Hacking Your Website with Troy Hunt
Carl and Richard talk to Troy Hunt about hacking yourself - testing your web site's defenses before someone else does! The conversation starts out talking about FireSheep and the need to use SSL everywhere. If you log in, you should be using SSL! Troy runs down a list of the common exploits you should test against, like SQL injection and cookie spoofing. There's also a discussion around cross-site scripting and X-Frame-Options. There are some simple things that script kiddies can do to exploit your site - you should do them first, and then defend yourself!
Troy Hunt is a Pluralsight author, Microsoft Regional Director and MVP and a world-renowned internet security specialist. He spends his time travelling the world speaking and running workshops where he teaches developers how to break into their own systems before helping to piece them back together to be secure against today’s online threats. He’s also the creator of “Have I been pwned?”, the free online service for breach monitoring and notifications. Troy regularly blogs at troyhunt.com from his home on the Gold Coast in Australia.