Pluralsight

A 59-post collection

Hacking web servers with Pluralsight (and finding vulns in big moving things)

I did a security workshop in a faraway land recently. I’ll not say which one because I want to ensure there’s an appropriate level of anonymity for this story as it could be rather inconvenient for the subject of it otherwise. Anyway, I do my usual thing of showing attendees how to hack their own things. We do SQL injection and XSS and a whole bunch of other really hands on stuff targeted at developers. The niche I find myself filling these days is security content that talks to folks who actually build stuff and don’t live in security land where everything is, well, a little bit different. By no means do I mean...

New Pluralsight course: Ethically Hacking Web Applications (and why we keep getting hacked)

So the Ethical Hacking series marches on, this time with my third course in the series, Ethical Hacking: Hacking Web Applications. As a quick recap of why we’re doing this series, Ethical Hacking material remains the number one requested content on Pluralsight’s course suggestion list. It’s more in demand than all the new shiny Microsoft .NET bits or fancy cloud services and even more popular than JavaScript libraries! Why is it so popular? Just take a look at some of the events of last week. The big one over in the UK was TalkTalk suffering a rather nasty data breach. I found this particularly interesting because prior experience only last month had shown they...

Introducing you to browser security headers on Pluralsight

I’ve been doing this fantastic demo about browser security headers in a lot of my recent talks and workshops. It’s always a lot of fun and it’s very interactive – you can try this out for yourself right now – and it works like this: So cross site scripting (XSS) is still a big thing. Yes it’s been around for ages and yes we should be on top of it by now, but here we are. Anyway, I was at the AppSecEU conference in the Netherlands a few months ago and a local guy called Breno de Winter did a fantastic talk in which he illustrated the prevalence of XSS by showing...

Learn ethical hacking and session hijacking on Pluralsight

A couple of months ago I wrote about how fellow author Dale Meredith and myself are building out an ethical hacking series on Pluralsight and in that post I launched the first course I had written for the series on SQL injection. You can read about the ethical hacking series in that blog post and what my approach to covering the CEH syllabus has been (hint: I have my own take on it), but what I will again point out here is that this material remains by far and away the most requested content in the entire Pluralsight catalogue of course suggestions: The viewership of the ethical hacking series has absolutely exploded! All the courses we’ve created so...

Get my new Pluralsight course on CloudFlare for free!

You know how you like free stuff? And cloud? And security? Of course you do – what’s not to like?! Well because Pluralsight and CloudFlare love it, we’re making my latest course available to everyone 100% for free for the next week. This is a great course for anyone who wants a very slick way of quickly adding SSL and raft of other security features to their site with a bare minimum of effort. CloudFlare’s service gets you up and running in literally minutes and the bits I cover in this course are 100% free. That’s the CloudFlare service that’s free and the course that’s free so there&...

Free recorded webinar on Pluralsight: Why SQL Injection Remains the #1 Web Security Risk Today

A couple of weeks ago I did a free webinar on Pluralsight titled Why SQL Injection Remains the #1 Web Security Risk Today (and what you should know about it). This is a rather self-explanatory title and it’s completely true – SQL injection remains a big thing and we keep getting it wrong. Like an example? Only 8 months ago, Drupal had a major vulnerability in their product. If you’re not already familiar with Drupal, it allegedly powers 2.1% of the world’s websites… including WhiteHouse.gov. But here’s the really scary bit from their announcement: You should proceed under the assumption that every Drupal 7 website was compromised unless updated...

Get started with CloudFlare security on Pluralsight

You may not realise this, but you use CloudFlare. You probably use it every day and you do so without even realising it. You reap numerous benefits from it as well but they’re seamless – it just makes your browsing experience better. By better I mean faster and most importantly in the context of this blog post and my latest Pluralsight course, more secure. Unless you’re an attacker in which case this may happen: You may have actually seen CloudFlare now and again without actually quite realising what it was. For example, you may have seen this: This is CloudFlare challenging me because I’ve loaded a site they protect with the Tor browser and...

It’s ethical hacking with SQL injection on Pluralsight!

I’ve long been a proponent of “hacking yourself first”, that is the idea of building up some offensive skills such that you can actually take a good shot at ethically breaking apps for the betterment of society. Whether they’re you’re own apps that you’ve built or ones you’re testing part of a dev team doesn’t really matter, it’s the same skills and the same end result – you find bad stuff before bad people do. What I can now share with everyone is that over the last few months, I’ve been working hard with the folks at Pluralsight and another fellow author...

</pfizer><pluralsight>

So the dust has finally settled. A month ago I wrote about </pfizer> which marked my departure from the corporate world after spending the last 14 years building and managing their software things across a good whack of the world. With that chapter now formally closed, it’s time to talk about the next phase. It’s time to talk about Pluralsight. The path to Pluralsight It was 2012 when I made the decision to become a Pluralsight Author. I’d been writing and speaking a lot about security in general and the OWASP Top 10 specifically in which I’d invested massive amounts of time writing the series on this blog. It took...

Join me on a website security review with Lars and Pluralsight!

Sometimes, good ideas take a while to materialise. The penny only dropped on just how long some of them take when I was going back through my Pluralsight notes just the other day and found this: That was March last year and an awful lot of water has gone under the bridge since then. But it seemed like a really good idea at the time and inevitably, it was. I’d find a willing “muse” with a suitable website then go to town on it, critiquing everything that could possibly we wrong with it. This would be a “Play by Play” course where we sit together and the whole thing is recorded by video. It&...