Looking for a career change? Consider web app pentesting

IT jobs aren’t as easy to come by as they were 20 years ago, but web app pentesting is one subset of the field that I don’t see slowing down any time soon. Unfortunately it’s a poorly understood one.

But if you spent any significant time in the 1980s or early 1990s abusing commercial software, especially Commodore and Apple and Atari and Radio Shack software, I’m looking at you. Even if you don’t know it, you’re uniquely qualified to be a web app pentester.

Read more

How to patch less

One of my former supervisors now works for a security vendor. He told me the other day that someone asked him, “Does your company have anything so I don’t have to patch anymore?”

The answer, of course, is that there’s nothing that gets you out of ever having to patch anymore. To some degree you can mitigate, but there’s no longer any such thing as a completely friendly network. The reasoning that you’re behind a firewall doesn’t work anymore. On corporate networks, there’s always something hostile roaming around behind the firewall, and you have to protect against it. If you’re on a home network with just a computer and a router, your computer and router attack each other from time to time. That’s the hostile world we live in right now. Patching is one of the fundamental things you have to do to keep those attacks from being successful.

That said, there are things you can do to patch less. Read more

Farquhar’s security New Year’s resolutions

As I mentioned in passing last week, I had a job interview at the end of the week. There was one question, near the end of the interview, that’s a fairly common question, but I wanted to record my answer to that question because I think it’s important.

The question: What do I see my next role being?

Fair question. I said I didn’t know for sure, but I knew what I have to do to find out. Read more

A programmer writes about writing

I saw this piece by Steve Losh last week, and thought it was some of the best advice about writing I’ve seen in a very long time. Programmers don’t generally like to write, but I find if you tell them how, they can do a good job of it. It’s much easier for a programmer to learn to write than for a writer to learn how to program. Losh does a good job of telling how.

But beyond that, I think it’s a good reading assignment for anyone who writes documentation of a technical nature. I’ve worked with some very good writers and some very bad writers over the course of my education and career, and this would have helped both types. It would have made the good ones better and the bad ones at least marginal. The thing about writing is that if you know the rules and you follow them, it doesn’t take much else on top of that to be good.

So, if you ever get stuck writing documentation–and if you’ve been reading me for many years, I’d say there’s a pretty good chance you do sometimes–give this a read. It will help you get into the mindset you need to be in, and write more effectively. Even if you’re not a programmer. Because, even though he’s a programmer, he uses cars and guitars as his examples. So if you were writing about how to build a bookcase, his instructions would help you.

Is it better to be a consultant or an employee?

I ran into a former supervisor from many years ago at the local Home Depot this evening. We had a pleasant discussion. It reminded me of a question I asked, right around the time he and I last talked. I asked whether it’s better to be a consultant or an employee.

Here’s what I would say to my 2005 self if I could, somehow. I present it here since I know someone else must have the same question.

Read more

Microsoft: No x86 apps for ARM

So, The Register reports that Windows on ARM will not have compatibility with apps compiled for x86. Intel has been saying this for a while, while Microsoft has been mum. So now we know.

There are arguments both for and against having an x86 emulation layer.
Read more

Windows, ARM, emulation, misconceptions and misremembered history

I keep reading stuff about Windows and ARM and, well, I think people just aren’t remembering history.

I’m not saying that Windows 8 on ARM will save the world, or even change it substantially. It probably won’t, since Microsoft tends not to get things right the first time. But will I automatically write off the project? No. It could prove useful for something other than what it was originally intended. That happens a lot.

But I’m more interested in clearing up the misinformation than in trying to predict the future.
Read more

WordPress Appliance - Powered by TurnKey Linux