Any other developers about ?

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Seems theres not so many of us, anyone working as a developer or dabbling ?

 

I did some Smalltalk at uni also, lot the Smalltalk people moved to Java. It didn't entirely suck, just a resource hog for the time. Even now Java can be a resource hog too.

 

Most development I see done now, is all outsourced\offshoring.

I see a massive gap in developers who also know security not just for creating the application but also from a pen testing point of view so many applications have security holes in and are getting exploited that I have seen organisations now start to say maybe it is cheaper to develop a secure application from the beginning and not as an add-on near the end.

 

I was more interested so see who is a developer on the forum, there has never been many devs here even in 2007. I don't think this is a geographic issue. If anything there are more developer jobs now than in 2007.

I have taken pen test courses and also looked into reversing. I'm familiar with kerberos, SAML, PKI, encryption, OAuth, XSS, SQL injection, CSRF, buffer overflows, fuzzing, and a whole bunch of other stuff.

Anybody with experience will try not to create insecure applications, the problem is there are many inexperienced developers. Development is fairly hard to begin with, writing a 'secure application' is much harder and likely much more expensive.

Generally you are on a small close knit team and you have 1-2 years to develop an application with a lot of features and get your product to market. Developers are working flat out 50 hours a week most of this time, on top of this they are expected to be project managers, testers, pen testers, business analysts, technical authors, operations, security experts, etc. Its not really that surprising that stuff gets missed.

Often Pen-test teams are hired or internal security teams are used to look at the product. Generally they don't massively increase the quality of the product but they do increase the cost, because unless you get an elite team of security researchers looking at the product for a few months, you don't find the issues.

It's like me asking you to build a ford mustang because I don't have a lot of money. Then later on because the product is successful I ask you to turn the mustang into a tank.

Teams are generally scaled up and down throughout the duration of the project to save on costs. Most projects simple can't afford full time security staff throughout the full duration of the project. Even If they could afford it, since there really are only a handful of elite security researchers in the world, such staff would in most cases be useless CISSP type people.

Until you actually build something yourself from the ground its easy to criticize, why not write your own secure software if its so easy?

If you look at Heartbleed you will see that even security experts get it wrong.

How many MS security hot-fixes have we seen over the last 20 years.

 

Apologies if it sounded like I was blaming developers! Building a secure application is more then just the developers I have seen many a time when they have had to build an application but the business have not actually said what application they want!

My point was as you mention it is not easy to do so if you have the ability to do it then you will be in the few.

Have you ever considered bug bounty hunting as something to do?

As for developers on here good point I always just assumed certs were not that big in the field. Compared to say Networks for example where most go down some kind of Cisco, palo alto route etc.

 

Finding bugs in someone else's software can be trivial or extremely difficult depending on how badly it is written.

The type of people that are likely to pay for such bugs are the people that will fix the easy to find bugs.

You are therefore looking for the proverbial needle in a haystack.

The reason there is buggy software is it costs so much more money to write perfect software than adequate software.

Finding the issues is the hardest part, if it takes me 2000 hours to find one bug, and I get £2000, I make £1 an hour.

The economics simply don't stack up.

Add to that I could spend 10,000 hours and find zero bugs, its simply not good business.

How many books have you bought with zero typos, grammatical mistakes, misspellings, punctuation, or factual errors ?

 

I'm a developer focusing on a legal software currently but just landed a new job I start in December hoping to dabble in a few other things! Got knowledge on website development with PHP and MySQL and looking to finally start looking at an MVC before starting my new role.

In the UK developer roles seem to be prolific at the moment, more so than tech or support roles.

 

Good to see you Dazzo, hope it works out!

 

I think I'd like to get into a DevOps role eventually. That's loosely my aim at the moment, but you never know how things will pan out over the next 5-10 years. But yeah, I do find myself interested in the development side of things.

D'you think it's worth learning Computer Science - in terms of the theory? I bought a book called computer science illuminated a month or 2 ago and plan to give it a good few reads in the future.

For now, at least I'm focusing on the operations side and trying to understand and learn as much as I can before I focus on anything else.

 

@Pseudonym I would look at the following
https://www.pluralsight.com/courses/linux-cli-fundamentals
https://www.pluralsight.com/paths/docker
https://www.udacity.com/course/introduction-to-operating-systems--ud923
https://www.udacity.com/course/advanced-operating-systems--ud189

Then look at stuff like, bash scripting, git, ansible, vagrant, and basic networking.

Then maybe play with jenkins and teamcity, but that is optional really.

Book contents page looks decent, its worth knowing the fundamentals of number systems etc also which the book covers.

You should be able to get up to speed on most of this stuff in under two years.

I tend to set smaller goals like try to learn basics of subject X in 2-4 weeks, or learn advanced feature Y in 1 week.
Then as you go along keep trying to apply what you've learnt or see how it relates to another subject.
If you do this constantly for 2 years you make lot progress.

I would train myself into the role and take a DevOps role with basic salary. Wait too long and the change can harder to make.

 

Cheers for that mate. Sorry for the late reply. I have a habit of disappearing on here..

definitely some good looking resources there, as soon as I'm finished with my current cert path I'll be looking at precisely all of these.

 

When I first wanted to get into IT I wanted to be a developer.. gave it up after a month. I was more into web dev I did enjoy learning it but couldnt see myself doing it as a career, I find support more interesting now. I could fall asleep in a convo about dev work but could sit and talk for hours about AD, Exchange etc. Different strokes for different folks I guess.

 

I'm not really sure development is precisely what interests me. I'm more about automation, the fact that you can make 500 computers do things at the same time fascinates me. I think I just like the idea of time saving and efficiency, even though it takes days-weeks sometimes to get solutions up and running haha. Really satisfying feeling for me though when you figure it out and iron out all of the kinks.

 

They are all just programs that were designed and written by programmers. Typically in C++. LDAP and Mail servers are pretty established ideas.

I find most enterprise bloatware pretty dull, certainly things like config options or boring corporate user interfaces.

I enjoy the techy parts, making something fast, small or efficient, solving a challenging problem.

I used to enjoy writing compact efficient code in assembler or C, now things are lot different, but the focus tends to be on functional, reactive and multi-threaded.

 

I generally like the idea of saving people time or making their life easier. I'm relatively new to development so this may change but making process' faster, or building something from scratch which enables someone to do their job efficiently is a big reward.

I think I am getting access to pluralsight in my new job so plan on jumping straight in to a course over christmas and finishing a Udemy one up next week on my week off