Skip to main content

· 6 min read
Aleh Zasypkin

Hello!

Today, I'd like to show you how you can leverage the "Webhooks" feature of Secutils.dev to explore third-party web services, or as a security researcher would say, perform a basic active reconnaissance. Reconnaissance is just a fancy word for gathering information about a target system to identify exploitable vulnerabilities and potential attack vectors. In this post, we'll focus on learning how a specific web service implements functionality that interests us. Our intention is purely innocent — we simply want to understand how it works. However, the technique we'll use is quite similar to what security researchers employ during routine reconnaissance.

· 5 min read
Aleh Zasypkin

Hello!

Until this year, I had never published a blog post on the internet. However, in the past month, I have published 10 of them and shared them on LinkedIn, Twitter, and Mastodon, the only three social/professional networks I use. This is not my usual approach, and you may wonder why I'm doing it. The reasons are multifaceted, so let me explain and hopefully encourage others like me to start writing as well.

· 4 min read
Aleh Zasypkin

Hello!

As the end of "Q2 2023 - Apr-Jun" milestone (that's how I structure my roadmap) is quickly approaching, I wanted to give a quick update on the progress so far. One of the significant deliverables for this milestone is a functional web resources tracker utility. The utility should give developers the ability to track resources of any web page. You may be wondering why they would want to do that and how it relates to security. Let me explain using two personas: the developer and the security researcher.

· 3 min read
Aleh Zasypkin

Hello!

Just a short update this time, as I was busy preparing my tax return and rebalancing my personal portfolio last week. Ensuring that your personal finances are in good shape is a critical skill, especially when you don't have VC funding 😅 But seriously, I believe this topic is worth highlighting.

· 6 min read
Aleh Zasypkin

In my previous posts, I have consistently emphasized the importance of improving efficiency and reducing waste, whether it's time, money, or energy. This concept has become a central theme in several projects I am currently involved in, including Secutils.dev. Today, I want to share my thoughts on security configuration management and how Secutils.dev and similar tools can enhance efficiency in this area by empowering software engineers, who are responsible for designing and implementing security configurations.

· 6 min read
Aleh Zasypkin

Hello!

Today, I'd like to share my perspective on formal project management for small to medium-sized projects, using Secutils.dev as an example. When starting a new project, it's often driven by a spark of inspiration or a strong desire to solve a specific issue for yourself or a group of people. At this early stage, formality can be a distraction and drain motivation quickly. You have a clear vision of what needs to be done, and adding unnecessary formalities can hinder progress.

Initially, things may go smoothly without a formal project management process. You create functional prototypes, launch an MVP with a catchy domain name, and receive positive feedback from early users. However, over time, the excitement from these achievements can diminish, and internal motivation alone may not be enough to drive the project forward. This is a natural human tendency, and it's important to recognize it. If you're satisfied with your project in its current state, or if it was originally intended as a short-term fun project and you're ready to move on to something new, that's perfectly fine. You should absolutely embrace the joy of building and exploring new ideas.

However, if you want to advance a more complex project and still maintain sufficient motivation, I believe it's essential to adopt a different strategy. The strategy I'm going to discuss next involves incorporating a bit of formal project management to keep yourself on track, sustain progress, and avoid the disappointment of yet another unfinished project.