Is hacking eventually going to be your job (you hope)? Know the job search aggregators.

Social Networking

Everyone here knows I invite contributor articles on several topics, including finding jobs and work. What Vanessa Fardi has to say below is useful on several levels. One, the service she reps is Nuevoo, a job search aggregator that’s pretty big around the world, particularly for non-English speakers, and it’s certainly worth looking at. On …

[ Security for Web Developers ] :: 16: Best Practices

Blue Security Goddess

You should: Change the default user name directly in the database. Put files that contain login credentials outside your webroot. Don’t allow writable directories. (With details….) Don’t allow users to upload anything. Sorry. Avoid toxic data. Patch like mad. Use a security notification plugin like Sucuri (and actually pay attention). Change your username if the …

[ Security for Web Developers ] :: 15: Testing Guides and Aids


By the Book There are lots of methodologies, more or less formal, for testing your web app’s security. OWASP is, of course, a biggie. And don’t forget tools for particular platforms, for instance WordPress. (this is great) Next:

[ Security for Web Developers ] :: 13: Testing With Hydra

THC Hydra

Hydra First, be clear that there is more than one way to password-protect a website or a directory (folder) inside a website. One is to use a database management system to control what everybody sees. Another is to use simple htaccess files to require a password. Regardless, Hydra is an app to brute-force website logins, …

[ Security for Web Developers ] :: 12: Mutillidae


Using Mutillidae Mutillidae is another pre-built vulnerable web app. It’s highly aligned with the OWASP testing organization (which can take you wildly deep into the world of web app testing). You can install it side-by-side with other web apps by simply putting it in a separate sub-folder. (How does mutillidae/ sound for a name?) Assignment: …