Security Panel from NDC
Time to get scared times three! While at NDC Oslo, Carl and Richard hosted a security panel of Troy Hunt, Niall Merrigan and Stephen Haunts in front of a live NDC audience. The conversation starts where most security conversation start - on passwords. Yes, passwords suck. The challenge is making them suck less. Beyond passwords, what aspects of application security are the responsibility of the developer, and what are more the focus of operations? Check out the links below for a number of tools you can add to your build process to evaluate the security of your web applications every time you check in code!
Guests:
Troy Hunt
Troy Hunt is a Pluralsight author, Microsoft Regional Director and MVP and a world-renowned internet security specialist. He spends his time travelling the world speaking and running workshops where he teaches developers how to break into their own systems before helping to piece them back together to be secure against today’s online threats. He’s also the creator of “Have I been pwned?”, the free online service for breach monitoring and notifications. Troy regularly blogs at troyhunt.com from his home on the Gold Coast in Australia.
Niall Merrigan
Niall Merrigan is an Irish guy who managed to end up in Norway after finding out the country existed when he was in New Zealand. He works for Capgemini in Stavanger, Norway, as the head of custom software development and has been a Microsoft ASP.NET MVP since 2010. He is also involved in the Friends of Redgate program and is a general rugby nut (which means he shouts a lot). Niall has a passion for web technologies, security, and whiskey, which can lead to some interesting discussions.
Stephen Haunts
Stephen Haunts is an experienced Software Developer and Leader who has worked across multiple business domains including Computer Games, Finance, and Healthcare Retail and Distribution.
Stephen has worked in languages ranging from Assembler, various forms of BASIC, to C and C++, and then finding his love of C# and .NET. Stephen also runs a Software Development and Leadership blog called {Coding in the Trenches} which can be read at stephenhaunts.com.
Stephen also runs a small music label and sound design company where he sculpts sounds from bizarre sound sources like circuit bend speak and spells and Furbies. The site is hauntedhouserecords.co.uk.
As well as blogging, and running software teams for large companies, Stephen is also an author with Pluralsight and a book author for Syncfusion. Stephen also runs some open source projects on CodePlex including SafePad - an encrypted text editor, Text Shredder - an encrypted messaging tool, and Smoke Tester - a post deployment verification testing framework.
Links:
- Spying on Live Video http://www.defenseone.com/technology/2016/06/new-us-spy-software-could-soon-spot-your-suspicious-behavior-live-video/128852/
- Have I Been Pwned? https://haveibeenpwned.com/
- OWASP Zed Project https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
- Nikto http://sectools.org/tool/nikto/
- Tinfoil Security https://www.tinfoilsecurity.com/