Devsecurely
@devsecurely
Our sole purpose is to make security concepts accessible for all developers | We taught 320+ developers how to secure their applications.
You need to realize that hackers don't see websites the way others do - a thread Here's what an ordinary person sees when they subscribe to a charity. They only see the user interface and are restricted by it:
Don't give them much to attack in the first place!
In your opinion, which goal is easier to score against? The big one on the left obviously!! The most efficient way to protect your IT infrastructure is to reduce the attack surface. If you don't need to expose a service on the internet, don't expose it.
Restrict the attack surface to reduce the risk of getting hacked !
Don't leave the door to your safe open. You should restrict access to admin interfaces. Yes, even when they require login. You shouldn't give hackers the opportunity to try and guess the correct credentials. Only allow the admin's IP address to access the service
Exactly! Why would you not do it? It's easy, free, and has a lot of advantages.
It's a very bad idea to not have HTTPS. Hackers can: - See what your users do on your website - Steal your users' cookies and passwords - Change the website content and replace it with scams Also, modern browsers will not open your website and will show a big warning instead
This must be one of the rare cases where getting hacked was a good thing 😅
My website got HACKED back in 2011. I lost all my users and all that work was for nothing. I then started to learn everything I can about cybersecurity and became a penetration tester. Now I teach developers about cybersecurity Lets #connect and make internet a safer space!
In soccer, the goal is the surface area defined by the goalposts. The goalkeeper knows exactly what to defend. You should identify all the websites you own that are accessible on the internet. Clearly define the attack surface you need to defend.
I have big respect for people who reverse-engineer binary files. They stare at assembly code and manage to understand what the program is supposed to do. That takes a big level of focus. Kudos!
You can send an HTTP request to the Office365 server with a basic authentication header. You specify the username and the password in the HTTP header “Authorization”. The research started with a simple observation: when performing an HTTP request with an invalid username, the…
Do you see what I'm seeing? There is something horribly wrong with this login API. Please explain to our intern Joe what he did wrong.
The obstacles in front of the success you seek is just the price of entry. If it was easy, everyone would have it. And it wouldn't be special anymore. Work on that project. Learn that framework. Write that content. Enjoy the journey. The destination will come eventually.
The faster you take decisions, the more efficient you become. Having to make a choice takes up memory space. It's an open loop. You need to close the subject to liberate the mental space. Sometimes I face difficult choices, and I hate it. It paralyzes me.
Sometimes I code something that works. But the, I realize there is a better way to do it, so I re-implement the whole thing. Then I do it again, and again. I then force myself to stop thinking about it to move on. Does this happen to anyone else?
Technical writing is the best skill I learned as a pentester. I remember grumbling because I had to write those pentest reports. But that taught me how to articulate my thoughts and share my ideas in a comprehensible way. And I'm grateful for that opportunity.
In case you don't know about it, the service shodan.io scans all the servers on the internet. You can search for your servers' IP addresses and it will show you all the accessible services on it.
I thought it was possible. But, you can't do it all alone. Find friends that have the same ambitions as you. Friends who push you. A partner who understands and supports you. You can go faster in the beginning if you're alone. But other can help you go further.
Securing your application is simple. You can just take action on the posts we publish here, and that would give you a 1% improvement each time. That 1% will compound over time, and your application will become bulletproof after putting in minimum effort.
United States Trends
- 1. #Worlds2025 43.8K posts
- 2. Doran 17.9K posts
- 3. #T1WIN 28.2K posts
- 4. Sam Houston 1,610 posts
- 5. Faker 31.8K posts
- 6. Oregon State 4,729 posts
- 7. Boots 29.3K posts
- 8. Lubin 5,870 posts
- 9. Keria 11K posts
- 10. #T1fighting 3,499 posts
- 11. Option 2 4,229 posts
- 12. #Toonami 2,728 posts
- 13. #GoAvsGo 1,605 posts
- 14. Hyan 1,442 posts
- 15. Frankenstein 126K posts
- 16. Oilers 5,352 posts
- 17. Louisville 14.4K posts
- 18. UCLA 7,806 posts
- 19. Nuss 5,485 posts
- 20. Nikki Glaser 1,006 posts
Something went wrong.
Something went wrong.