A little while back I wrote about The Conversation [https://www.troyhunt.com/2015/01/introducing-secure-account-management.html], that’s the one I often have with developers looking to build web applications which need to manage accounts but who perhaps haven’t quite thought through all the ins and outs of it. That was also the launch of a new Pluralsight course Secure Account Management Fundamentals [http://www.pluralsight.com/courses/secure-account-management-fundamentals] which goes through...

These real world experiences with Azure are now available in the Pluralsight course "Modernizing Your Websites with Azure Platform as a Service" [http://www.pluralsight.com/courses/modernizing-websites-microsoft-azure]How much capacity will you need for your app? Or asked another way if wearing the vendor hat, how much money ya got? We’re generally lousy at estimating infrastructure capacity requirements and even when a more scientific approach is taken (and it’s frequently not), we’re still l...

Through what I can only describe as enormously fortuitous circumstances (and I’ll better qualify that in a later post), I have the bandwidth to do a bunch of things over the next few months that previous commitments kept me from. One of the immediate things I’m now doing is saying “yes” when I previously had to decline. Yes to conferences. Yes to training. Yes to consulting and in the context of this blog post, yes to folks in the EU. I’m off to Europe a couple of times over the coming months f...

I’ll keep this one pretty much to the point and let the pictures do most of the talking. In my kitchen cupboard, I have this: It may well be related to the vicinity of the chocolate, but the kids seem to like hitting those switches. For some reason, they particularly like doing it when I’m right in the middle of this: Editing Pluralsight courses [http://www.pluralsight.com/author/troy-hunt] is laborious work. I do it on my desktop so I get all four screens to look at and I invariably have...

Regular readers here will recognise that if there’s one thing I’m generally not short of, it’s security stuff to talk about and personal opinions on the whole thing (maybe that’s two things). Oh and there’s also the thing about spending a whole heap of time writing security training material for Pluralsight [http://www.pluralsight.com/author/troy-hunt] and maintaining Have I been pwned? [https://haveibeenpwned.com/] which all keeps me rather immersed in what I reckon is a very exciting industry....

If I’m honest, I always found it a bit unusual to get this question: “How do I secure my Angular apps?” I mean, Angular is just JavaScript that runs in the client and a few HTML directives. Ok, it’s very good JavaScript and I don’t mean to trivialise the framework in any way whatsoever, but all the security grunt work still needs to happen on the server. Angular will do nothing for your SQL injection or your lack of access controls on server resources or any of the other really nasty security...

These real world experiences with Azure are now available in the Pluralsight course "Modernizing Your Websites with Azure Platform as a Service" [http://www.pluralsight.com/courses/modernizing-websites-microsoft-azure]I was helping out a consumer of Have I been pwned? [https://haveibeenpwned.com/] (HIBP) earlier today as they were trying to build up a profile of the pwnage state of their client base. This mean firing a heap of requests at the API [https://haveibeenpwned.com/API/v2] so that they...

These real world experiences with Azure are now available in the Pluralsight course "Modernizing Your Websites with Azure Platform as a Service" [http://www.pluralsight.com/courses/modernizing-websites-microsoft-azure]No really, they’re totally awesome! I used Azure WebJobs [http://azure.microsoft.com/en-us/documentation/articles/websites-dotnet-webjobs-sdk-get-started/] in the very early days and whilst they served a purpose, I wasn’t blown away with them at the time. In fact I went on to use...

These real world experiences with Azure are now available in the Pluralsight course "Modernizing Your Websites with Azure Platform as a Service" [http://www.pluralsight.com/courses/modernizing-websites-microsoft-azure] Here’s your situation: you’ve got a heap of websites on traditional hosting models. Shared tenancies on single logical machines, dedicated infrastructure or even worse, not really any idea because you just keep paying that $5 per month and stuff works. Most of the time. But you’v...

For the past year and a bit I’ve been building out features on Have I been pwned? [https://haveibeenpwned.com/] (HIBP) in response to things I think would be awesome and things I’m asked for. I’m constantly surprised at the ways people have found to use the data for good, which is a nice twist given that the data normally comes from very unpleasant circumstances. For some ideas on how the data has been used, have a look at the API consumers page [https://haveibeenpwned.com/API/Consumers]: variou...