it seeks to give us more control over access to (and erasure of) our data. I also love that the regulation has the potential to seriously bite organisations that don't protect it. You'd be hard pressed to find anyone who disagrees with any of that. However, there are many things I dislike about...