WingNews logo WingNews GitHub [2]

janfry's comments

janfry | 8 years ago | on: Flush times for hackers in booming cyber security job market

Daniel Miessler has a good general guide: https://danielmiessler.com/blog/build-successful-infosec-car... tptacek, who posts often on HN, also has some wise words: https://krebsonsecurity.com/2012/06/how-to-break-into-securi...

There are so many sources of information and learning grounds available now - bug bounties, certifications, war games, online tutorials, blogs, conferences etc.

I would suggest choosing a particular area of interest to begin with and deep-diving on that subject. Look for mentors or perhaps someone to knowledge share / skill exchange with.

You could do pretty well with a base in C#. Through pentest engagements, I've come across quite a few C# apps in my time and even with my limited knowledge of the language, found some interesting vulnerabilities ;)

Edit: Added tptacek link

janfry | 9 years ago | on: Shopify has paid over $300k in security exploit bounties

If you introduce a bug bounty too early, you will be paying out for vulnerabilities that could be caught or prevented in a much more cost effective manner (vulnerability assessments, penetration tests, developer training, appropriate monitoring).

Daniel Miessler has a good breakdown of when to consider various types of security testing: https://danielmiessler.com/blog/when-vulnerability-assessmen...

Sqreen also have a handy basic security checklist: http://cto-security-checklist.sqreen.io Specific to bug bounties they say "You need security aware people inside your development teams to evaluate any reports you receive."

page 1