(2019-01-03): wordpress, ethical hacking, commercializing
[00:18:38] There's plenty of companies out there looking for skilled testers; it's just making them aware you exist
On the first episode of 2019, we have Ryan Dewhurst aka @ethicalhack3r, founder of Dewhurst Security; the wpscan tool;
and DVWA (Damn Vulnerable Web App), to talk about WordPress security and the story behind his projects:
- Hobby -> Professional Security Testing;
- Background of DVWA and wpscan;
- Challenges of commercializing wpscan;
- Security of WordPress;
- Full disclosure vs responsible disclosure;
- Tips for starting out;
and many questions from the audience.
- [00:26:18] - When I started university in 2008, I didn't even know another person who did computer security, ethical hacking, and nowadays it seems like everybody is doing it nowadays, so it's definitely come a lot commercial;
- [00:58:41] - It's nice to receive a bounty; I think it's right that they should, but don't think it's a right. It's more of a privilege than a right;
- [01:02:37] - My first project, DVWA, I was creating something to help me to learn, because we may find that useful, and I think when you're a beginner or when you're just learning, I think that's a great thing to do;
- [01:13:47] - As long as you're passionate about what you're doing, you're thinking outside the box, and you're doing more than what's asked of you, I think people will pick up on that.
Links worth checking out:
- https://github.com/wpscanteam/wpscan: WPScan main repository;
- https://github.com/ethicalhack3r/DVWA: Damn Vulnerable Web App (DVWA);
- https://wpvulndb.com/: WPScan Vulnerability Database;
- https://www.bsidesbdx.org/: BSides Bordeaux;
- https://www.owasp.org/index.php/OWASP_Chapter: OWASP chapters list.