During my 12 or so years running penetration test companies I’ve had to quote for, and be responsible for delivering 1000’s of tests. The spectrum of clients couldn’t be broader, from 1 person startups to some of the biggest companies in the world.

I decided I wanted to create technology instead of always being the guy with the bad news and I now run a mobile development company. I wanted to share my security experience to help other companies understand best practices when hiring a security testing partner.

Here’s my insider’s guide to getting a pen test ⤵️

Preparation

Ideally start…

AWS CloudFront is a global content delivery network (CDN) which can be used to act as a robust web server for our React applications with very little configuration and zero maintenance.

This is brief guide to hosting a site 👍

Building React For Production

From the CLI issue the command “npm run build”. This should create a “build” folder containing our production assets.

Create An S3 Bucket

On AWS create an S3 bucket to host the code. Don’t worry for now about permissions as we’re going to let CloudFront set the permission later. …

A little configuration I add to all our web dashboards here at Dogtown Media (mobile app developer) which are hosted on CloudFront is to disallow search engines from indexing the site. A little security through obscurity on top of the real security. With CloudFront and Lambda this is quick and easy.

CloudFront Configuration

In CloudFront enable a Behavior with the Path Pattern

/robots.txt

Mine looks like this:

Lambda Configuration

The first step is to set-up the node.js script that replies to any request with:

User-agent: *
Disallow: /

This will inform search engines not to index the site.

The node.js Script I use can…

I wanted to find a relatively cheap and easy way to wake my home PC remotely. I have remote access software but didn’t want to leave my PC running 24 hours a day so I could occasionally access it.

Enter the Particle Photon a ~$19 WiFi connected development board. The thing I like about this is they’ve already taken care of the back-end services. So for a quick home project where I just want to get it done, its a great fit.

The steps I took are as follows:

1. Wake-on-LAN — Made sure my PC network card supported Wake-On-Lan. This…

What the heck is 5G?

This is the technology surrounding the so-called 5th generation of mobile connectivity.

Why should I care?

This is important as 5G should offer speeds up to 100 times faster than current mobile networks.

So this means you could potentially download a full-length HD movie in a matter of seconds through your phone. Bonkers.

With virtual reality, AI and IoT applications becoming even more bandwidth needy, this is a big deal. The landscape will change for app & game developers, home automation and numerous other industries.

Will I be able to ditch my home broadband?

Well potentially yes. It will depend on prices and availability. Personally I have one choice of Internet provider in…

One of the challenges for home automation developers has been how does something sitting in your home network, which is presumably on a private network behind a firewall hidden from hackers, and be readily available to a mobile app on a mobile phone which could be potentially anywhere in the world.

When you receive the little plastic Internet box from your ISP, what you’re generally getting is a modem, router and firewall in one. The combination of these means you can be connected to the Internet but safely hidden from view. …

Previously i’ve talked about how the vulnerabilities exploited in the Mirai DDOS are a remnants of the past, not a sign of the future. But at the same time vendors creating IoT devices do need think about security closely to make sure they’re not part of a future botnet. I’m fortunate to have a foot in both worlds as co-founder of app developers Dogtown Media and penetration testers Tiro Security and have a fairly unique viewpoint as i get to play poacher and gamekeeper with IoT.

I thought I would give 10 practical IoT hardening tips for IoT companies. This…

For one reason or another, it’s a fairly common scenario for an organization to need to move developers. Often this transition is well organized, other times a zip file with no instruction turns up in your email. We want to try and preserve as much information as possible for the new developers to start work on this project.

The Transfer

The two largest cloud git providers Bitbucket and Github offer options to transfer the ownership of repositories. This is by far the easiest way and preserves the git branch structure.

This usually involves the old and new developers being in communication. But…