Mastodon

Fixing Data Breaches

A 5-post collection

Fixing Data Breaches Part 5: Penalties

In the first 4 parts of "Fixing Data Breaches", I highlighted education [https://www.troyhunt.com/fixing-data-breaches-part-1-education/], data ownership and minimisation [https://www.troyhunt.com/fixing-data-breaches-part-2-data-ownership-minimisation/], the ease of disclosure [https://www.troyhunt.com/fixing-data-breaches-part-3-the-ease-of-disclosure/] and bug bounties [https://www.troyhunt.com/fixing-data-breaches-part-4-bug-bounties/] as ways of addressing the problem. It was inevitable tha...

Fixing Data Breaches Part 4: Bug Bounties

Over the course of this week, I've been writing about "Fixing Data Breaches" which focuses on actionable steps that can be taken to reduce the prevalence and the impact of these incidents. I started out by talking about the value of education [https://www.troyhunt.com/fixing-data-breaches-part-1-education/]; let's do a better job of stopping these incidents from occurring in the first place by avoiding well-known coding and configuration flaws. I went on to data ownership and minimisation [https...

Fixing Data Breaches Part 3: The Ease of Disclosure

This week, I've been writing up my 5-part guide on "Fixing Data Breaches". On Monday I talked about the value of education [https://www.troyhunt.com/fixing-data-breaches-part-1-education/]; let's try and stop the breach from happening in the first place. Then yesterday it was all about reducing the impact of a breach [https://www.troyhunt.com/fixing-data-breaches-part-2-data-ownership-minimisation/], namely by collecting a lot less data in the first place then recognising that it belongs to the...

Fixing Data Breaches Part 2: Data Ownership & Minimisation

Yesterday, I wrote the first part of this 5-part series on fixing data breaches and I focused on education [https://www.troyhunt.com/fixing-data-breaches-part-1-education/]. It's the absolute best bang for your buck by a massive margin and it pays off over and over again across many years and many projects. Best of all, it's about prevention rather than cure. The next few parts of this series all focus on cures - how do we fix data breaches once bad code has already been written or bad server c...

Fixing Data Breaches Part 1: Education

We have a data breach problem. They're constant news headlines, they're impacting all of us and frankly, things aren't getting any better. Quite the opposite, in fact - things are going downhill in a hurry. Last month, I went to Washington DC, sat in front of Congress and told them about the problem [https://www.troyhunt.com/heres-what-im-telling-us-congress-about-data-breaches/]. My full written testimony is in that link and it talks about many of the issue we face today and the impact data br...

Troy Hunt

Hi, I'm Troy Hunt, I write this blog, run "Have I Been Pwned" and am a Microsoft Regional Director and MVP who travels the world speaking at events and training technology professionals

Upcoming Events

I often run private workshops around these, here's upcoming events I'll be at:

Must Read

Don't have Pluralsight already? How about a 10 day free trial? That'll get you access to thousands of courses amongst which are dozens of my own including:

  1. OWASP Top 10 Web Application Security Risks for ASP.NET
  2. What Every Developer Must Know About HTTPS
  3. Hack Yourself First: How to go on the Cyber-Offense
  4. The Information Security Big Picture
  5. Ethical Hacking: Social Engineering
  6. Modernizing Your Websites with Azure Platform as a Service
  7. Introduction to Browser Security Headers
  8. Ethical Hacking: SQL Injection
  9. Web Security and the OWASP Top 10: The Big Picture
  10. Ethical Hacking: Hacking Web Applications