Tutorial

Writing a Book with Unix

Introduction Last year I published my first book with a publisher, Hands on Bug Hunting For Penetration Testers. Going in, I was determined to set up a workflow that would allow me to: 1) Keep a backup of the book. 2) Allow me to easily track my writing progress. 3) Work on the book offline. 4) Keep my own copy of the book. What set of tools could possibly control the versioning, backup, access control, and portability of plain text?
Read more

Red Flags in Software Developer Job Descriptions

For some reason I’ve been reading a lot of job descriptions for junior devs lately and that has naturally left me with an inordinate number of opinions. I have, with great effort, condensed them here for you, dear reader. The following aren’t pulled from any specific listings because these types of awfulness transcend the individual - and because that would be dickish. But their spirit should ring true to anyone in the trenches of the job search process.
Read more

Automated Scanning with Arachni

Scanners have a tricky reputation. Their point-and-click simplicity and utility as automated reconnassiance tools means they get love from script kiddies and professionals alike. They also have compelling use cases for flushing out certain vulnerabilities, like XSS, where there may be too many input vectors or payload varities to feasibly go through the application by hand. The problem is a lot of the most popular scanners, like Burp Suite and Websecurify, rely on a GUI for their targeting information and follow a similar pattern:
Read more

Five Tips for Junior Developers-To-Be

Landing your first “Software Developer” or “Web Developer” position is a big get. More than a designer-who-programs or a writer-who-markups, taking on a role where your principal responsibility is coding is a big step in any technology career. You could be thinking about a career transition or graduating a bootcamp or computer science program - this article has five tips, some less earth-shattering than others, that nevertheless will help you on your search.
Read more

Building a Python 3.6 Seed App with Docker, Tox, and Pylint

Seed apps are great. They can be the test-bed for new devops features, mini onboarding exercises, or just “batteries-included” starter kits for greenfield applications. Especially in the web application (and Python) world, almost everything comes with extra considerations - testing, linting, containerization - wouldn’t it be great if we could make a Python seed that came with all of that baked in? What a beautiful, productive world that would be (skip straight to the github repo to go there now).
Read more

Pentest Proving Grounds

One of the most helpful tools in learning the fundamentals of penetration testing is the ability to test your analysis against deliberately-vulnerable applications - sites and/or apps with consciously introduced flaws, catalogued for easy reference. Beyond a great introductory exercise, testing against deliberately vulnerable apps can also be a great way to calibrate new scanners or automated reconnaisance methods. And in addition to the actual vulnerable endpoints within the applications themselves, many of them also feature their own guided tutorials explaining how to detect - and often mitigate - the vulnerabilities they contain.
Read more

A Brief Illustration of Functional Programming

Functional Programming is a powerful programming paradigm that tries to reduce bugs and make it easier to reason about an application by avoiding state changes and the mutation of global values, generally. In software coded using functional programming patterns, all functions can be understood by the arguments passed to them as parameters. There is no reliance on the instance variables of the class (like in Object-Oriented Programming (OOP) patterns) or some other state-dependent variable modified through assignment in runtime by the source code (like in Imperative Programming).
Read more

1-Minute Markdown

What’s Markdown? Markdown is punctuation for the web. It enables authors to easily write documents that feature common online staples like links, images, as well as italicized, bold, and other types of rich text, using a simple, lightweight set of symbols that can easily be converted to HTML, doc, pdf, or rtf files. Since markdown files are just plain text, they’re an ultra-portable way to write web-compatible content without the mess of a WYSWIG editor or proprietary file types.
Read more

An Event Loop Allegory

Two jugglers walked around a small track, practicing their craft. The first one, Sync, wasn’t really what you’d call a juggler, so much as an apprentice juggler or (less charitably) a juggler-wannabe - a straight up ball tossin’ poseur. Sync could only keep one ball in the air at a time. In fact, he only owned one ball. As he traced the circle of the track with his steps, his bouncy red ball would draw a series of parabolas in the air, tracing a gentle up-and-down curve following his path.
Read more