The latest articles on DEV Community by Joran Honig (@joranhonig). https://dev.to/joranhonig https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F277775%2F0f46a425-2af5-4805-8b3c-5e76c9bc0762.png https://dev.to/joranhonig en Joran Honig Thu, 02 Jun 2022 14:27:39 +0000 https://dev.to/joranhonig/3-activities-to-make-you-a-better-bug-hunter-2a7l https://dev.to/joranhonig/3-activities-to-make-you-a-better-bug-hunter-2a7l <p><strong>That are not actually about hunting for bugs.</strong></p> <p>You can do tons of things to become good at bug hunting: participating in CTFs, reading write-ups and looking for bugs being some excellent strategies!</p> <p>However, <strong>we usually neglect to mention the "other stuff"</strong>. The activities that aren't directly about security at all! Think about it. A professional sports player usually doesn't only play their own sport. They go to the gym and build fitness. You can do the same for bounty hunting!</p> <p>Here are three activities that have helped me become a better bounty hunter:</p> <h2> 👨‍💻 Coding </h2> <p>It's all about <strong>thinking about code</strong>.</p> <p>In writing code, architecting systems, and debugging your own mistakes, you gain insight into what thoughts go into designing a system. This insight is tremendously helpful when you're looking for bugs.</p> <p>Plus, you can build tools that <strong>automate</strong> some of <strong>your hacking</strong>!</p> <h2> 📚 Reading </h2> <p>(Web3) security is a very <strong>diverse field</strong>.</p> <p>You will only get a superficial understanding if you never do your research and dive down that rabbit hole. Read about <strong>how compilers work, game theory, economics, systems thinking, formal methods, traditional security, etc.</strong></p> <p>Go down those rabbit holes! It will pay off tenfold.</p> <h2> 🥗 Health </h2> <p>The picture of a hacker dude that stays up all night, chugs countless energy drinks, and never goes out is <strong>wrong!</strong></p> <p>Sleep, food, exercise, etc., all the boring stuff your mom made (or makes :p) you do. These are critical to your brain functioning and, therefore, your bounty hunting performance!</p> <p><strong>Take good care of yourself!</strong></p> security bugbounty productivity Joran Honig Tue, 20 Oct 2020 18:41:48 +0000 https://dev.to/joranhonig/5-rules-for-writing-in-secure-code-without-anyone-noticing-42im https://dev.to/joranhonig/5-rules-for-writing-in-secure-code-without-anyone-noticing-42im <p>Follow these 5 rules to write bugs without anyone noticing.</p> <ol> <li><p>Do not run any unit tests. Ever.<br> You'll want to be adding bugs during a big refactoring, nobody will notice!<br> Unless you're running unit tests that is! Turn them off!</p></li> <li><p>Linting? <br> No more linting! Code smells are awesome for hiding bugs in plain sight. Easy win!</p></li> <li><p>No more vulnerability scanning<br> Those vuln scanners in CI are just what we don't need. Take any chance to avoid security checks, you'll thank me later!</p></li> <li><p>Alcohol!<br> The <a href="https://xkcd.com/323/">Ballmer Peak</a> is real! Get that nice bottle of whiskey and pour yourself a few fingers. The added creativity will make your bugs so much more interesting! <br> Just take care to not accidentally write bug-free code.</p></li> <li><p>No pair programming, ever. <br> This is an obvious one. It's just way too easy for your partner to spot bugs as you're writing them.<br> Pro Tip: Complain about not being able to get into flow when you're not alone.</p></li> </ol> security jokes