Pluralsight

I did a security workshop in a faraway land recently. I’ll not say which one because I want to ensure there’s an appropriate level of anonymity for this story as it could be rather inconvenient for the subject of it otherwise. Anyway, I do my usual thing of showing attendees how to hack their own things. We do SQL injection and XSS and a whole bunch of other really hands on stuff targeted at developers. The niche I find myself filling these days is security content that talks to folks who actua...

So the Ethical Hacking series marches on, this time with my third course in the series, Ethical Hacking: Hacking Web Applications [http://www.pluralsight.com/courses/ethical-hacking-web-applications]. As a quick recap of why we’re doing this series, Ethical Hacking material remains the number one requested content on Pluralsight’s course suggestion list [http://support.pluralsight.com/forums/127919-new-course-suggestions]. It’s more in demand than all the new shiny Microsoft .NET bits or fancy c...

I’ve been doing this fantastic demo about browser security headers in a lot of my recent talks and workshops. It’s always a lot of fun and it’s very interactive – you can try this out for yourself right now – and it works like this: So cross site scripting (XSS) is still a big thing. Yes it’s been around for ages and yes we should be on top of it by now, but here we are. Anyway, I was at the AppSecEU conference in the Netherlands a few months ago and a local guy called Breno de Winter did a fan...

A couple of months ago I wrote about how fellow author Dale Meredith and myself are building out an ethical hacking series on Pluralsight [https://www.troyhunt.com/2015/05/its-ethical-hacking-with-sql-injection_21.html] and in that post I launched the first course I had written for the series on SQL injection. You can read about the ethical hacking series in that blog post and what my approach to covering the CEH syllabus has been (hint: I have my own take on it), but what I will again point out...

You know how you like free stuff? And cloud? And security? Of course you do – what’s not to like?! Well because Pluralsight and CloudFlare love it, we’re making my latest course available to everyone 100% for free for the next week [https://get.pluralsight.com/free-weekly-course.html]. [https://get.pluralsight.com/free-weekly-course.html] This is a great course for anyone who wants a very slick way of quickly adding SSL and raft of other security features to their site with a bare minimum of...

A couple of weeks ago I did a free webinar on Pluralsight titled Why SQL Injection Remains the #1 Web Security Risk Today (and what you should know about it) [https://get.pluralsight.com/webinar_why_sql_injection_remains_the_1_web_security_risk_today.html] . This is a rather self-explanatory title and it’s completely true – SQL injection remains a big thing and we keep getting it wrong. Like an example? Only 8 months ago, Drupal had a major vulnerability in their product [https://www.drupal.org/...

You may not realise this, but you use CloudFlare [https://www.cloudflare.com/]. You probably use it every day and you do so without even realising it. You reap numerous benefits from it as well but they’re seamless – it just makes your browsing experience better. By better I mean faster and most importantly in the context of this blog post and my latest Pluralsight course [http://www.pluralsight.com/courses/cloudflare-security-getting-started], more secure. Unless you’re an attacker in which cas...

I’ve long been a proponent of “hacking yourself first”, that is the idea of building up some offensive skills such that you can actually take a good shot at ethically breaking apps for the betterment of society. Whether they’re you’re own apps that you’ve built or ones you’re testing part of a dev team doesn’t really matter, it’s the same skills and the same end result – you find bad stuff before bad people do. What I can now share with everyone is that over the last few months, I’ve been work...

So the dust has finally settled. A month ago I wrote about </pfizer> [https://www.troyhunt.com/2015/04/today-marks-two-important-milestones.html] which marked my departure from the corporate world after spending the last 14 years building and managing their software things across a good whack of the world. With that chapter now formally closed, it’s time to talk about the next phase. It’s time to talk about Pluralsight [http://www.pluralsight.com/]. The path to Pluralsight It was 2012 when I...

Sometimes, good ideas take a while to materialise. The penny only dropped on just how long some of them take when I was going back through my Pluralsight notes just the other day and found this: That was March last year and an awful lot of water has gone under the bridge since then. But it seemed like a really good idea at the time and inevitably, it was. I’d find a willing “muse” with a suitable website then go to town on it, critiquing everything that could possibly we wrong with it. This w...