Pluralsight

I take more pleasure than I probably should in watching the bewilderment within organisations as the technology landscape rapidly changes and rushes ahead of them. Perhaps "pleasure" isn't the right word, is it more "amusement"? Or even "curiosity"? Whichever it is, I find myself rhetorically asking "so you just expected everything to stay the same forever, did you?" A case in point: you should look for the green padlock on a website so that you know it's safe. Except that you can't say that an...

Rounding out a recent spate of new Pluralsight courses is one final one: Modern Browser Security Reports [https://pluralsight.pxf.io/c/1196446/424552/7490?u=https%3A%2F%2Fapp.pluralsight.com%2Flibrary%2Fcourses%2Fmodern-browser-security-reports] . This time, it's with Scott Helme [https://scotthelme.co.uk/] who for most of my followers, needs no introduction. You may remember Scott from such previous projects as securityheaders.io [https://securityheaders.com/], Report URI [https://report-uri.co...

Only a few weeks ago, I wrote about a new GDPR course with John Elliott [https://www.troyhunt.com/new-pluralsight-course-the-state-of-gdpr-common-questions-and-misperceptions/] . We've been getting fantastic feedback on that course and I love the way John has been able to explain GDPR in a way that's actually practical and makes sense! In my experience, that's a bit of a rare talent in GDPR land... When we recorded that course in London a couple of months back, we also recorded another one on D...

Earlier this year, I spent some time in San Fran with friend and Bugcrowd [https://www.bugcrowd.com/] founder Casey Ellis [https://twitter.com/caseyjohnellis] where we recorded a Pluralsight "Play by Play" titled Bug Bounties for Companies [https://www.troyhunt.com/new-pluralsight-course-bug-bounties-for-companies/]. I wrote about that in the aforementioned post which went out in May and I mentioned back then that we'd also created a second course targeted directly at researchers. We had to pull...

I love so many of the underlying principles of GDPR as it relates to protecting our personal data. I love the idea of us providing it for a specific purpose and it not being used beyond that. I love that it seeks to give us more control over access to (and erasure of) our data. I also love that the regulation has the potential to seriously bite organisations that don't protect it. You'd be hard pressed to find anyone who disagrees with any of that. However, there are many things I dislike about...

Try publishing something to the internet - anything - and see how it long it takes before something nasty is probing away at it. Brand new website, new domain and it's mere hours (if not minutes) before requests for wp-admin are in the logs. Yes, I know it's not a Wordpress site but that doesn't matter, the bots don't care. But that's just indiscriminate scanning, nothing personal; how about deliberate and concerted attacks more specifically designed to get into your things? As the value of wha...

It's a new Pluralsight course! Yes, I know I said that yesterday too [https://www.troyhunt.com/new-pluralsight-course-owasp-top-10-2017/], but this is a new new Pluralsight course and it's the second part in our series on Creating a Security-centric Culture [https://www.troyhunt.com/were-doing-an-all-new-pluralsight-series-creating-a-security-centric-culture/] . As I wrote there back in Jan, we're doing this course on a quarterly basis and putting it out in front of the paywall so in other words...

Just a tad over 5 years ago, I released my first ever Pluralsight course - OWASP Top 10 Web Application Security Risks for ASP.NET [https://pluralsight.pxf.io/c/1196446/424552/7490?u=https%3A%2F%2Fapp.pluralsight.com%2Flibrary%2Fcourses%2Fowasp-top10-aspdotnet-application-security-risks%2Ftable-of-contents] . More than 32k people have listened to more than 78k hours of content in this course making it not just the most popular course I've ever released, but also keeping it as my most popular in...

Ah JavaScript, the answer to - and cause of - all our problems on the web today! Just kidding, jQuery has solved all our JS problems now... But seriously, JS is a major component of so much of what we build online these days and as with our other online things, the security posture of it is enormously important to understand. Recently, I teamed up with good mate and fellow Pluralsight author Aaron Powell [https://www.aaron-powell.com/] who spends his life writing JS things. We spoke about manag...

I was chatting to some folks at a bank just the other day about a bunch of modern web security standards. Whilst this blog post is about a Pluralsight course I created with Lars Klint [https://pluralsight.pxf.io/c/1196446/424552/7490?u=https%3A%2F%2Fapp.pluralsight.com%2Flibrary%2Fcourses%2Fplay-by-play-modern-web-security-patterns%2Ftable-of-contents] , it only really hit me during that bank conversation just how much there is to take onboard when it comes to securing things in the browser toda...