Troy Hunt

Internet Explorer 6; will this thing ever die?! Now 9 years old – and superseded for almost half that time – it remains the bane of web developers’ lives the world over. Even YouTube and Google have jumped on the anti-IE6 bandwagon [http://mashable.com/2010/02/23/youtube-ie6/] but the browser people love to hate remains the cockroach of the nuclear fallout that is standards-compliant ire. There have been glimpses of hope and reports of it waning into obscurity [http://mashable.com/2010/06/01/i...

Yes, it’s the new iPhone 4. No, I didn’t camp outside Apple all night, there’s nothing wrong with the signal quality and yes, I hold it any damn way I like! Now that we’ve covered off all the usual questions, let me get to the heart of the matter. I picked up a couple of new iPhones (because I’m a caring husband!) a few hours after they launched in Australia. Exclusivity doesn’t last long and whilst the novelty factor is still high, a lot of friends and family are asking “why?”. Why move from...

A couple of Saturdays back I had a chat with Richard Banks [http://www.richard-banks.org] on the Talking Shop Down Under [http://www.talkingshopdownunder.com] podcast about web application security while at “Developer Developer Developer!” in Sydney [http://www.dddsydney.com/]. It’s now online here: Episode 22 - Troy Hunt on Developers and Security [http://www.talkingshopdownunder.com/2010/07/episode-22-troy-hunt-on-developers-and.html] It’s a funny thing, podcasts; there are no second takes...

I knew it was going to be good before even seeing it. After all, SQL Source Control [http://www.red-gate.com/products/sql_source_control/index.htm] is from the guys who brought us SQL Compare [http://www.red-gate.com/products/SQL_Compare/index.htm] and Data compare [http://www.red-gate.com/products/SQL_Data_Compare/index.htm], two of my all-time favourite tools in the “stuff that would be a real pain to do without” category. They’re tools I tend to berate developers for not having and have regul...

This content is now available in the Pluralsight course "OWASP Top 10 Web Application Security Risks for ASP.NET" [http://www.pluralsight.com/courses/owasp-top10-aspdotnet-application-security-risks] Authenticating to a website is something most of us probably do multiple times every day. Just looking at my open tabs right now I’ve got Facebook, Stack Overflow, Bit.ly, Hotmail, YouTube and a couple of non-technology forums all active, each one individually authenticated to. In each case I trust...

I hit a couple of little hurdles with Subversion this week which I thought I’d share simply because I couldn’t find much public information about it and it was only through trial and error it got resolved. The context was I was adding an externals [http://svnbook.red-bean.com/en/1.0/ch07s03.html] to a project from another repository and there were two little barriers that threw a spanner into the works. For the sake of simplicity, here’s a recreation of the scenario: The first problem is t...

So “Plan A” was to try and maintain a bit of momentum on the OWASP Top 10 for .NET developers [https://www.troyhunt.com/2010/05/owasp-top-10-for-net-developers-part-1.html] blog series and post every few weeks. Unfortunately a couple of weeks of work travel preceded by several weeks of preparing material pretty much killed any chance of avoiding a blog free month. Still, the crisitunity [http://www.urbandictionary.com/define.php?term=Crisitunity] of it all has presented new material in the form...

This content is now available in the Pluralsight course "OWASP Top 10 Web Application Security Risks for ASP.NET" [http://www.pluralsight.com/courses/owasp-top10-aspdotnet-application-security-risks] In the first post of this series [https://www.troyhunt.com/2010/05/owasp-top-10-for-net-developers-part-1.html] I talked about injection and of most relevance for .NET developers, SQL injection. This exploit has some pretty severe consequences but fortunately many of the common practices employed wh...

This content is now available in the Pluralsight courses "OWASP Top 10 Web Application Security Risks for ASP.NET" and "Ethical Hacking: SQL Injection" [http://www.pluralsight.com/courses/owasp-top10-aspdotnet-application-security-risks] There’s a harsh reality web application developers need to face up to; we don’t do security very well. A report from WhiteHat Security [http://www.slideshare.net/jeremiahgrossman/whitehat-security-8th-website-security-statistics-report] last year reported “83%...

Something that has always struck me as a bit unique about the software industry is the huge variances we see in professionalism. Consider industries such as medicine or aviation; the lower bounds of their professionalism is comparatively high and the deviation of expertise within the practitioners is comparatively low when compared to software development. Of course there are exceptions – every now and then a doctor malpractices or a pilot crashes – but these are relatively rare occurrences comp...