Before saying someone’s code is sh*t code, you should know what is good code. Apart from those that are not readable, in general, the good code should run fast and take up less memory space. Everyone can say their code is good, but how do you prove it? Simply monitoring runtime and memory space may not be accurate due to various factors-the data matters, and hardware also matters. A more scientific way to do so is to look at the “trend”-if the number of items grows, how would the time and space grow?

The other day, our tech lead suggested we implement supervised machine learning to automate our ticket approval system. He said it would be very easy. I had no idea how it worked-and honestly, I was confused. Why not just use if-else statements? Problem Statement We have a ticket approval system, a platform for reviewing tickets that request access to some resource. With an increasing number of tickets being submitted, manually reviewing them has become inefficient.

Recently, when I debugged a web app, I had to add my own test domain to a CORS allowed list there. Then I remembered having seen a CORS vulnerability report before and decided to delve deeper into this topic. Create a Simple Web App with CORS Misconfiguration Essentially, we require a web application with a straightforward login feature and a data endpoint. With misconfigured CORS, we should be able to see the sensitive data from another origin.

As a young professional in cybersecurity, do you often feel so dumb that you can’t understand some concepts? Maybe my experience can help. My Background I studied Information Security in college. We had the usual foundational CS and math courses, along with cryptography. Back then, the security field seemed straightforward—either you were an attacker or a defender—even though I had no idea how either actually worked. Later, I interned at two companies, where I learned about web pentesting and Active Directory security.

So, I almost submit my first valid bug report… What Happened The other night, I finally decided to give bug bounty a try. I found a VDP program and let ChatGPT write me a recon script. That recon script returned with several subdomains, and when I went through them, a weird domain caught my eye. What the hell is ‘whoami.xx.xx.com’? Out of curiosity, I opened that in my browser. Holy cow, it looks like a debugging page with an internal IP!