About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Penetration Testing and Low-Cost Freelancing- 280

George ChatzisofroniouPosted 5 Years Ago
  • Security audits for websites are becoming more and more normal as security becomes a must-have for companies. However, the average person cannot afford a pentesting firm. So, they use freelancers.
  • The author of this article paid 7 people to test the same website which had two MAJOR vulnerabilities (auth bypass to admin and SQLi/hardcoded password on the login). What were the results?
  • The bulk of the testers (at different prices), just ran Nessus or some other automated security tool on the site. With this, very little was found. Out of the 7 testers, each bug was discovered and successfully reported ONCE. What does this tell you?
  • Hire professionals and people who know what they are doing. If you pay $50 for a security audit, expect to get a Nessus scan.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed