We've run the Juice Shop as a capture the flag competition at my work twice now, once as an individual event, and then a few years later as a team event. Heartily recommend it, it's a lot of fun, you learn a lot, and it's very, very addictive. A great way of learning how these exploits work.
I think you wrote this as as if you were transcribing yourself giving verbal instructions while standing over some junior developer's shoulder.
That verbal style works because verbal communication is real-time and you can provide correction and feedback when something doesn't work as expected. In other words: because you're able to babysit the process and answer questions. Unfortunately, you don't have that luxury in a written medium.
I find that what works better in a written context is to have a concise list of instructions at the top with zero explanation. Below that, you can write a step-by-step explanation of the motivation and intent of each step.
This allows a reader to skip what's obvious and jump to the explanation they need to fill in a gap in their understanding.
I would also suggest you choose a specific target audience that can be expected to understand some things without explanation and who needs only a little explanation to understand a single new idea (e.g. XSS vulnerabilities, but not how to set up a project).
Another minor tip:
Make fewer value judgments and use fewer superlatives—don't write 'X is the best' or 'Y is a great'. Unless X or Y is the subject at hand, it's fine to simply say 'X is a {concise, matter-of-fact description}'.
My impression is that you have a lot in your head and that you're very excited to share that knowledge, which is awesome, but you need to share your knowledge patiently and methodically. That's a good thing though: it means you have a deep well to draw from if you enjoy writing technical articles :)
I would say the ads on that website add to the low quality feeling. a full screen add titled "people that live longer sleep differently than ordinary people" with a skeleton sleeping. looks super fishy and gives the impression of a content farm
Sorry for the assumption. Did you have to use an AI for grammar or freshening up the text?
You've submitted this article before and it was marked dead, and with the questionable "Modern" in the title I was thrown off. AI articles have a certain tone with lots of superlatives and "we" usage.
I think it is awesome to help share this stuff with the world, but focus on being direct. There is some meat in the article, but the signal to noise ratio makes it hard to extract the value from the article.
If you enjoy writing, get doing it. Don't let me get you down. We are all learning as we go <3
Unless you consider Grammarly AI, there was no AI used in that article. But honestly, I don't think AI uses "we", does it? I read that using "we" draws the audience in, as if we were performing tasks together.
Although... I don't know, I've been writing articles like that for awhile. Last night I was writing one and recalled your comment on the "we" usage, making me second guess... haha. Is it really that bad?
Thanks, though. No worries. I assume most articles are AI these days as well.
Honestly, it's not a bad article. I'd not heard of OWASP Juice Shop and now I'm interested to check it out. The article also prompted me to look into how user input sanitising works in the framework I use. So all in all I'd say it's a positive addition to the internet.
I will also add that the excessively positive tone as well as the use of "we" a lot does feel like it has that same AI "let's walk through step by step" style of writing.
I dialed them back after reading this. Although I do consider just shutting them off altogether, as it really doesn't generate enough income to justify their use.
Yeah, I should have explained more in the my initial comment.
I didn't understand the term "Modern" in the title. This exploit is as old as they get on the web, so I was expecting maybe some tool-chain attack or something on the React stack.
And then in the conclusion:
> In this article, we explored an incredible project
I didn't feel the was explored the project.
> We’ve also explored XSS attacks and discussed how they work.
This is the only thing the article did so the "also" through me off.
These are just little things that set off my AI spidey-sense.
reply