고정된 트윗
You need to realize that hackers don't see websites the way others do - a thread
Here's what an ordinary person sees when they subscribe to a charity. They only see the user interface and are restricted by it:
English
Devsecurely
963 posts
Devsecurely
@devsecurely
Our sole purpose is to make security concepts accessible for all developers | We taught 320+ developers how to secure their applications.
Paris 가입일 Eylül 2023
435 팔로잉533 팔로워
@imaibou The scene where everyone celebrated a pull request merge. That happens in our office all the time!
English
A Fortune 500 company. A 6-figure security budget.
Vs. a 14-year-old and one leaked API key.
🎬 API: The Big Leak
English
@imaibou When I realized the importance of skills, it became easy to improve all aspects of my life.
I was able to just identify the skill I was missing to achieve a certain goal.
Then it became a matter of finding the right learning material, reading it and practicing.
Easy peasy.
English
5. Skills level you up
Think like a video game character: advance by mastering skills.
Sit down, think about the skills you would need to level up, and master them.
If you're a developer master docker, cybersecurity...
If you're a founder master copywriting, sales...
English
I was:
- Obese
- Asocial
- Disappointed with my life
- Working a 9-5 that I didn't enjoy
Now I'm:
- Athletic
- Social with amazing friends
- Very happy with my life
- Founded a company that I'm passionate about
I'll share the 5 principles that allowed me to get there 👇
English
My website got HACKED back in 2011.
I lost all my users and all that work was for nothing.
I then started to learn everything I can about cybersecurity and became a penetration tester.
Now I teach developers about cybersecurity.
Let's #connect and make internet a safer space!
English
@imaibou I can't agree more on the "simplifying tech concepts" part.
If you build incredibly complex solutions, but you can't explain them clearly to your superiors, then it's like it never happened.
English
DEGREES don't determine your developer path.
SKILLS do.
Master:
- A programming language and its framework
- Git, Docker, Kubernetes
- Web application security
- Communication & simplifying tech concepts
Which skill are you conquering today?
English
@imaibou I can't even begin to count how many websites I compromised because of these silly passwords
English
Don't give them much to attack in the first place!
Imed Bounab@imaibou
In your opinion, which goal is easier to score against? The big one on the left obviously!! The most efficient way to protect your IT infrastructure is to reduce the attack surface. If you don't need to expose a service on the internet, don't expose it.
English
@imaibou The discipline part hits hard.
Sometimes you get tired of a particular project and don't feel motivated to continue.
You need to learn to keep pushing until you reach the finish line.
English
You will NEVER be an amazing developer unless you learn these skills:
- Docker & kubernetes
- Secure development
- How to simplify technical concepts
- How to quickly understand another dev's code
- The discipline to work even when you don't want to
English
Hackers can get your whole database content if you have even one instance of SQL injection.
You have 2 solutions to avoid this:
- Use prepared SQL queries
- Use an ORM in your application
And whatever you do, never concatenate user input into an SQL query string.
English
Restrict the attack surface to reduce the risk of getting hacked !
Imed Bounab@imaibou
Don't leave the door to your safe open. You should restrict access to admin interfaces. Yes, even when they require login. You shouldn't give hackers the opportunity to try and guess the correct credentials. Only allow the admin's IP address to access the service
English
If you are a developer, you need to be very paranoid about phishing attempts.
If hackers compromise your computer, they can access your application's source code.
They can introduce backdoors or vulnerabilities.
This allows them to compromise the application in production.
English
Exactly! Why would you not do it?
It's easy, free, and has a lot of advantages.
Imed Bounab@imaibou
It's a very bad idea to not have HTTPS. Hackers can: - See what your users do on your website - Steal your users' cookies and passwords - Change the website content and replace it with scams Also, modern browsers will not open your website and will show a big warning instead
English
This must be one of the rare cases where getting hacked was a good thing 😅
Imed Bounab@imaibou
My website got HACKED back in 2011. I lost all my users and all that work was for nothing. I then started to learn everything I can about cybersecurity and became a penetration tester. Now I teach developers about cybersecurity Lets #connect and make internet a safer space!
English
Devsecurely 리트윗함
In soccer, the goal is the surface area defined by the goalposts.
The goalkeeper knows exactly what to defend.
You should identify all the websites you own that are accessible on the internet.
Clearly define the attack surface you need to defend.
English
@calvinochieng_ I love these motivational posts. They get me pumped!
English
✓ SUCCESS doesn't come from waiting until you're fully prepared.
✓ It comes from STARTING, even when you're unsure.
✓ the fear of failure often holds us back - 🔥but the real FAILURE is never starting at all
Good Morning Pals
English
@EiiKwesiKay That's true. Small actions give you a huge momentum that converts into huge wins
English
@EiiKwesiKay Personal stories
Quotes
Useful tips.. atleast that's what I see performing better on my account.. how about you sir
English
What tools do you use along side X to help with your account management and content creations?
I'm curating a X tools list and adding them to a directory website.
English
@acrosettdev Those lines compound and make huge projects over time 😁
English
