Likewise, my story about how I got into and out of security: it really just takes basic programming knowledge, understanding reverse engineering concept, and constantly testing shit.
When I got kicked out of college for my hack (rm https://news.ycombinator.com/item?id=5090007) all I did was spam URLs with different IDs and test if they returned 200 or 404.. and bam press coverage + job offers. Sometimes the simplest of stuff can lead to nirvana.
I'm no longer in security since it was getting very addicted (I would start testing every website I'd visit for vulbs)..and I had to change and decided to jump into the startup world.
> ... I had to change and decided to jump into the startup world.
You don't have to choose one of them. I was in a similar position about 6 years ago, software + security background and passion for startups which led me to start my own company (https://www.netsparker.com/), we're building a tool to automate web app security and advancing the automated scanning in web apps, it's really fun stuff if you are into security.
Security industry is great for startups and new comers, another option is obviously working for a security startup, there are tons of them.
Just goes to show his honesty :-)
"One is not to trust my teachings implicitly but to test them oneself and evaluate their effects." — Buddha (thus making Buddhism perhaps the only "religion" not plagued by faith and dogma, and kind of disseminating the scientific method)
Neat article, interesting that suggestions for sane defaults in rails were more-or-less ignored until the problem was demonstrated to easily impact a wide user-base.
That was the source of lolz at the time it happened. If anything, the article demonstrates how little you need to know to break things. In a way, it's a miracle anything works around here.
[+] [-] hamhamed|10 years ago|reply
When I got kicked out of college for my hack (rm https://news.ycombinator.com/item?id=5090007) all I did was spam URLs with different IDs and test if they returned 200 or 404.. and bam press coverage + job offers. Sometimes the simplest of stuff can lead to nirvana.
I'm no longer in security since it was getting very addicted (I would start testing every website I'd visit for vulbs)..and I had to change and decided to jump into the startup world.
[+] [-] fmavituna|10 years ago|reply
You don't have to choose one of them. I was in a similar position about 6 years ago, software + security background and passion for startups which led me to start my own company (https://www.netsparker.com/), we're building a tool to automate web app security and advancing the automated scanning in web apps, it's really fun stuff if you are into security.
Security industry is great for startups and new comers, another option is obviously working for a security startup, there are tons of them.
[+] [-] jacquesm|10 years ago|reply
That's a pretty bad idea if you don't have permission from the owners of the site.
[+] [-] kriro|10 years ago|reply
"""The text above is preface to a little security book I write for newbie hackers and web developers."""
I chuckled.
[+] [-] tbastos|10 years ago|reply
[+] [-] daguava|10 years ago|reply
[+] [-] jldugger|10 years ago|reply
[+] [-] venomsnake|10 years ago|reply
"A problem is only a problem when it materializes" - that is the way some people think.
[+] [-] dkhar|10 years ago|reply
(This isn't the exact link I remember seeing, but https://news.ycombinator.com/item?id=3666564 )
[+] [-] hackaflocka|10 years ago|reply
I'm planning to become a solo, freelance, contract worker in IT security.
I have no certs. (I do have a PhD. in a computer related field, though.)
So, how do I convince organizations to hire me in this cert obsessed world?
[+] [-] unknown|10 years ago|reply
[deleted]
[+] [-] ballsohardy|10 years ago|reply
[deleted]