Hypothetical cognitive bias stating that people with low ability at a task overestimate their own ability, & that people with high ability at a task underestimate their own ability
➡️Work : Dunning-Kruger effect can make it difficult for people to recognize and correct their own poor performance.
That’s why employers conduct performance reviews, but not all employees are receptive to constructive criticism received.
➡️ Politics:
Supporters of opposing political parties often hold radically different views without realising what they actually knew.
➡️ Bug Bounties:
Researchers when read disclosed reports/blogs/write-ups think this was super easy and do not implement it while other thinks it was very smart and difficult I can never think like that.
We need to find balance between both.
Why do people overestimate their own abilities?
➡️Imagine taking a mcq test on a topic you dont know. You read the questions and choose the answer that seems the most reasonable.
How can you determine which of your answers are correct?
Ans - Metacognition
➡️Reality: Dunning-Kruger effect affects everyone, including you. No one can claim expertise in every domain. You might be an expert in a number of areas and still have significant knowledge gaps in other areas.
It isn’t a sign of low intelligence. Smart people also experience it
➡️How to Overcome this effect :
✅ Take your time - Don't rush for decisions
✅ Challenge your own claims
✅ Change your reasoning - Do not apply same logic to every problem
✅Learn to take criticism
✅Question longstanding views about yourself - Assess yourself once again
• • •
Missing some Tweet in this thread? You can try to
force a refresh
Role: Analyses and assesses vulnerabilities in the infrastructure (software, hardware, networks), investigates available tools and countermeasures to remedy the detected vulnerabilities.
Works with any one or all of the other roles/titles related to securing computers, networks, software, data and/or information systems against malwares or risks.
→ Computer Security Incident Responder:
One of creates a rapid response to security threats and attacks such as viruses and denial-of-service attacks in the organisation
A comprehensive thread on OWASP!
What is OWASP Top 10?
2013 vs 2017 vs 2021 ?
How OWASP is useful for pentesters and bug bounty hunters?
My Views on OWASP 2021 Update?
Who is Owasp?
→ Open Web Application Security Project
→ its a non-profit foundation dedicated to improving the security of software. @owasp operates as open community model, where anyone can participate in & contribute to projects, events, online chats, and more.
{1/17}
What is Owasp?
→ OWASP Top 10 is an online document on OWASP’s website that provides ranking of and remediation guidance for the top 10 most critical web application security risks
What is XML, Entities and DTD?
How OWASP Top 10 2021 merged XXE in Security Misconfiguration?
XXE exploitation Types & Payloads for pentesters and bug bounty hunters
↓
→ XXE stands for XML External Entity
→ XXE is possible in applications which processes XML data in client side or server side
→ All Office documents process XML data. Eg -docx,xlsx,pptx
{2/18}
→ XXE attacks are possible when external entities are included and are processed.
→ OWASP Top 10 2017 introduced XXE at A-4 position.
→ OWASP Top 10 2021 merged in Security Misconfiguration at A-5
Comprehensive Thread on Web App Fuzzing!
What is web fuzzing?
How can web fuzzing be super useful in Bug Bounties or Pentest?
FFUF for Web Fuzzing?
↓
{1/16}
Fuzzing is generally finding bugs/issues using automated scanning with supplying unexpected data into an application then monitoring it for exceptions/errors/stacktraces.
The motive is to supply superfluous data to trigger exceptions and see if it could lead to issue.
{2/16}
Fuzzing is since several years and has been done is different ways.
The term "fuzz" originated from a fall 1988 class project in the graduate Advanced Operating Systems class (CS736), taught by Prof. Barton Miller at the University of Wisconsin.