Speaking

Did I mention already that NDC was totally awesome [https://www.troyhunt.com/2014/06/ndc-2014-vikings-passwords-and.html]? Pretty sure I said something along those lines (many, many times) and as you’ll see from the presentations I did in that link, I had a heap of fun while I was there. Actually, I had so much fun that I’ve already committed to go back in 2015. That’s it, I’m there! While I was there, I finally got to catch up in person with Carl and Richard of .NET Rocks fame. I’ve been on th...

Here was the original plan: propose two talks for NDC, travel over to the other side of the world and do them both then make the long trek home (each trip taking about 33 hours, thank you very much). That was pretty much how it went except that only one of the proposed talks made the cut (I later learned that they seemed too similar which is a perfectly reasonable assessment). So I did the only sensible thing and took the very best parts out of the talk that didn’t make the cut and rolled them i...

Be honest now – how many of you are metaphorically shackled to your PCs day in and day out? Keeping in mind that I largely speak to an audience that earns a living by spending the majority of their day in front of screens, a great deal of people reading this just aren’t making enough time to literally see the light of day. Admittedly, I’m one of those screen-bound people that puts in a whole lot of hours coding, blogging, recording, emailing and partaking in all sorts of other byte-driven activi...

Last month I headed over to the totally awesome conference that was Codemania in Auckland, New Zealand (for international readers, it’s like Australia but with stranger accents and more hobbits). I spoke on… security! Imagine that? More specifically, I spoke about “Hacking Yourself First” which is all about teaching developers to identify risks in their own software before someone else does! If this sounds interesting (and if you’re building software for the web, it should), the talk is based...

Ever notice how in hindsight, most of the online attacks we see could have been easily prevented? Granted, we tend to have 20:20 vision when we’re looking back, but take something like the Bell telco in Canada and their SQL injection attack the other day [https://www.troyhunt.com/2014/02/heres-how-bell-was-hacked-sql-injection.html]. Guys, it’s a simple matter of validating the untrusted data and parameterising the SQL statements. We know this – we’ve (the software community) had this discussion...

Day 16: The news headlines continue. Conspiracy theories keep emerging. The FUD evolves as people take further liberties with the truth (no mate, you didn’t get done by Heartbleed, you just chose a crap password). A few days ago I caught up with Richard Campbell of RunAs Radio fame to talk about Heartbleed [http://www.runasradio.com/default.aspx?showNum=365]. You may remember Richard from such .NET Rocks episodes as talking security with Carl, Richard and Troy [https://www.troyhunt.com/2012/01/...

A little while back I caught up with Rob Sobers [https://twitter.com/rsobers] at Varonis [http://varonis.com] and had a good chat [http://blog.varonis.com/podcast-wi-fi-security-firesheep-pineapples-troy-hunt/] about wifi, XSS and various other bits and pieces related to security on the web today. I find chats like this are great for getting a candid sense of what’s going on in the industry; no scripting, no editing just straight talk on how we’re getting pwned online. Your browser does not s...

I just had an absolutely tremendous trip over to Salt Lake City for the annual Pluralsight authors’ summit where 100 or so of us got together with the Pluralsight folks and talked about many wonderful things. Included in that time was a number of “lightening talks” or in other words, presos limited to 5 minutes during which you make as much impact as you possibly can. Clearly this called for me to break out the trusty wifi Pineapple [https://www.troyhunt.com/2013/04/the-beginners-guide-to-breaki...

Last month I had a great couple of days at Web Directions South in Sydney. Great on the first day because I got to kick back and watch messages like this popping up on the Twitters: And then great on the second day because I got to talk to everyone about what it means to your app security to have your wifi hijacked. The video of that talk has just gone up on YouTube and IMHO, it’s come up rather well: I also wrote in more detail about how I used the Pineapple at Web Directions and what data...

It’s been a while since I last spoke to Carl and Richard on .NET Rocks [https://www.troyhunt.com/2012/01/net-rocks-talks-security-with-carl.html] where it was all about the OWASP Top 10 and the provisions available in ASP.NET to keep yourself on the happy side of getting hacked. I had a chance to catch up with the guys again a couple of weeks ago to record a new episode all around “Hacking Yourself First” which ties in neatly to much of the writing I’ve been doing lately and my Pluralsight cour...