Speaking

Who’s hacking us? How are we (as developers) making this possible? What are some of the common flaws we’re building into software? And what exactly is “pwned” anyway?! All these questions and more come up and get answered in the presentation I made to Developers Developers Developers! [http://lanyrd.com/2012/dddsydney/] in Sydney a few months ago. Fortunately the good folks at SSW [http://www.ssw.com.au/ssw/default.aspx] were kind enough to record and very professionally produce a number of the...

As many readers and followers will know, I’ve had a bit of fun with scammers [https://www.troyhunt.com/2012/04/type-www-ok-w-w-w-d-o-t-antagonising.html] in the past. Remember those guys who call you up while you’re sitting down for dinner and tell you your computer has all sorts of nasties in it? Yeah, those guys. The blog posts I’ve made have been part of the story and inevitably the one most people are familiar with, but there are a few other things happening which I think some of you would...

Strangely enough, there are time when I talk about things that aren’t directly related to security and yesterday’s guest appearance on the Uhuru podcast was one of these. In fact “the cloud” is something I’m deeply interested in and have spent a lot of time thinking about and working with lately, one significant of example of which has been the use of AppHarbor [http://appharbor.com] for hosting ASafaWeb [https://asafaweb.com/]. Yesterday I had a short chat to Michael Surkan [https://twitter.co...

I’ve been writing and speaking about OWASP for long enough now that it was probably about time I contributed to the podcast so when Jim Manico [http://twitter.com/manicode] invited me to talk, it was a no-brainer! I had a good chat with Jim about a range of aspects related to ASP.NET; good stuff in the framework, not such good stuff in the framework, where I’m seeing people go wrong with .NET security and then a bit about some of the things I’m doing in terms of writing the OWASP Top 10 for .NET...

It already seems like a lifetime ago, but it was only last month that I was over in Seattle at the 2012 MVP Summit. While I was there, I had a short chat on video with Dave Giard [https://twitter.com/#!/DavidGiard] for his Technology and Friends blog. We predominantly spoke about ASP.NET security and in particular, cryptographic storage of credentials and transport layer security so it’s a little more focussed than many of my talks. The original post is over on Dave’s blog under Episode 207: Tr...

[http://tv.ssw.com/] There’s an excellent home-grown Aussie free learning resource which I suspect is a bit new to a lot of developers: SSW TV [http://tv.ssw.com/]. SSW is a local Sydney development shop headed up by Adam Cogan [http://www.adamcogan.com/], a Microsoft Regional Director and ALM MVP. I offered to talk a little about web app security to their user group a couple of months back and we recorded Protecting your Web Apps from the Tyranny of Evil with OWASP [http://tv.ssw.com/1492/pr...

Last week I had the pleasure of catching up with fellow Aussie MVP Robert Crane [https://mvp.support.microsoft.com/profile=55EEF824-B195-49EC-A6EF-80D864CCC840] and recording an episode for his CIAOPS [http://ciaops.podbean.com] (the Computer Information Agency) “Need to Know” podcast. The podcast caters to those working in SMBs (small to medium businesses) and Robert and I have a good chat about a whole range of security considerations these folks should try to keep in mind. You can find the...

Today I had the pleasure of spending about an hour and a half talking to Peter Shaw [http://shawtyds.wordpress.com/] from LIDNUG [http://lidnug.org] about security, security and, uh, security! If the LinkedIn .NET User Group is a little bit new to you, it’s the top LinkedIn group dedicated to .NET with a staggering 47,387 members at the time of writing. This is a casual chat rather than a a full on interview and covers a bunch of the usual stuff I talk about such as the OWASP Top 10. Hope you e...

Yep, this Troy! Right at the tail end of my Christmas holidays a couple of weeks back I had the pleasure of having a great chat with these guys: In case you’ve been living under a rock (no pun intended), for the last nine and a half years, .NET Rocks is without doubt the foremost .NET themed podcast in the universe. By the time they got to me, there had already been 734 prior episodes (frequently running for an hour or more), so the series has well and truly become ingrained in the psyche of...

So my conference presentation on the tyranny of evil is now done and dusted at DDD Sydney [http://www.dddsydney.com]. Given I’m writing this in advance with the intention of making the material available immediately afterwards, I’ll need to rely on others to comment on how it all went. The important bit is that the slides are now available here [http://dl.dropbox.com/u/8529390/Protecting%20your%20web%20applications%20from%20the%20tyranny%20of%20evil.ppsx] and all the code used in the examples...