Halloween today - no trick or treaters got to me, hurray I keep the chocs! Do you know what? Today I realised that this challenge is actually not happening. Yes this challenge I am doing. By not happening, I mean it is an old challenge (blame the MoT page! it didn’t contain dates!). Anyway, I asked on slack and apparently another round of this challenge will start soon anyway November.
Day 2 is ‘Select and read a book related to security testing.’ Quite a hefty task for one day don’t you think? Digest 500 or so pages after work? No, I can’t do that. But what I can do is find a not-so-hard newbie book to begin with at least. Add that to my list on goodreads and jobs a good ‘un yeah? (not)
Seriously though, I did actually start one called “The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws”. Here is proof I am progressing, 3% read at the time of posting. I read chapter one, it actually surprised me how vulnerable websites can be.
Over about a decade, the web has grown from static looking pages to web apps that are multi-functional. A quick look at a graph and survey says many sites have 70%+ security vulnerabilities (surveys from 2011 and 2007 but still). All hackers now have to do is input unexpected data that the web app was not designed for. And then boom, they’re in. No web app is 100% secure, there are way too many test cases right? I guess I may be more enlightened by the end of this book.