Raygun

I love it when a whole bunch of different bits play really nice together, especially when it’s making things more secure. Today I decided to properly implement a content security policy (CSP) on Have I been pwned? (HIBP) and managed to tie in a whole bunch of nice bits to create what I reckon is a pretty neat implementation. Firstly, if CSP is new to you, go and read Scott Helme’s overview [https://scotthelme.co.uk/content-security-policy-an-introduction/] which is excellent. The tl;dr version...

It’s never real nice waking up to something like this: This was Have I been pwned? [https://haveibeenpwned.com] (HIBP) first thing my Saturday morning. The outage was accompanied by a great many automated email notifications and manual reminders from concerned citizens that my site was indeed, down. Having my Azure showcase site down at the very same moment as my Pluralsight course on Azure was launched – Modernizing Your Websites with Azure Platform as a Service [http://www.pluralsight.com/c...

These real world experiences with Azure are now available in the Pluralsight course "Modernizing Your Websites with Azure Platform as a Service" [http://www.pluralsight.com/courses/modernizing-websites-microsoft-azure] Remember the good old days when a website used to be nothing more than a bunch of files on a web server and a database back end? Life was simple, easy to manage and gloriously inefficient. Wait – what? That’s right, all we had was a hammer and we consequently treated every challen...

In the spirit of “here’s something I couldn’t find an easy answer for so I’m writing it myself”, let me very briefly run you through how to have Raygun ignore specific exception types raised by Web API. Firstly, Web API support came a couple of months ago [https://raygun.io/blog/2014/08/webapi-exception-tracking/] which is rather important given how much stuff is transitioning to APIs these days. I use Web API fairly extensively in Have I been pwned? [https://haveibeenpwned.com/] (HIBP), partl...

For some years now, one of the first things I’ve dropped into any new project has been ELMAH [https://code.google.com/p/elmah/]. Grab it from NuGet, provision yourself a SQL database table and watch magic happen as every unhandled error gets dumped into the DB and is reviewable via a handler which exposes the original stack trace amongst other info such as server variables and POST data. In theory, you also secure this. In practice, many people don’t [https://www.google.com/search?q=inurl%3Aelma...