This advice covers 80% of what I learned in half a decade as a pentester. Use it to your advantage (or don’t, that’s up to you).
All Post by Stijn
Small and medium companies often have trouble to formulate what they expect from their employees with regards to security. On the one hand, they often realise it’s important as information security is often in the news nowadays. On the other hand, hiring expensive consultants is often overkill for these companies, as are the rigid security rules these consultants often like to introduce. Being small and nimble is one of the main advantages of SME’s, so what’s needed is a pragmatic approach.
Below are the 5 mindsets the authors introduce to use to design your life. They struck a chord with me, so I put them here to ensure I would read them often.
The ability to write things down is something very human, it’s one of the things that separates us from animals. Writing forces you to structure your thinking and approach a subject from different angles. It is also one of the ways in which humans can scale: when you document an approach, you allow others to follow your approach and apply it for themselves.
If you ever run into an issue that looks related to unicode/utf (you get characters such as “\00eb”), check if it’s installed on your system.
Damn Vulnerable Web Application (DVWA) is a great tool to get started with web application pentesting. It lets you experiment with the basics and it doesn’t require you to install additional tools. In this post, we’ll explain how to install and configure it.
Start with web application pentesting
On December 20th 1976, Ingvar Kamprad (the legendary owner of IKEA) wrote a ‘testament’ outlining his views on business and life. I’m baffled to discover how much insight he already gave away in 1976. The 16-page document contains at least as much wisdom as the last 5 business books I read. I found analogies with the lean startup method, toyota production, writings of Paul Graham and general life advice. What a wonderful document, no wonder Ingvar was so successful!
Lately, I’ve been fascinated by the DevOps movement. This relatively new movement has a number of concepts at its core that us security folks could (ab)use. ‘Automated testing’, ‘infrastructure-as-code’ and ‘continuous integration or delivery’ help teams rapidly introduce new functionality by quickly detecting bugs and providing a clearly defined, automated and scalable infrastructure environment.
My vim cheatsheet (an ongoing effort)…
I recently completed my first paid freelance project. Here are some things I wish I had known when I started:
Recently, I was watching this talk by Avi Bryant where he talks about using algebra in programming. The talk is geared towards distributed systems, but I think the concepts are applicable in general. Certainly when I realised that my earlier trouble also concerned monoids.. So, what’s to gain from understanding this algebra? At least improved code reusability and parallelism. And an opportunity to satisfy your curiosity!
Key insights of the book
TL;DR I tried to implement something in Haskell but had some trouble. I then went to hang out at the Haskell irc channel and they directed me towards a better implementation, making me a little bit smarter.
I’m trying to learn Haskell. This post details some of the steps I’m going through.
Key insights from the book