Passwords, SQL Injection and WiFi Security with Troy Hunt
While at NDC in Oslo, Carl and Richard talk to Troy Hunt about all the scary stuff going on in security today. The conversation starts out recapping some discussion on passwords - how do we get past them? Troy also digs into the on-going issues of SQL Injection, still the number one security risk for web sites. You can still use Google to find vulnerable web sites, and there are great free tools out there to find and exploit insecure SQL databases - don't be one of them! The discussion turns to Strict Transport Security, making sure SSL is on all the time for a web site. Still gotta fix the basics, but new capabilities are coming!
Guests:
Troy Hunt
Troy Hunt is a Pluralsight author, Microsoft Regional Director and MVP and a world-renowned internet security specialist. He spends his time travelling the world speaking and running workshops where he teaches developers how to break into their own systems before helping to piece them back together to be secure against today’s online threats. He’s also the creator of “Have I been pwned?”, the free online service for breach monitoring and notifications. Troy regularly blogs at troyhunt.com from his home on the Gold Coast in Australia.
Links:
- Double Robotics Telepresense Device http://www.doublerobotics.com/
- Troy's Website http://www.troyhunt.com/
- John Oliver's Surveillance Video https://www.youtube.com/watch?v=XEVlyP4_11M
- XKCD Password Comic https://xkcd.com/936/
- OWasp Top 10 Security Risks https://www.owasp.org/index.php/Top_10_2013-Top_10
- XKCD SQL Injection Comic https://xkcd.com/327/
- Troy's SQL Injection Videos http://www.pluralsight.com/courses/ethical-hacking-sql-injection
- SQLMap http://sqlmap.org/
- NetSparker https://www.netsparker.com/web-vulnerability-scanner/
- Strict Transport Security https://www.owasp.org/index.php/HTTP_Strict_Transport_Security
- Freedome https://www.f-secure.com/en_US/web/home_us/freedome