I believe too many people take the wrong approach to security, or “hacking”.
Most who seek this ability clamor for answers to questions like, “How can I
hack SQL?” “How can I hack Linux?” “How can I hack web applications?”
There’s a really simple answer. Learn SQL. Learn Linux. Learn to build web
applications. What people call “hacking” actually reduces perfectly into two
simple things:
-
Deep understanding of a technology
-
Making it do something it’s not supposed to do
Once you combine a deep understanding of something with curiosity, all sorts
of ways of abusing said system are presented to you. This requires talent,
skill, and practice — don’t misunderstand — and there are many hardcore
developers who understand their technology extremely well but couldn’t hack
a vegetable cart. Why? — because they lack curiosity and/or the attacker
mindset, so they never get to step 2.
In truth, I’d actually say that developing on, or mastering, a technology is
not only the best method to becoming good at security, it’s actually
the only method. Anything less is a 0 in a world where 1 is the
standard. If you don’t know SQL then you don’t know SQL Injection. If you
don’t know operating systems then you can’t break operating systems. And if
you can’t build a web application then you aren’t really doing WebAppSec.
You can use blunt tools to take chunks out of these subjects (tutorials,
automated scanners, etc.), but to truly be good at breaking something you
must know how it works. Anything less is hamfisting.
Don’t be a hamfister. ::
0 responses on "4 Ways Terrorist Profiling is Like Antivirus"