Yoo Welcome to Issue #20 of Navigating Security.
🍃Quote of the week:
I’m too lazy to lookup quotes. <Insert cool quote>
What To Expect 🫡
Answering questions from the previous issue by Byron, the “noob” 💀
A new series coming out soon as well? 🤔
This Week’s YouTube Video:
⚠️ The newsletter is currently not sponsored
Answering questions from the last post 📝
As you may have seen, I have a friend helping me out with the newsletter now because I can’t do anything consistently. If you haven’t read the previous newsletter issue, I suggest you do so, but you can probably get away with just following along.
❓How do you build muscle memory when it comes to OWASP-related vulnerabilities, even when you’re expecting SQL injection it’s almost like each time you’re doing something completely different.
🅰️ Muscle memory is built with practice, just like everything else. The more you do it, the more you’ll know how to approach different situations because in reality no situation is the same. The principal concept is what matters.
❓How do you maintain patience and precision when using time-based blind SQL injections?
🅰️ You’re literally shooting in the dark. Patience is a virtue.
❓Can you explain why the classic payload ' OR '1'='1 works, and in what scenarios it might fail?
🅰️ What I can tell you is it doesn’t work anymore in modern applications, especially considering that most developers know how to write “safe” code against those types of attacks. SQLi still exists, it’s just a little more complicated than before. The following articles might be helpful:
❓Does experience with app development help with web app hacking?
🅰️ Yes. As a beginner, probably not, but when you reach a point where you’ve progressed past being a scriptkiddie it’ll be harder to hack without some knowledge of how applications are built.
❓What’s the best approach to mastering OWASP-related vulnerabilities, since they seem to be a common requirement on job postings?
🅰️ Practice, practice, practice. Do CTFs, do labs, read disclosure reports. Pick a few things you are most interested in and go as deep as possible.
New Year, New Series 🤓
I might just be back from my many frequent hiatuses.
When I started creating content, I never intended to come across as a teacher in any way. I didn’t know much, so I wanted it to feel more like, "Here’s what I’m learning—come learn with me."
I’d like to return to that approach and show you how I’m now growing into a more mid-level professional—not necessarily a noob anymore.
The series will be called How I’m Learning to Be a Better Pentester. I’ll primarily be highlighting what I’m learning, how I’m being intentional about my growth, and how you can be too. The first post should be on LinkedIn soon, if it’s not already—so catch me there as well!
As always, if you have any questions or suggestions, feel free to hit me up on LinkedIn or Discord. Cheers!
⏱️Incase you missed the previous issue, here you go:
Suggestions
Hit me up on Discord or LinkedIn if you have anything you feel would be cool to include. Thanks, Cheers.