The Hackbright Winter 2016 engineering fellows visited the NCC Group office in San Francisco on Tuesday, February 16 to learn about information security!
Special thanks to Cara Marie (Senior Security Consultant, NCC Group) and Andy Grant (Regional Vice President, NCC Group) for organizing and leading the tech talk.
We learned about InfoSec (or “information security”) at a high level, from OWASP Top Ten to using Burp (pictured) to expose security concerns in a simple, vulnerable web app. It was so much fun to see SQL injections and cross-site scripting (XSS) happen to the locally-hosted web app, and realize how easy it is to have a security compromise. Charles Proxy is another common tool used for penetration testing (or “pen testing”) if you want to try this at home.
For more hands-on infosec experience, check out OWASP’s Goat projects which include WebGoat and RailsGoat.
We were treated to delicious Mediterranean food at NCC Group, and ate lunch with their security engineers and consultants!
Lots of great, honest conversations with a diverse group of infosec professionals from NCC Group! Thanks again to the team at NCC Group for welcoming Hackbright’s 13th engineering fellowship to their San Francisco office!
From port scanning to exploiting vulnerabilities to compromising servers, general security knowledge goes a long way. Another good area to look at is secure transport (SSL/TLS and SSH) and understanding the different trust models they rely on.
To learn about the security world, check out “So you want to be a security consultant?” and “What should I do to get into Information Security?”
Pictured above: Hackbright alumna & NCC Group Senior Security Consultant Cara Marie with the Hackbright engineering fellowship class graduating Winter 2016.