:::: MENU ::::
Posts tagged with: security

YubiKey – How Does It Work?

Have you ever wondered just how a USB security works? Yeah, I did too for the longest time. I just couldn’t get my head around why it was more secure, more convenient, or just better than other multifactor authentication options. So, Yubico sent me two YubiKeys to test out, and I made a video out of it, which is below.

TL;DR: USB security keys are harder to compromise than authenticator tokens (in an app), and easier to use as you just touch them when inserted. Anyway, find out more in the video 😊


Using Modern Web Security Patterns

This notion of “being secure on the web” is a statement that has many nuances and flavours. When a client of mine or learner through Pluralsight asks about web security and what they should do, it is never a black and white answer. It is always “it depends”, because it really does. Finding a way to implement the security measures that make sense for a particular product or project is never that simple.

However, there are a bunch of things you can do to move your website towards that “more secure” end of the security spectrum. These modern patterns include

  • Subresource integrity (SRI) checking
  • Content security policies (CSP) and exceptions
  • CSP reporting
  • Cross site scripting auditing (XSS)
  • Certificate authority authentication (CAA)
  • Http Strict Transport Security (HSTS)

That is a lot of acronyms in an industry that don’t need any more (really, we don’t). These tools and techniques are crucial in being on top of your web security, which is why my good mate Troy Hunt and myself sat down in February 2018 and recorded a new Pluralsight course.

This course is exceptionally relevant if you are developing any kind of web project, whether fresh or legacy. Most of the elements in this course can be used on any web project and retrofitted with little investment and great benefit. And it is only 1.5 hours, so perfect for your commute.

The course is live now.


Pluralsight Course – Emerging Threats in IoT

The fact is that more and more things are being connected to the Internet. We have the obvious things like TVs, game consoles, cars and smartphones. But have you considered your hair brush, your dog feeder or even your special items for the bedroom? Yes, we are making everything connected and with this comes a lot of questions about privacy, safety and not least security. How do you update your light bulbs, and do you know if your dishwasher is also a web server? These are real questions in the world that we are creating.

In this fourth play by play course with my good mate Troy Hunt, we dive into what devices are making this world so difficult and what the real problems are with these. We look at precedents for where it all went wrong and what happened. We discuss the worst examples that Troy has come across in recent years and how the incidents impacted the industry.

Of course, we also discuss solutions to securing your IoT devices, both as a consumer and as a developer. Developers need to take ownership of all the vulnerabilities that are constantly exposed, fix them, and then document the solutions for the entire industry to learn from.

Join us for this very relevant, entertaining and very educational course on Pluralsight. See you there.

Watch the course trailer here


Getting the Troy Hunt Treatment – New Pluralsight Course

About a month ago I was in Salt Lake City for the annual Pluralsight Authors’ Summit. It was a weekend of incredible learnings regarding authoring and publishing, invaluable networking with fellow authors and of course having some fun in the snow as well.

I haven’t authored a course for some months and that is due to cloning myself, moving house, changing jobs and many other things happening, but when Pluralsight asked if Troy Hunt and I wanted to do a Play By Play course on website security I jumped on it. So while we were in Salt Lake City, we sat down for a couple of hours to record a live session with Troy casting his hacker eyes on a product called Sugar Learning built by SSW, the company I work for.

The course will show some of the most common areas of website security that you can relatively easily fix yourself by following the steps and using the tools we show you. A small sample can be seen below, and you watch the whole thing right now on Pluralsight.