I am passionate about finding bugs and, since you are reading this, you probably are, too. However, the truth is that on the scale of a huge company, fixing one bug is only one of a thousand steps that you would have to take to be secure. To take bigger steps than one...
Non-technical
Top 10 web hacking techniques of 2023 – the voting is on!
The voting for 2023 Top 10 web hacking techniques has started so go ahead and take a vote. Also, the list of nominated articles is quite a good list of 2023 posts you should read. https://portswigger.net/polls/top-10-web-hacking-techniques-2023
Web AppSec Interview Questions
If you are getting ready for a job interview and you need to prepare yourself for the questions, @0xTib3rius has your back. He published a list of 55 questions on his blog, along with answers. https://tib3rius.com/interview-questions There’s also a repo here with more...
Client-side vs server-side bugs
A very interesting take on client-side vs server-side bugs by Shubs. He said a similar thing in my podcast interview with him which you can listen to here. https://twitter.com/infosec_au/status/1698322940159557987
Public Office Hours by Louis Nyffenegger
Louis Nyffenegger is a founder of PentesterLab. Even though I don’t know him personally, I have big respect for him as a hacker, teacher and as a person. He just decided to offer public office hours where you can chat about careers, learning or even startups. I...
Whose Input Is It Anyways? by Rael Sasiak-Rushby
Rael Sasiak-Rushby presented a talk titled “Whose Input Is It Anyways?” on BSides Leeds. The talk was interesting to me because he focused on the aspect of working with developers and understanding their struggles. It will be especially useful for those of you who...
Applying a growth mindset in bug bounty
One of the main things that differentiate pentesting and bug bounty is the importance of the mindset. What you are looking for is the so-called growth mindset. Without it, you will not succeed in bug bounty for the long term with a healthy mind. Recently, Andrew...
How to choose a security research topic?
Incredibly, James Kettle produces novel web security research every single year. I have a huge respect for him! And I, probably like you, sometimes have thoughts about spending some time off my targets to instead invest some time into developing new techniques. But...
Learning a new challenging concept
Learning a new challenging concept can be daunting, but with the right mindset and approach, you can tackle and master any skill. I’m a learning junkie and in this article, I’ll explore practical steps and strategies that I’ve used over the years to make it easier....
How to Be An Ethical Hacker: 2023 Edition
The Cyber Mentor released a YouTube video “How to Be An Ethical Hacker: 2023 Edition”. He goes over what you should learn to become an ethical hacker from the very basics up to the more advanced stuff. If you are just getting into the industry, that’s a great...