can i pick someones brain for a bit need some advise
Posted by Sweaty_Kiwi5077@reddit | learnprogramming | View on Reddit | 17 comments
ok im not new to this but still lots to learn and starting to feel very behinde the race i been self taught do reading and try most testing on my self or when clients bring me work im like the hood doctor of pcs i guess and lately i get more and more questions about http and https xss and so forth and got some question for anone who has some time to answer some quick questions regarding webpages and developmnt issues
dswpro@reddit
I'm confused. Are you being asked to remove vulnerabilities detected in a site someone else created or remove vulnerabilities detected in something you created? Or make sure no vulnerabilities exist in something before you publish it onto the internet or something else?
Sweaty_Kiwi5077@reddit (OP)
sorry had gotten busy so im actually trying to set up a web page and a client wants me to test for vulnerabilties but i told him ill look into shouldnt be a problem holy hell was i wrong its nothing like using grub or sneaky tricks to fire up windows and mac issues i watch videos and read tut but cant seem to figure it out like as to wht tools to use online stuff is really interesting but complex till u get firm grasp
dswpro@reddit
There are a number of tools out there. A Veracode scan is a good start, but it does not cover all potential vulnerabilities. Veracode is a SAST tool in that it scans your source code. Your client should also consider a DAST scan which proves the running application, often in a QA environment.
If this is a late requirement .. "oh by the way make sure your code has no security vulnerabilities..." That's a pretty casual approach to security. There are also a number of open source tools out there. I don't use them so cannot comment on their effectiveness.
If you are setting up a static HTML page without any forms for user input, you should not have too much to worry about. If, however, you are setting up a commerce site, or anything that takes user input , saves it to a database and spits out reports or content based on that input there are lots of potential vulnerabilities you are opening your application up to and you must take care so you don't get picked apart by hackers.
Good resources are not always free and your client should pay for security scanning and tool licensing.
PlanetMeatball0@reddit
Why would you waste time posting nothing when you could have just posted your question
Sweaty_Kiwi5077@reddit (OP)
what you mean nd cuz its complicated and if some one serious bout helping they dm like u did but its regarding xss and sql nd soome other things of that naturer
DamionDreggs@reddit
I was so ready to help, but now I'm exiting the post and I'll never see you again. Goodbye, I hope you find the person you need to find.
Sweaty_Kiwi5077@reddit (OP)
sorry i was busy trying to figure out this dam problem thats goin on i will always respond to anything i post wouldnt waste anyone time this webpage stuff through me for a loop
dmazzoni@reddit
Sure, happy to help!
This is a public forum, though, so don’t ask to ask - just ask your question. You’ll get answers pretty quickly from a variety of people.
We don’t provide one on one private help, unless you want to pay.
Sweaty_Kiwi5077@reddit (OP)
but so more and more people clients what ever bring me problems regarding webpages i know how to write the code and reading it is whats getting me like how do isay it when they say find vulnerab for example my thought process is ok do i have physcal access to server no ok how do i gain this recon i guess wht they call it now days and usually use nmap to pent test then tshark to gett better idea of whats goin on but is even the rite direction or is it depending on the circumstances im doing my best to explain or is it better if i go to actual site nd view dev tools nd read how the page is writtend headers b etc
maujood@reddit
It sounds like you have clients that want you to find vulnerabilities in their websites?
It takes a lot of experience to be the person that can find vulnerabilities in a website. If they were easy to find, the person who built the site wouldn't have left the vulnerabilities in them. Nobody can give you a quick answer on how to find vulnerabilities on reddit because finding vulnerabilities is a major part of the vast field known as cyber security, and it takes years of study to become a cyber security professional.
It also sounds like you are a beginner, and you are hungry to learn which is great. If you're interested in cyber security, I would say you should pick up a course or concrete learning path to get started with it.
I would also highly recommend taking some classes, courses or whatever on writing and communication because honestly it is very hard to understand what you are asking for. I took classes to improve my writing and communication and they helped me a lot. Software professionals talk with people more than they talk to computers so communication skills are very important.
Sweaty_Kiwi5077@reddit (OP)
i understand and honestly they way im typing is far from how i actually tlk or communicate think i got bad spelling yes but also writer block and yea im starting to see this cuz its nothing like c+ or standard os systems any classes or anything that stands out that you can think of that helped you along the way nd i jumpd into forums on the dark side will call it cuz it seems like they the only ones who willing to talk and let me jump in on things sadly and even then its mostly nonsense nd i find my self shown them things i just want to learn hands on stuff or im a visual person i guess so hydra is it any good im sure it out dated ad newer programs are out let me know
Sheezyoh@reddit
So what is the programming question? Also adding punctuation helps a lot in trying to understand your questions.
Sweaty_Kiwi5077@reddit (OP)
brother i wish i could explain better and ill keep the punctuation in mind also helps with writting code. like what are your steps where do i look for errors how can i get a btter understanding of the functions and what im looking at in web dev tools when hunting for bugs or things of that nature i know windows id look in the directories or hashed for pws and most of all where can i practice more of this types of things other then on my self fun but boring and still really didnt learn nothing
mnelemos@reddit
You want to know more about web vulnerability/bug discovery, is that it?
Web dev tools are tools for, well, web developers. They give a pretty decent amount of logging, but it's still quite abstracted. They're mainly meant to assist a web developer to create a smooth & fast website.
It usually does the following:
- It logs rendering times
- It logs network usage (http only)
- It logs storage usage (browser cache)
- It gives a direct interface to the running js interpreter environment (allows you to debug the running javascript + dom elements).
- And many other things...
The story is pretty simple, do you know a resource being fetched but not properly being displayed? Well check the renderer. Is the resource not being fetched at all? Well, check the javascript. Why is the value returning from cache invalid? Check the value inside the cache, and so on...
Vulnerabilities are a WHOLE other thing. Because they mainly exist because of one thing "compatibility". Making computer systems talk around the world using the same standard language that keeps expanding & expanding, often creates "flaws" on how a system should behave. And because in the end of the day, a computer is just memory and a CPU, you can have so many problems... Poorly managed dynamic memory, poorly designed operating system, poorly designed http server...
Honestly, I only expect people to understand how to find vulnerabilities on web, if they have a good sense of how the majority of the system works. If you don't have, you'll just assume a lot of fantasy that isn't real.
Sheezyoh@reddit
Generally if I need to troubleshoot something, I try to break it up into functional steps, read comments or documentation (if available). Troubleshooting is a skill too that you need to develop and I wish I could just give a step by step but its something you figure out. Honestly, troubleshooting is what takes you from a junior to senior.
If I had to say where to start, make sure you have the fundamentals well understood. You can't expect to hunt for bugs if you don't know what makes a bug a "bug". Build and make stuff, review GitHub projects,contribute to project. It sounds like you just need more exposure to build this still.
Sweaty_Kiwi5077@reddit (OP)
that good finally someone who can point a direction and i dont mind paying but currently not in position due to issue on bitcoin lets just say i got hit real real real hard
no_regerts_bob@reddit
Ask the questions