(2019-03-23) web and application security, bug hunting, disclosures
[00:15:43] Everyone makes mistakes. Software has bugs. There's no software out there that is totally bug free
The most famous infosec podcast on this side of Milan had a pleasure of having Sean Wright, 1/4th of (fluid) lineup of The Beer Farmes, as a guest on this fine March evening; a short but very conscise episode where we heard about:
- Sean's path to the industry,
- tools of daily use,
- disclosures: public, responsible,
- Rant of the Episode: putting stuff on the open Internet.
Check out Sean's blog as well!
Some interesting excerpts:
- [00:02:19] We spent a lot of time trying to find vulnerabilities in that. Let's just say we've found some that allowed us to get admin access to some of the computers and we had great fun,
- [00:05:37] I'd say, start with the basics and learn things like the OWASP Top 10. Get familiar with things like XXS, SQL injection. There's certainly a lot of courses, especially universities that don't introduce developers to those concepts. That's kind of why we have this whole problem that we have today in some aspects,
- [00:15:43] Everyone makes mistakes. Software has bugs. There's no software out there that is totally bug free. So it doesn't mean they're doing a bad job or anything. Companies need to take that on board and realize when they get these security vulnerabilities brought to them, it's not a criticism of them.