While at NDC in Oslo, Carl and Richard talk to Troy Hunt about all the scary stuff going on in security today. The conversation starts out recapping some discussion on passwords - how do we get past them? Troy also digs into the on-going issues of SQL Injection, still the number one security risk for web sites. You can still use Google to find vulnerable web sites, and there are great free tools out there to find and exploit insecure SQL databases - don't be one of them! The discussion turns to Strict Transport Security, making sure SSL is on all the time for a web site. Still gotta fix the basics, but new capabilities are coming!

Support this podcast at — https://redcircle.com/net-rocks/donations