As an infosec guy, I used to spend alot time writing and optimizing own projects in C. This was because C was regarded as the language of elite hackers. As a novice I took it seriously.
At some point Python became really popular in infosec and practically all tools were written in it. It was also used by malware authors. This got me to learn the language and realize that it can do everything for me I need C for, while being a lot faster to develop.
So I mostly left C for Python and later for other higher level labguages.
Nowadays at $WORK I occasionally read and fuzz C code. But don't write it at all.
On my own projects I use C#/Elixir/Python/Perl as they let me make the most of my limited free time.
Typically kustomize and plain YAML - I like “infrastructure as data”. For IaC tho I’ve been enjoying Pulumi which has been a hit for my Typescript loving developer friends.
I used something similar in the past for website analytics but came to realize that javascript based tracking is more useful for my use case of understanding how people use my website.
JS tracking leaves out most bots as well. They were a nuisance with this method.
Ports can't be hacked but the application listening on them can ;)
You can have vulnerabilities on the server software and its configuration even if you are serving only static content. This should be unlikely if you use up-to-date battle-tested software like nginx without making crazy config changes.
If you serve dynamic content, that may also have vulnerabilities that hackers can exploit.
reply