DEV Community: Khalil Preview

Here are the 6 questions to ask yourself before joining a startup

Khalil Preview — Wed, 17 Nov 2021 09:15:14 +0000

There are a number of parameters to consider before joining a startup.

Startups can often offer more exciting work than that of already established companies. The excitement of rapid growth, the need to succeed, and increased responsibilities are all factors that attract employees. But they also come with inherent risks, as most startups fail.

The world of work has been turned upside down over the past two years, partly because of the pandemic, but also because of a cohort of Gen Z youth changing jobs frequently. Many of them demand that employers - who are already grappling with the “Great Resignation” phenomenon and the anti-labor movement - meet with them on environmental, social and governance issues and on labor flexibility. This is where agile startups can shine.

If you are considering joining a startup, there are a few things you should know before applying: Pay attention to the job description, expect little organizational structure, and consider whether you can afford to take the risk.

Insider asked six HR experts for their best advice on how to prepare for an interview and what questions to ask yourself, but also what to ask the startup before accepting a role.

1. Are you prepared to accept less coaching?

“If you're looking for structure, don't join a startup,” said Wendy McDougall, CEO of recruiting technology firm Firefish. If you want a clear path to career progression, you're not looking in the right place. It may differ depending on the stage of the startup, but there will likely be few ready-made paths to formal leadership roles.

To become indispensable, a startup employee must be able to perform well at all stages and be prepared to know everything about the business "from the start," said Sarah Wisbey. The founder of Luna Careers also said it can lead to impostor syndrome in some cases.

In the event that there is a job description, applicants should be wary of coded language. "It can be more subtle in some cases, but the way a job description is written can say a lot about an organization's values and culture," said Samantha Lawrence, senior vice president of corporate strategy. staff on the Hired recruitment site. “The way a job description is written can indicate what it's like to work in a startup - 'and if you can see yourself thriving there,' she added.

2. Are you at the right level in your career?

Joining a startup in the early stages can often mean leading a one-member team or being the first technical employee. "For junior candidates, in particular, it is important to understand the structure of the technical team, then assess whether your experience and level of seniority will nevertheless allow you to work independently", explains Aude Barral, Director the creation and co-founder of the developer recruitment platform CodinGame.

There may be limited levels of supervision or chances to learn from a mentor, while a flexible management system could also mean working closely with the founders. "For the right person who is not discouraged by a steeper learning curve, there will be more opportunities to learn and develop and gain technical experience faster," added Aude Barral.

3. Are you open to unconventional working methods?

“Work-life balance and a flexible work environment are high on the wish-list of many developers,” said Codingame co-founder, citing research from her platform - “and that's it. 'one of the many reasons startups attract applicants. "

"Startups have been at the forefront of the flexible working revolution", argued Aude Barral before adding that "many startups offer a modern working environment with user-friendly and responsive offices and cutting-edge tools that meet the expectations of today's tech professionals. "

“As the team is small, the impact you have as an individual is very clear, and there is no place to hide or let go,” he added. "You should join a startup if you want to work hard, grow quickly, and learn a lot."

4. Will the startup take care of your well-being?

“If there is little or no investment in the support and wellness benefits, think twice before signing on the dotted line,” said Sarah Wisbey. An interesting indicator may be the offer of a work abroad policy, as this shows confidence and the extent to which the startup values work-life balance.

"Explore and compare what's on offer," said Paralympic athlete Liz Johnson. “Work benefits may seem like trivial considerations, but your mental and physical health should always come first,” she said, adding that “preventing burnout doesn't require an all-expense yoga retreat. paid, but it requires a company that cares about you and listens to your needs. "

5. Can you afford to take the risk?

Most startups fail, making the job for one of them risky and uncertain. "It is important to know whether the business is funded by venture capital funds or by seed funds," says Sarah Wisbey of Luna company. "Research the company's investor support. Take into consideration that if it has reputable sponsors it is more likely to have better growth."

Ask yourself if the exposure to its employees, the networking opportunities and the lessons to be learned "will compensate for the heart palpitations you will feel with each increase," adds Sarah Wisbey. For first-time employees, there is also "huge potential" for returns from stock options.

6. Ask yourself why you want to choose this startup over the others?

Even early-stage startups need to be able to present a full brand image, including their mission, vision, and unique selling point. It helps applicants see why a startup is right for them. “If that is not clear in the job description or on the site, it is not a good sign,” said Samantha Lawrence of Hired. "It's a bigger red flag if a startup's vision, mission, or culture seems confusing or unclear to you."

Liz Johnson, of Podium, reiterated the need for full branding. Prospective employees should "interrogate the company's manifesto" to make sure it matches their own values, she said. "When businesses value inclusion and equality, they are more likely to be diverse and, therefore, more likely to be successful," she added. "Beyond that, inclusive businesses will generally be more progressive, more supportive and more collaborative workplaces."

In the end, follow your instincts

“To be successful in a fast-paced startup environment, you have to be hungry,” said Wendy McDougall of Firefish. “The greatest pleasure of joining a business at this early stage is throwing yourself out of your comfort zone every day.” Does this idea turn you on or off? Be honest with yourself, and it will let you know if joining a startup is the right decision for you.

Conduct A Web Application Penetration Testing

Khalil Preview — Mon, 08 Nov 2021 10:30:35 +0000

In this digital age when everything is being done online, web applications have become an integral part of all businesses. Since today’s web applications usually store or send out sensitive data, they attract malicious hackers and script kiddies, at an unprecedented level, to find and exploit vulnerabilities in them for their personal gain or just to have fun.

To secure your web application, security testing is the best way to identify security loopholes and misconfiguration flaws in your application before malicious hackers do. This is achieved by simulating attacks in order to find the potential vulnerabilities in your application.

Why Is Web Application Penetration Testing Important?

Web application penetration testing a.k.a web app pentesting is essential as it helps in determining the security posture of the entire web application including the database, back-end network, etc. Moreover, it suggests ways to strengthen it. Here is the list of some common objectives for performing web applications penetration testing:

Identify security loopholes in web applications
Verify the effectiveness of the existing security policies and controls
Ensuring compliance such as PCI DSS, HIPAA, etc
Check configuration and strength of components exposed to the public including firewalls.

Types of Web Application Penetration Testing

You can either conduct internal or external penetration testing or both depending on the your business requirements.

1) External Penetration Testing

External Pentesting involves simulating attacks on the live website/web application. This kind of penetration testing runs on the Black Box testing methodology.

During this, the pentester only gets the list of the organization’s IPs and domains, and using just IP & domains the pentester tries to compromise the target just like the real-world behavior of malicious hackers.

This kind of testing provides a comprehensive view of the effectiveness of your application’s security controls that are publicly exposed since it includes testing servers, firewalls, and IDS.

2) Internal Pentesting

Sometimes the organization overlooks the need to pentest the web application internally. They feel that no one can attack from inside an organization. However, this isn’t the case anymore. After the external breach, internal penetration testing is done on a web application to identify and track the lateral movement of the hacker from inside.

Internal Pentesting done for a web app that is hosted on the intranet. Thus, it helps in preventing the attacks due to the exploitation of vulnerabilities existing within the corporate firewall.

A Simplified Approach to Perform Web Application Pentesting:

There are four ideal phases in which web application pentesting can be performed.

1) Planning Phase

During the planning phase, a number of important decisions are made that directly impact other phases of penetration testing. It includes defining scope, timeline, and people involved among other things.

Most importantly during defining the scope of the security assessment, there are various things that are considered before going to the next phase of testing. These may include application pages that need to be tested, deciding whether to perform internal or external testing or both, to name a few.

It is also crucial to define the timeline for the whole process. This ensures that the assessment doesn’t drag out and timely security controls can be put into play to strengthen the defense for your application.

2) Pre-Attack Phase

In this phase, the reconnaissance is done which is important for paving the way for the next phase of testing. Especially, it includes looking for Open Source Intelligence (OSINT), or any other information available publicly that can be used against you.

We can perform port scanning, service identification, vulnerability assessment, etc in this phase of testing. To accomplish this you can use tools such as Nmap, Shodan, Google Dorks, dnsdumpster, etc.

As we all know, due to the growing adoption of social media among the organization’s employees, hackers can easily fool employees and extract or guess passwords they use for their social media, threat actors do this by carrying out social engineering attacks to target those organizations that have weak internal security posture implemented.

3) Attack Phase

During the attack phase, the pentester tries to exploit the vulnerabilities found in the last phase. They try to go one step further by identifying and mapping the attack vectors.

In an attack phase, the pentester gets into a web application’s internal structure and try to compromise the host.

This may involve social engineering attacks, physical security breaching, web application exploits, phishing employees or CXOs of an organization, etc.

4) Post-Attack Phase

After the penetration testing is complete, a full detailed report is generated. This report can vary from organization to organization or type of application that is pen-tested.

But generally, the penetration testing report includes a list of vulnerabilities, an analysis of the finding, proposed remediations, and a conclusion. Apart from that, the pentester is also responsible for restoring the systems and network configurations to their original states in the post-attack phase.

Monolithic & Headless

Khalil Preview — Tue, 02 Nov 2021 09:24:33 +0000

Monolithic applications are applications that are running on the same server and all the calls it makes are local. While headless applications are applications that have the front-end separated from the back-end, thus allowing to remove the server overhead.

It is not appropriate to say that one is being used more than the other, in what I have been working as a developer, the 2 types of systems are very required since large monolithic platforms allow faster development, for clients who are only looking for a website or a Simple e-commerce, based on templates, but on the other hand there are also clients who need more robust web applications and who require headless systems for higher performance.

Monolithic Systems

In this case, the frontend and the backend are closely linked and inseparable. The monolithic CMS interface accesses content from a backend database, and then this content is used within the website design. By default, from a design and presentation perspective, all content is transferred to the platform.

Headless Systems

The term 'headless' comes from the concept of cutting off the 'head' (the front-end, that is, the website or application) from the 'body' (the back-end, that is, the content repository, the database, etc.). Therefore, a headless CMS is a back-end only CMS built from the ground up as a content repository that delivers database content (SQL and NoSQL) and files to any platform or device via API.

A headless CMS remains with an interface to manage content and a RESTful or GraphQL API to deliver content where you need it. The main focus of the Headless CMS is to store and deliver structured content and allow content publishers to collaborate on new content. In a headless CMS, the responsibility for the presentation and design of the content is given to the distribution channels. Due to this approach, a headless CMS doesn't care about how and where its content is displayed. Allow each channel to represent content in its own individual way.

Differences

There are a number of differences between monolithic systems and a headless system, including:

Monolithic systems have many built-in features that not all clients need.
A headless platform gives you access to entities, examples of these are pages, menus, products, blogs, people, etc. Entities are the base objects that you can later modify and enhance according to your requirements.
Monolithic systems are more focused on providing solutions to the end customer than to the developer. The Core dna platform strikes a balance between the development environment and the management environment.
Headless platforms in many cases do not come with end-customer management tools. Core dna continues to provide easy-to-manage tools within our headless platform.
Accessing the information in a monolithic system can be difficult.
Monolithic systems require infrastructure and security tools to be in place for them to work.
Monolithic systems can take time to learn and understand how they work.
Headless platforms allow you to create your own publishing environments.

First Post

Khalil Preview — Thu, 28 Oct 2021 10:01:42 +0000

As a lead back-end developer, I have gained knowledge of different technologies in web development. I have always thought that my knowledge would be useful for someone who is just starting out in web development or just want to know more about this field. Hence, I will start writing blog posts about web development.

covering topics such as technologies, business logic, python programming and coding .

I also want to share some articles about how to learn and know what you need to know as a web developer, written in an informal manner that makes them accessible to anyone.