Pluralsight

I didn’t think there was much wrong with my existing recording setup, but it turned out to be one of those “You don’t know what you don’t know” kind of things. It was only whilst over at the Pluralsight author summit [https://www.troyhunt.com/2015/03/on-being-pluralsight-author.html] last month that I talked to people who actually knew what they were doing and then I realised what was wrong! As a result of that visit, I’ve just finished totally revamping my recording setup. New mic. New boom. N...

Let’s just get this out of the way early – Azure is awesome. No really, I am continually blown away by the stuff you can do with it, how cheaply you can do it and just how much it changes the conversation you can have with those you’re delivering solution to using Microsoft’s cloud. This is not an endorsement based on my affinity for Microsoft nor is it constructed from what I read or see at talks, it’s based on my own firsthand experiences delivering real world software on the platform. I’ve b...

I’ve just come back from spending some time over in Utah with Pluralsight and a bunch of fellow authors and as I was last year, I’m all excited and full of great ideas. A bunch of people asked me what it was all about and what it means to be a Pluralsight author so rather than continually giving short responses to individuals, I thought I should articulate things a little more clearly because frankly, it’s all rather exciting. Let me explain. Culture I’d like to think that as Aussies, we’ve g...

If I’m honest, I always found it a bit unusual to get this question: “How do I secure my Angular apps?” I mean, Angular is just JavaScript that runs in the client and a few HTML directives. Ok, it’s very good JavaScript and I don’t mean to trivialise the framework in any way whatsoever, but all the security grunt work still needs to happen on the server. Angular will do nothing for your SQL injection or your lack of access controls on server resources or any of the other really nasty security...

I’ve just published my eighth Pluralsight course – Secure Account Management Fundamentals [http://www.pluralsight.com/courses/secure-account-management-fundamentals] – and it’s all about the things we need to do to properly look after the valuable customers that use the services we developers build. Normally when I launch a new course I’d write up a bunch of detail on what it’s all about but this time, I thought I’d reproduce a collection of the discussions I’ve had with many people over many ye...

Here’s a pop quiz for you: how much data do you reckon this iPad app downloads when it first runs? I don’t mean how big it is to download from the App Store (it’s 25MB), I mean after you download it then simply tap the icon to fire it up, how much data does it pull down if you don’t touch it again? Take a close look and consider the answer before reading on: Now you’ve probably done what I would have done – looked what you can see on the screen, speculated about how you’d build it in a way to...

Remember Shellshock? How could anyone forget! This thing has totally dominated the news – not just the tech news either – and like Heartbleed before it (inevitably the yardstick we compare it to), the hype has been, well, somewhat overinflated. I get it – it is a big thing – but the press has a way of sensationalising things in a pretty unique way. Case in point: I wrote Everything you need to know about the Shellshock Bash bug [https://www.troyhunt.com/2014/09/everything-you-need-to-know-about...

Did I mention that we have some terrible security flaws with our APIs behind rich client apps? Pretty sure I did’; oh and I did just write a Pluralsight course that shot to the top of the charts [http://pluralsight.com/training/Courses/TableOfContents/hack-your-api-first] so yeah, there’s that! There are a few reasons why vulnerabilities in APIs are the new black: 1. They’re that much less obvious than vulnerabilities in browser-based apps; you don’t see the URL, you don’t get browser war...

A few years ago I was taking a look at the inner workings of some mobile apps on my phone. I wanted to see what sort of data they were sending around and as it turned out, some of it was just not the sort of data that should ever be traversing the interwebs in the way it was. In particular, the Westfield iPhone app to find your car caught my eye [https://www.troyhunt.com/2011/09/find-my-car-find-your-car-find.html]. A matter of minutes later I had thousands of numberplates for the vehicles in th...

Ever notice how in hindsight, most of the online attacks we see could have been easily prevented? Granted, we tend to have 20:20 vision when we’re looking back, but take something like the Bell telco in Canada and their SQL injection attack the other day [https://www.troyhunt.com/2014/02/heres-how-bell-was-hacked-sql-injection.html]. Guys, it’s a simple matter of validating the untrusted data and parameterising the SQL statements. We know this – we’ve (the software community) had this discussion...