Troy Hunt

I knew it was going to be good before even seeing it. After all, SQL Source Control [http://www.red-gate.com/products/sql_source_control/index.htm] is from the guys who brought us SQL Compare [http://www.red-gate.com/products/SQL_Compare/index.htm] and Data compare [http://www.red-gate.com/products/SQL_Data_Compare/index.htm], two of my all-time favourite tools in the “stuff that would be a real pain to do without” category. They’re tools I tend to berate developers for not having and have regul...

This content is now available in the Pluralsight course "OWASP Top 10 Web Application Security Risks for ASP.NET" [http://www.pluralsight.com/courses/owasp-top10-aspdotnet-application-security-risks] Authenticating to a website is something most of us probably do multiple times every day. Just looking at my open tabs right now I’ve got Facebook, Stack Overflow, Bit.ly, Hotmail, YouTube and a couple of non-technology forums all active, each one individually authenticated to. In each case I trust...

I hit a couple of little hurdles with Subversion this week which I thought I’d share simply because I couldn’t find much public information about it and it was only through trial and error it got resolved. The context was I was adding an externals [http://svnbook.red-bean.com/en/1.0/ch07s03.html] to a project from another repository and there were two little barriers that threw a spanner into the works. For the sake of simplicity, here’s a recreation of the scenario: The first problem is t...

So “Plan A” was to try and maintain a bit of momentum on the OWASP Top 10 for .NET developers [https://www.troyhunt.com/2010/05/owasp-top-10-for-net-developers-part-1.html] blog series and post every few weeks. Unfortunately a couple of weeks of work travel preceded by several weeks of preparing material pretty much killed any chance of avoiding a blog free month. Still, the crisitunity [http://www.urbandictionary.com/define.php?term=Crisitunity] of it all has presented new material in the form...

This content is now available in the Pluralsight course "OWASP Top 10 Web Application Security Risks for ASP.NET" [http://www.pluralsight.com/courses/owasp-top10-aspdotnet-application-security-risks] In the first post of this series [https://www.troyhunt.com/2010/05/owasp-top-10-for-net-developers-part-1.html] I talked about injection and of most relevance for .NET developers, SQL injection. This exploit has some pretty severe consequences but fortunately many of the common practices employed wh...

This content is now available in the Pluralsight courses "OWASP Top 10 Web Application Security Risks for ASP.NET" and "Ethical Hacking: SQL Injection" [http://www.pluralsight.com/courses/owasp-top10-aspdotnet-application-security-risks] There’s a harsh reality web application developers need to face up to; we don’t do security very well. A report from WhiteHat Security [http://www.slideshare.net/jeremiahgrossman/whitehat-security-8th-website-security-statistics-report] last year reported “83%...

Something that has always struck me as a bit unique about the software industry is the huge variances we see in professionalism. Consider industries such as medicine or aviation; the lower bounds of their professionalism is comparatively high and the deviation of expertise within the practitioners is comparatively low when compared to software development. Of course there are exceptions – every now and then a doctor malpractices or a pilot crashes – but these are relatively rare occurrences comp...

I thought I was a bit of a latecomer to Twitter when I jumped on board two years ago but given the growth rate since then – it’s gone from 100 million tweets in Q4 of ‘08 to 4 billion tweets in Q1 of 2010 – I appear to be a relative sage of the Twittersphere. Having now reached a point where I consider Twitter a “must have” business tool, I’m enjoying encouraging others to seek out the same benefits. However it’s always difficult to articulate the virtues in a casual conversation so here are 20...

So I got a little bit inspired the other day after watching Scott Hanselman’s Web Deployment Made Awesome: If You're Using XCopy, You're Doing It Wrong [http://www.hanselman.com/blog/WebDeploymentMadeAwesomeIfYoureUsingXCopyYoureDoingItWrong.aspx] from MIX10. With a perfect candidate ASP.NET 3.5 web app and VS2010 RC I dived in and generated Web.Release.config and Web.Debug.config files then went to publish. Unfortunately it didn’t all go to plan and all I got was this particularly uninformati...

Another year, another MIX conference in Vegas and another three days of reading all the news from afar. Fortunately the Twitter age doesn’t leave those of us on the other side of the world completely isolated and there has been some really interesting news shared by those on the ground in the US. Here’s a summary of what I found interesting and what I see is significant for the technologies involved. It’s by no means a comprehensive review – one look at the sessions list [http://live.visitmix....