Learn Python with Talk Python's Python courses

Secure code lessons from Have I Been Pwned

Episode #136, published Thu, Nov 2, 2017, recorded Sat, Oct 28, 2017.

This episode is carbon neutral.
Do run any code that listens on an open port on the internet? This could be a website, a RESTful web service, or (gasp) even a database endpoint.

Troy Hunt, a renowned security expert likes to say that you're doing "free pen. testing for that product right there".

Join Troy and me on this episode of Talk Python To Me. We discuss lessons learned from running the vulnerability monitoring website Have I been pwned? As well as other lessons for developers to keep your code safe while providing public services.

Links from the show

Troy Hunt: troyhunt.com
Troy on Twitter: @troyhunt
Have I been pwned?: haveibeenpwned.com
Disqus Demonstrates How to Do Breach Disclosure Right: troyhunt.com/disqus-demonstrates-how-to-do-data-breach-disclosure-right
Everything you need to know about the WannaCry / Wcry / WannaCrypt ransomware: troyhunt.com/everything-you-need-to-know-about-the-wannacrypt-ransomware
What Would It Look Like If We Put Warnings on IoT Devices Like We Do Cigarette Packets?: troyhunt.com/what-would-it-look-like-if-we-put-warnings-on-iot-devices-like-we-do-cigarette-packets
Careers in security, ethical hacking and advice on where to get started: troyhunt.com/careers-in-security-ethical-hacking-and-advice-on-where-to-get-started

Some of Troy's Courses
What Every Developer Must Know About HTTPS: troyhunt.com/new-pluralsight-course-what-every-developer-must-know-about-https
Web Security and the OWASP Top 10: The Big Picture: troyhunt.com/new-pluralsight-course-web-security-and
Crafting a Brand for Growth and Prosperity: troyhunt.com/new-pluralsight-course-crafting-a-brand-for-growth-and-prosperity
Exploring the Internet of Vulnerabilities: troyhunt.com/new-pluralsight-course-exploring-the-internet-of-vulnerabilities-2
Deconstructing the Hack: troyhunt.com/new-pluralsight-course-deconstructing-the-hack
Getting to grips with cloud computing security: troyhunt.com/getting-to-grips-with-cloud-computing-security-on-pluralsight

Little Bobby Table (SQL Injection Cartoon): xkcd.com/327
Episode transcripts: talkpython.fm

Stay in touch with us
Subscribe on YouTube (for live streams): youtube.com
Follow Talk Python on Twitter: @talkpython
Follow Michael on Twitter: @mkennedy

Want to go deeper? Check out our courses

Troy Hunt
Troy Hunt
Troy Hunt is an Australian Microsoft Regional Director and also a Microsoft Most Valuable Professional for Developer Security. He doesn't work for Microsoft, but they're kind enough to recognize my community contributions by way of their award programs which I've been an awardee of since 2011. He gets to interact with some fantastic people building their best products and then share what he knows about creating secure applications for the web with the broader community.
Episode sponsored by
Ads served ethically
Become a friend of the show
Stay in the know and get a chance to win our contests.
See our privacy statement about email communications.