- public: true
- tags: insights
@documentflower on Discord requested insights into my mind
I have an archive where I document personal little insights of people I like.
My objective is understanding personal insights that other minds built, as also their methods, approaches or valuable conclusions.
If you find some value, feel free to mention or even elaborate the most core and useful insights/methods that your mind built and formed till the present day — about programming, logic, bug catching or anything related to the mechanicity of the mind.
- Security bug hunting insights
- Bug hunting mostly involves testing a lot of possible failure cases, and in well-written software most potential issues will turn out to be non-issues upon further investigation.
- Having a fast iteration loop for testing variations of a potential issue is helpful.
- Having the source code is enormously valuable for finding issues.
- I spend a lot of time browsing codebases just to gain an understanding of how it works, without looking for any specific bugs.
- I find large codebases intrinsically interesting to read - it's fascinating to see how complex software works.
- i.e. I spent a while perusing the GitHub codebase out of curiosity before I started looking for any bugs.
- Having an IDE that makes it easy to jump to a function definition is useful here.
- Allows you to more quickly assess if something might be a problem.
- Looking at different call-sites of security relevant functions and seeing differences in how the function is called is helpful.
- Comparing different implementations of the same logic (e.g. GitHub and GitLab) can reveal bugs.
- Sometimes they both have a similar issue!
- General life advice
- Drink lots of water
- Have fun!