Hi!

Let’s say you’re an entrepreneur, you know what, a “solopreneur”. You have you own side gig and it’s making a few hundred bucks a month. If I told you you can lost the entire thing in a heartbeat because you missed something, you’d be anxious to know what it, right?
​
Rewind 34 months, I was sitting at my desk, assisting the frontend team in troubleshooting their configuration issue. As I opened the devtools pane and launched the network tab, my goal was to locate "config.json". However, something unexpected caught my eye – a file named "client-secrets.json" was also present.

• “This has to be a mistake”, I thought. Let’s click.
• BOOM. Our entire list of authentication secrets, holding customers tokens across partners and other services, has been leaked.

​
My heart began to race. I immediately sent a message to the entire engineering team, instructing them to cease all activities and convene in a Slack "war room." To summarize, after a grueling 48 hours, we succeeded in rotating all necessary keys, informing our partners, and mitigating an issue that had the potential to be catastrophic for the company.

A week later, out of curiosity, I started searching for IDORs, and broken access control within our system. “If every key we had got leaked, I might as well search for smaller things.” What do you know, I found one, not very complicated either. I just fired an API request to our backend and changed the role value to admin. Simple as that.

Many engineers tend to focus more on progress, feature development, and meeting tight deadlines than on security concerns. It's understandable, given their workflow: they operate in sprints, engage in various ceremonies, manage story points, and work under close supervision from managers. In such an environment, prioritizing security can often take a backseat.
​
During interviews, I began querying developers about their knowledge of SQL injections, methods to test for IDORs, strategies to prevent XSS, and ways to avert CSRF, among other security topics. The responses were disheartening; it seemed that security was not a priority, and that's an understatement.

Security isn't only about rotating passwords or implementing MFA (though adding MFA everywhere is highly recommended due to its simplicity and effectiveness).

I see it more as a marketing issue: developers should be versed in hacking techniques. To clarify, I'm not advocating for backend engineers to delve into hacking systems. However, experimenting with SQL injections on a vulnerable (test) database can be surprisingly enjoyable and informative. Gaining insight into how the code you write might be susceptible to various attack vectors can be a real eye-opener.

There’s no need to go too far, the OWASP Top 10 is a great place to start. You’ll find broken access control, security misconfiguration, XSS, and other simple vulnerabilities, that are relatively easy to test, protect from and fix.

As an engineer, I think you should care, or at least take some interest and learn about the basics to keep your applications secure.

This can also become quite a lucrative gig if you decide to take part in bug bounty programs like HackerOne, where some hackers make hundreds of thousand every year. I had to pleasure to find bugs (simple XSS and no payouts but a great learning experience), as well as being on the other side; receiving reports from solo hackers and handing payouts!

Basic understanding of straightforward hacking techniques has enabled me to identify potential domain takeovers for numerous clients, discover unencrypted data leaks in JavaScript files, and unearth various other intriguing findings over the years.

Moreover, this knowledge has proven valuable in job interviews, often providing the unique edge interviewers looked for in candidates but didn't anticipate.

Above all, I believe that cultivating an interest in basic hacking relevant to your area of expertise is a form of taking responsibility.

Whenever I discuss this topic, it often sparks controversy and intense debates. Nevertheless, I encourage you to reply to this email with your thoughts, questions, or to share any similar experiences you've had.

In keeping with this week's theme, I want to highlight an open-source project that has been instrumental in helping me scan and resolve local Wifi issues from my Mac: Bettercap. While operating systems like Kali Linux offer tools such as Wifite and the Aircrack-ng toolset, it's somewhat rare to find a tool as effective as Bettercap for other platforms!

I hope you found this post insightful, feel free to respond directly.

Have an awesome weekend,
Omer