Troyhunt - troyhunt.com - Troy Hunt's Blog
General Information:
Latest News:
5 ways to tackle an insufficient HTTPS implementation 27 Aug 2013 | 02:03 pm
Earlier this year I wrote about 5 ways to implement HTTPS in an insufficient manner (and leak sensitive data). The entire premise of the post was that following a customer raising concerns about their...
Everything you wanted to know about SQL injection (but were afraid to ask) 30 Jul 2013 | 01:37 pm
Put on your black hats folks, it’s time to learn some genuinely interesting things about SQL injection. Now remember – y’all play nice with the bits and pieces you’re about to read, ok? SQL injection...
Of developers, security professionals and playing nice together on PaulDotCom 24 Jul 2013 | 03:23 am
Last week I had a video chat with the guys over on PaulDotCom (which, of course is at pauldotcom.com) on a whole bunch of app sec related issues, specifically around how developers can become more sec...
Bloody galah scammers still not getting the message 23 Jul 2013 | 12:25 pm
As regular readers will know by now, I’m not real fond of virus call centre scammers. You know, the ones who call you up while you’re making dinner or bathing and kids and tell you they’re from Micros...
Your website has never been hacked! (except for all the times that it has) 17 Jul 2013 | 02:03 pm
As part of my general wish to be a good netizen and advocate of website security, I made a responsible disclosure the other day, you know, the kind where you privately email an organisation and pass o...
GT-R: The technology of speed 16 Jul 2013 | 02:27 am
I have two enduring loves beyond the commonly accepted ones of health and family: technology and fast cars. It’s hard to be passionate about these two and not lust after a GT-R so after some years of ...
Video: Cyber-security and the broken web 15 Jul 2013 | 05:12 pm
I’ve been doing a number of smaller presentations to user groups and private audiences lately and one of the things I’ve been focussing on is trying to give a sense of how fundamentally broken the sec...
How to build (and how not to build) a secure “remember me” feature 1 Jul 2013 | 02:04 pm
Here’s the scenario – a user logs in to your website, comes back tomorrow and… has to log in again. The idea of the “remember me” feature – and let’s face it, we’ve all seen this before – is that thei...
Video: “Hack Yourself First” and other security tips for web developers 25 Jun 2013 | 02:09 pm
A little while back I wrote about Hacking yourself first and detailed a bunch of different ways for developers to seek out risks in their own apps, hopefully before attackers find them first. I’m extr...
The security futility that is embedding secure login forms within insecure pages 24 Jun 2013 | 01:56 pm
I’ve been writing a bunch of content around HTTPS lately and recording videos to demonstrate the ease with which insecure implementations of SSL can be broken. For example, there was the piece on why ...