When I got kicked out of college for my hack (rm https://news.ycombinator.com/item?id=5090007) all I did was spam URLs with different IDs and test if they returned 200 or 404.. and bam press coverage + job offers. Sometimes the simplest of stuff can lead to nirvana.
I'm no longer in security since it was getting very addicted (I would start testing every website I'd visit for vulbs)..and I had to change and decided to jump into the startup world.
You don't have to choose one of them. I was in a similar position about 6 years ago, software + security background and passion for startups which led me to start my own company (https://www.netsparker.com/), we're building a tool to automate web app security and advancing the automated scanning in web apps, it's really fun stuff if you are into security.
Security industry is great for startups and new comers, another option is obviously working for a security startup, there are tons of them.
That's a pretty bad idea if you don't have permission from the owners of the site.
Yes, there is a reason why bounty programs exist, they make it plain that testing is 'ok'. In absence of a bounty program or a relationship with the company you can't claim that you 'don't mean harm' and that your tests would never break the software or the network. It's going to be lumped in with actual attacks.
I've found a disturbing number of SQL injection and XSS attacks like this, just messing around on obscure sites.
I run a small business and have noticed our customers try to do the same sometimes, their user ID is visible in the URL at some points. I see the error logs saying they tried to load something they didn't have permission for at least a few times a month.
Do you think there's a serious legal risk here, assuming I don't perform any bad queries on the DB but just see an error message from it and assuming I don't give anyone an XSS'd link, just from plain toying with URLs?
All the sudden every user on the site is getting alert popups.
A lot of these sites can calculate down to the second and the dollar how much they lose if their site goes down. Guess who's liable if the cause of that downtime is you?
But that's criminal law. That's a real concern, but the bigger concern is tort law. If you blow up someone's site by getting an XSS input cached and replayed to all its users (or, heck, even if you just cause an alarm that they have spend money responding to), you are going to be liable.
"""The text above is preface to a little security book I write for newbie hackers and web developers."""
Faith and dogma exist wherever people have outsourced their ability to think. 'Buddhists' do this too, just as some adherents to other faiths do too.
On a side note, the intellectual portions of Vedic literature often emphasise the need for viveka (knowledge, discrimination) and prashnena (questioning) which are requisite qualities of a shisya (student). Arguably, much of Buddhist metaphysics is based on these Upanishadic texts (Vedanta).
Typically infrastructure engineers get to (or rather have to) over-engineer things. When you build a bridge you don't build something that is _just_ good enough to hold X cars. You design it to hold X + Y% and/or have Z redundancy
Most software doesn't put peoples lives in danger and thus doesn't get the budget/resources to put in NASA like engineering in software
I'm not sure if the original designers intended for these to have multi-millenia design lives, but I bet that they could have been made much cheaper...
Edit: even if the requirement is for X to be the best in the world (which, as a non-quantifiable requirement, makes me uneasy), the goal would still be to do it as cost effectively as possible.
Being a client-side developer in gamedev (i.e. a space that's not as sensitive to security as a lot of other industries) feels so good.
A buggy and/or vulnerable game client or server is generally just as hazardous as most any other buggy or vulnerable software.
Yeah, except that in many (most?) modern games you can't have a fully-untrusted client... for performance reasons you have to give the client too much information. From what I understand, getting that balance just right is rather tough. :(
> Buggy game client can only be hazardous...
Don't forget that the vast majority of games pass data to 3D graphics card drivers which are terrible, awful, and somewhere between hardly and not at all concerned with security. A bug in a game could hard-lock your system,  or lead to code execution in kernelspace. (Not to mention the usual host of problems a buggy program that has read/write access to everything that the system user it's running as, and generally full network access has.)
 Despite Windows 7's graphics card driver fault isolation system, I've had a couple of graphics-related hard-lockups in the many years I've been using my gaming PC.
"A problem is only a problem when it materializes" - that is the way some people think.
(This isn't the exact link I remember seeing, but https://news.ycombinator.com/item?id=3666564 )
I'm planning to become a solo, freelance, contract worker in IT security.
I have no certs. (I do have a PhD. in a computer related field, though.)
So, how do I convince organizations to hire me in this cert obsessed world?