Monday, 27 May 2013

Talking with Scott Hanselman on honeypots, pineapples and SSL

Monday, 27 May 2013

For many of you, Scott Hanselman will need no introduction and is a very familiar face, voice and writer. Among the many good things that Scott does to support the web development community (and that’s not just the Microsoft folks either), he’s also the man behind the Hanselminutes podcast which I was very happy to join him on recently. In fact this remains one of the very few podcasts where I actually listen to every episode – regardless of the direct relevance to me – simply because it’s delivered in such a professional manner and I know I’m going to learn something each time.

The podcast has gone out under the title Are you secure? WiFi Honeypots, Pineapples and SSL with Troy Hunt which is pretty self-explanatory. As per the title, we mostly discuss the risks presented by using public wifi plus the importance of HTTPS for those of us who are building web apps. Let me share some supplementary material which I’ve either touched on in that talk or will be of relevance to interested listeners:

  1. SSL is not about encryption
  2. OWASP Top 10 for .NET developers part 9: Insufficient Transport Layer Protection
  3. 5 ways to implement HTTPS in an insufficient manner (and leak sensitive data)
  4. Your login form posts to HTTPS, but you blew it when you loaded it over HTTP
  5. The beginners guide to breaking website security with nothing more than a Pineapple
  6. Pineapple Surprise! Mixing trusting devices with sneaky Wi-Fi at #wdc13

There’s a lot more related content beneath those but that’s a good starting point. I hope you enjoy the podcast!

Tags:

comments powered by Disqus

Leaving comments is awesome, please do. All I ask is that you be nice and if in doubt, read Comments on troyhunt.com for guidance.