Brought to you by Rollbar - Detect, diagnose, defeat errors w/ pip install rollbar

Episode #136: Secure code lessons from Have I Been Pwned

Published Thurs, Nov 2, 2017, recorded Sat, Oct 28, 2017.


Do run any code that listens on an open port on the internet? This could be a website, a RESTful web service, or (gasp) even a database endpoint.

Troy Hunt, a renowned security expert likes to say that you're doing "free pen. testing for that product right there".

Join Troy and me on this episode of Talk Python To Me. We discuss lessons learned from running the vulnerability monitoring website Have I been pwned? As well as other lessons for developers to keep your code safe while providing public services.

Links from the show:

Troy Hunt: troyhunt.com
Troy on Twitter: @troyhunt
Have I been pwned?: haveibeenpwned.com
Disqus Demonstrates How to Do Breach Disclosure Right: troyhunt.com/disqus-demonstrates-how-to-do-data-breach-disclosure-right
Everything you need to know about the WannaCry / Wcry / WannaCrypt ransomware: troyhunt.com/everything-you-need-to-know-about-the-wannacrypt-ransomware
What Would It Look Like If We Put Warnings on IoT Devices Like We Do Cigarette Packets?: troyhunt.com/what-would-it-look-like-if-we-put-warnings-on-iot-devices-like-we-do-cigarette-packets
Careers in security, ethical hacking and advice on where to get started: troyhunt.com/careers-in-security-ethical-hacking-and-advice-on-where-to-get-started

Some of Troy's Courses
What Every Developer Must Know About HTTPS: troyhunt.com/new-pluralsight-course-what-every-developer-must-know-about-https
Web Security and the OWASP Top 10: The Big Picture: troyhunt.com/new-pluralsight-course-web-security-and
Crafting a Brand for Growth and Prosperity: troyhunt.com/new-pluralsight-course-crafting-a-brand-for-growth-and-prosperity
Exploring the Internet of Vulnerabilities: troyhunt.com/new-pluralsight-course-exploring-the-internet-of-vulnerabilities-2
Deconstructing the Hack: troyhunt.com/new-pluralsight-course-deconstructing-the-hack
Getting to grips with cloud computing security: troyhunt.com/getting-to-grips-with-cloud-computing-security-on-pluralsight

Little Bobby Table (SQL Injection Cartoon): xkcd.com/327

Troy Hunt
Troy Hunt
Troy Hunt is an Australian Microsoft Regional Director and also a Microsoft Most Valuable Professional for Developer Security. He doesn't work for Microsoft, but they're kind enough to recognize my community contributions by way of their award programs which I've been an awardee of since 2011. He gets to interact with some fantastic people building their best products and then share what he knows about creating secure applications for the web with the broader community.


Individuals: Support this podcast via Patreon or one-time via Square Cash or . Corporate sponsorship opportunities available here.
X
Become a friend of the show
Stay in the know and get a chance to win our contests.
See our privacy statement about email communications.