Do some people have the magical skill to find vulnerabilities with ease while others don’t! Of course not! I disagree with the whole tendency to believe that technical understandings is all that is needed to find vulnerabilities.
It is mostly persistence that plays a role. Most of the researchers I know have almost zero knowledge on the subjects they dive into. [...]
It’s been a long day. I am happy to inform you that the House of Hackers community has reached remarkable 80 members since its opening 10 hours ago. It even got some exposure on Dark Reading (
Hackers in the House), thanks to Kelly Higgins.
The reason I am bringing all this to your attention is because of HD Moore’s comment regarding the House of Hackers initiative:
I think that this comes down again to the public perception of the image of hackers. [...]
One of the fundamental rules, which you wont read about in any security book and you can learn only through experience is that everything is in symbiosis. This means that the security models of the individual components in a system are co-dependent. For example, the security of a server is dependent on the security of the individual clients connected to it and the the security of the clients depend on the security of the servers they are interacting with. [...]
I think that I should speak up how I feel about automated security tests. I don’t think that this post will bring much value to you but at least you will be able to see what it feels like from the field. I will try to keep my thoughts short and clean and emphasize on the main points without going too much out of scope. I think that this topic has been already widely discussed so there is no need to waste more time on it. Everyone should make up their own mind. [...]
test your web apps with websecurify application security testing runtime