Spoke at CPE session, ISACA Muscat Chapter
What is a web application firewall, how does it work, how to audit it, how to assess risks around a web application firewall.
Risky Context, W4
Write-ups on the GitHub supply chain attack, ByBit cryptocurrency heist, and a curious case of 'Shadow AI'. A list of useful posts, along with some tools to help pentesters, auditors, and risk assessors.
There is value in becoming a fully-integrated tester…
...pentester should strive to move from 'vulnerability' to 'risk'.
There will be customers who wouldn’t want you to become domain admin…
…While becoming domain admin is an admirable milestone, not every customer would want you to become domain admin. Here’s why.
Business will expect you to support them in non-pentesting activities...
...supporting business will help you learn the big picture and will make you better. Don't skip it, when asked.
Third in the 'things no pentest course will teach you' series, this post talks about activities that a pentester can support a business into, and how a pentester will benefit out of them.
To business, pen-testers are like jumbo-jets...
...profitable only when on-air, expensive when in hanger.
Second in the 'things no pentest course will teach you' series, this post talks about how business looks at pentesters, and what a pentester needs to keep in mind during their career.
Not every customer wants you to become domain admin...
...and other truths that no pen-testing course will teach you.
Penetration testing (and security assessments in general) has evolved a lot in the last decade or so. This series of posts is about the other side of the fence.
You are one cog in the wheel...
Pen-tester is a very important role in a pen-testing business. However, there are other people and skills required before the business takes off and money starts rolling in. Read on to know more...
Ask for this first, when you join as a CISO
As a CISO, ensure that you ask for this thing, as soon as you join an organisation. This will increase your chances of securing the organisation.
6 elements that every penetration test report must have
Customer pays for the report, not for pentest. Here are the 6 important items that must be present in every penetration test report. Have a read.
On cocktail JDs in infosec and why they will keep coming...
How is having 5 years of experience as C++ developer relevant for a CISO role?
This is the age of cocktail JDs. I think they will keep coming for some time. Read to know why.
Don't focus on admin certs when you want to become a Pentester. However...
focussing on administrative certifications while aiming to be a pentester - could be a waste of time.
I try to explain 'why' and 'what to do instead' in this post.