ACM.296 Let’s look at that F and what it really means: when it matters and when it doesn’t.
Part of my series on Automation of cybersecurity measures. Application security. Penetration testing. Data breaches. Deploy a static website. THE Coded.
Free content on Cybersecurity Jobs | Register at Broadcast list
I’ve finally finished some other work and am returning to my series on deploying a static website. In the last article I explained how to add a policy to your ECR registry so that it can be used with a Lambda function.
Before I continue, I need to move on to another topic discussed recently. Do you receive a “penetration test» which is not really a penetration test but in reality a “vulnerability analysis» ?
I’m going to demonstrate using my own website, which has a few issues that I know about and plan to address in this series – but I would consider them low risk and explain why.
That said — as I just mentioned — I will repair them. Why would you leave risks on your website if you don’t have to? In my case, I hadn’t updated my website since 2020 because I was too busy.
But now I’m taking the time as I’m writing this series and upgrading some of my penetration testing tools that I use on AWS in the process. So let’s get this over with. Follow the series if you want to see how I do it, what matters and why or why not.
I created my website in about 5 minutes so I could start my business because my lawyer told me a website was necessary. Since then, I’ve barely looked at it. I finally updated it recently after a few years when AWS made me an AWS Security Hero, but I intentionally didn’t fix some “known issues” so I could write about them – and consider the relevance of certain analysis results and the risks associated with them. problems on my particular site.
I’m going to try to “hack my own website” in a future article or possibly a new series and show you the implications of some things.
But let me start with the fact that if you have malware on your machine that performs a…