tag:blogger.com,1999:blog-13756280.post4123222070499811454..comments2024-02-08T03:44:23.780-08:00Comments on Jeremiah Grossman: Chasing Vulnerabilities for Fun and Profit IIJeremiah Grossmanhttp://www.blogger.com/profile/05017778127841311186noreply@blogger.comBlogger13125tag:blogger.com,1999:blog-13756280.post-52108521085075374092007-05-16T08:34:00.000-07:002007-05-16T08:34:00.000-07:00If your into cutting-edge webappsec, its a hard jo...If your into cutting-edge webappsec, its a hard job to top thats for sure.Jeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-20318919464022045562007-05-16T06:37:00.000-07:002007-05-16T06:37:00.000-07:00Wow Im jealous, you have the 'dream job' if you as...Wow Im jealous, you have the 'dream job' if you ask me.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-45045432994108265052007-05-14T17:43:00.000-07:002007-05-14T17:43:00.000-07:00Why not? Everyone in tech likes hacking stuff. At ...Why not? Everyone in tech likes hacking stuff. At least I used to think so.Jeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-38858373783779755822007-05-14T17:33:00.000-07:002007-05-14T17:33:00.000-07:00I've never seen someone get so excited about what ...I've never seen someone get so excited about what amounts to post facto QA work before...Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-83644875484758955602007-05-14T11:10:00.000-07:002007-05-14T11:10:00.000-07:00Yah definitely. Its especially fun on real world w...Yah definitely. Its especially fun on real world websites as well. There simply is no substitute.Jeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-84985500360621935822007-05-14T11:07:00.000-07:002007-05-14T11:07:00.000-07:00Haha speed hacks + swordfish certainly yields inte...Haha speed hacks + swordfish certainly yields interesting results...thankfully you didn't quite go there in the article outright! :)<BR/><BR/>That technique really does sound fun, enlightening, and a good practice for you and your team. Keeps things fun but productive and likely builds skill in everyone. Besides, how valuable could it be to have some cocky developer say, "go ahead and try our site out a few minutes and see what you ge..." "Done!" :)Unknownhttps://www.blogger.com/profile/15357840241031190415noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-29879901814846633242007-05-14T07:34:00.000-07:002007-05-14T07:34:00.000-07:00Jordan, I think we might actually have something h...Jordan, I think we might actually have something here. Something new and exciting to do at a local meeting rather than the standard 2 hours of slideware. I might have to try this out in the Bay Area and see how it goes.Jeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-25171432775427475272007-05-13T15:13:00.000-07:002007-05-13T15:13:00.000-07:00Awhhh Swordfish made me do all this! ^^Ronald van ...Awhhh Swordfish made me do all this! ^^<BR/><BR/>Ronald van den Heetkamp<BR/>0x000000.comAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-74320384989715345092007-05-13T07:35:00.000-07:002007-05-13T07:35:00.000-07:00Very interesting post, Jeremiah. This story sounds...Very interesting post, Jeremiah. This story sounds like a good argument for having the public and administrative interfaces hosted in two completely separate places.mbrisbyhttps://www.blogger.com/profile/06111867459021395319noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-65238046106197619452007-05-12T12:21:00.000-07:002007-05-12T12:21:00.000-07:00It's a cool idea having a race to discover vulnera...It's a cool idea having a race to discover vulnerabilities, but I can't help wondering who's going to write the final report :) .<BR/><BR/>When the fun is gone, putting together a valuable report is _so_ boring (yes, i get to write the reports :) <BR/>office desk vs. field ops.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-56968551527741524992007-05-11T19:33:00.000-07:002007-05-11T19:33:00.000-07:00That is a good idea. And as you said before, anyb...That is a good idea. And as you said before, anybody can win since there's so many places to look and you never know what the right track is going to be. Lots of fun hunting though, and by their very nature fast so easy to do at a meeting. <BR/><BR/>It would be cool to require that people who submit an app make it publicly available online, maybe as a part of some OWASP repository -- could build a really large collection of test apps to practice and learn on.<BR/><BR/>I know there's a lot of resources out there like that, but I don't know that I've seen them aggregated very well anywhere.Jordanhttps://www.blogger.com/profile/08341608982649448622noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-38818393660795965892007-05-11T14:56:00.000-07:002007-05-11T14:56:00.000-07:00ahaha yah. You'd probably do really well at those ...ahaha yah. You'd probably do really well at those here. We haven't had one in several weeks. Too busy. :)<BR/><BR/>You know. Speed hacking would probably be a cool exercise for local OWASP/WASC meetings. Have some people bring in VMWared websites, set-up a local LAN, and some kind of prize to the winner. Might be cool!Jeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-59611647844798472272007-05-11T14:52:00.000-07:002007-05-11T14:52:00.000-07:00And here I was thinking the contest at RSA was not...And here I was thinking the contest at RSA was nothing like the real world in the timed setup and fast pace -- sounds pretty similar though! Of course, I know there's a lot more that goes into what you guys do, but at least one part of the real world matches. ;-)<BR/><BR/>Those speed rounds sound like a lot of fun.Jordanhttps://www.blogger.com/profile/08341608982649448622noreply@blogger.com