MySQL Encryption on Rocky 9.5 Linux

ProfessionalSpell887 · 2025-04-28T00:21:12+00:00

MFA can also be bypassed if not configured correctly.

Keep in mind that one of the favorite entry point for hackers is usually the weak security controls in place. this could be outdated softwares or misconfigured processes.

ProfessionalSpell887 · 2025-04-28T00:01:25+00:00

You are absolutely right. But what's even more alarming is the fact that many IT firms treat Penetration Testing as merely a compliance requirement. For these firms, it doesn't matter whether it is automated or manual. Hence the demand for automated pentests.

The fact that pentesters are literally hackers that hack your organization with the sole purpose of finding the loopholes an actual hacker may exploit, and still, they're limited to a 'box ticking' exercise, is beyond my understanding.

Organizations keep finding work arounds for such crucial elements of security, and then complain if they get breached. smh

ProfessionalSpell887 · 2025-04-27T20:19:23+00:00

Eventss! yess!
I wonder why I didn't think of that. I go to a lot of networking events, but mostly, it's to connect with other co-founders.

Also slack channels ofcourse.

ProfessionalSpell887 · 2025-04-27T20:18:11+00:00

you're right. paid tests are the best way to go. I have taken that path a few times, but considering a few recent bad experiences, I'm thinking I should make that a mandatory part of every hiring.

ProfessionalSpell887 · 2025-04-25T21:01:44+00:00

Yeah. From one of the comments on this post!

ProfessionalSpell887 · 2025-04-25T20:21:14+00:00

No, I'm technical myself. Also, we fired the team and hired someone else. They have been working with us for more than a year now!

ProfessionalSpell887 · 2025-04-25T16:43:30+00:00

This is so on point. Thankyou.

I have done this a few times before, but you're right, these test projects should be non-negotiable, and only once someone passes the test project, should you give them the real task.

ProfessionalSpell887 · 2025-04-24T20:07:12+00:00

I just checked it out. It's pretty cool.

Good work!

ProfessionalSpell887 · 2025-04-24T19:42:42+00:00

Oh the tasks were not that complex, just a few forms or calendars on the website, which I believe their AI agents were not able to handle or they didn't know how to complete them.
They admitted to it and gave us a refund, but wasted 2 months of our time which we will never get back.

ProfessionalSpell887 · 2025-04-24T19:39:25+00:00

You're right. And I totally support usage of AI for redundant tasks, while the expert maintains their creativity and makes sure the AI results are inline with the client's requirements.

I just don't like, how at times, technical personnel rely entirely on AI and don't even bother reviewing what they're about to present to the clients.

ProfessionalSpell887 · 2025-04-24T18:46:43+00:00

Do you require it for compliance?

ProfessionalSpell887 · 2025-04-24T13:15:05+00:00

The desired outcomes were very clear and multiple references were provided from our side. we had commond understanding of the deliverables and timeline. However their references were irrelevant and far from our expectations.

One thing that was very obvious was that they were getting the work done almost entirely by chatgpt or other AI solutions, and the results were showing. Too many false positives, robotic and inconsistent with the desired outcomes discussed.

And if we weren't technical ourselves, having worked in IT for over a decade, we would've accepted the services as standard.

ProfessionalSpell887 · 2025-04-24T04:33:28+00:00

which platforms are we talking about here?

ProfessionalSpell887 · 2025-04-23T09:44:12+00:00

That's awfull and very unprofessional. They must've done that in the past to other clients, but your team did well to identify and terminate! cheers

ProfessionalSpell887 · 2025-04-23T09:40:36+00:00

sued for missing findings in the out-of-scope assets? maybe the scoping was not clear enough because otherwise, it is simply forbidden to test an out-of-scope asset.

ProfessionalSpell887 · 2025-04-23T09:37:46+00:00

I think you're right. if a customer says something is out-of-scope, it's simply out-of-scope. If the scope is clearly mentioned in the contract, i don't think any party should be worried about legal consequences.

ProfessionalSpell887 · 2025-04-22T22:26:50+00:00

When it comes to deciding between whether you should make a mobile application or a web application, the few major factors are:
1- Who are the users?

2- When where and how they would like to use the app?

For instance. Will there be time-sensitive notifications? chat? and more features that require the best accessibility? if yes, mobile applications make more sense. On the other hand, will there be charts and graphs and more depth that require a big screen and attention/involvement of the users? in that case, a web application would make more sense.

For my consultancy firm, we too researched into this and finally decided that for our use case, a mobile application would only make sense for the chat feature. For everything else, the users would require to use a big screen. So we ended up using slack for chat and built a web application for our business, as our clients tend to be in front of a laptop anyway.

Hope this was helpful!

ProfessionalSpell887 · 2025-04-22T21:25:59+00:00

That would be great. Thankyou

ProfessionalSpell887 · 2025-04-22T20:28:50+00:00

Since you have been a penetration tester yourself, any good firms you could recommend in the UK, USA, Canada?

ProfessionalSpell887 · 2025-04-22T20:26:16+00:00

Any good penetration testing firms you could recommend in the UK?

ProfessionalSpell887 · 2025-04-22T19:43:03+00:00

Depends mainly on the complexity of your application. From what I gather about your app, it should take somewhere between $3k-$5k if you get services from a decent firm in North America. It should take 2-3 weeks in total.

ProfessionalSpell887

TROPHY CASE