Introduction
Since this is my first blog, I'll briefly introduce myself. My name is Vajid. I work as a Software Engineer in the Bay Area. For most of my professional life, I have worked on full-stack web applications using Javascript frameworks. I enjoy generating new ideas and devising feasible solutions to broadly relevant problems. My colleagues would describe me as a driven and resourceful individual who maintains a positive and proactive attitude when faced with adversity.
You can find more information about me and the projects I have work on here in my Portfolio.
Why I started blogging?
I don't even know where to start, but the vast majority of what I know I learned on my own. And I'm a guy who prefers reading books/blogs over youtube videos. Because it allows one to go at their pace and allows for skipping of learned material to be able to focus on the content of interest. After many years of reading other blogs and thinking to myself that I’m not really that into writing or that I didn’t have that much to write about, I have finally gathered enough courage to start one.
What I'll blog about?
It took me a lot of time to decide on what to write about since there are millions of bloggers who are so much higher up the food chain than me, who have much more experience and know-how, and it always feels like they have pretty much written about all the things that I know. Working in the web application domain I have been trying to improve my knowledge of web application security. While the world was busy dodging COVID-19 and resurrecting the economy, web application security probably hasn’t gotten the attention it deserves. COVID got us working from home and brought unique problems with it. Web application security is more important than ever in this new world where employees are able to access any company data, tools, document, and code from home directly over the internet using Web Applications. The other important factor is the growing number of vulnerabilities going into production code. 2020 was the fourth record year of the number of vulnerabilities recorded into the US-CERT Vulnerability Database.
According to patchstack, by some estimates, about 30,000 to 50,000 websites get hacked every day. The numbers are growing daily and the importance of website security is increasing rapidly.
Being secure in the online world becomes more and more important every day and it is vital to protect your website and the data it holds now. The 3 main reason why web application security is important are
- Business reputation loss and drop in revenue
- Preventing the loss of sensitive data
- Hacked websites can target your customers
Did you know - 56% of all internet traffic is from an automated source such as hacking tools, scrapers and spammers, impersonators, and bots. So you might think - is my website secure from these tools?
Here's a good article to understand in brief about the OWASP Top 10 Web Application Security Risks.
What I'll blog about?
I recently came across this tweet
A lot of content creation is just saying what others said, but shorter.
— Alex Llull (@AlexLlullTW) June 15, 2021
With this tweet in mind and my affinity towards learning more about web application security, I decided to blog about the things I learn while reading the book THE TANGLED WEB A Guide to Securing Modern Web Applications by Michal Zalewski. It's actually a pretty decent introductory book. Although it was published long back(~ 7 years ago) and we have come so far with the technologies we used these days. When this book was published, IE had a 40% market share, followed by Firefox with 30%, and Chrome with only 20%. Given that more recent numbers show Chrome with 70%, FF with 10%, and IE + Edge together only at 10%... the Internet has changed. But the basics never change. The internet is still driven by URLs and cookies, and even the introduction of HTTP/2 and HTTP/3 now doesn't change things that much.
That's it
This brings to the end of my first blog and excited to see how this blog series on Web application security will turn out. Keep coming back to my site and check for updates right here on the blog. I decided to keep this first blog short and sweet, since it is mostly an introduction to myself, what I do, and the motivation behind blogging. I am very active on LinkedIn and Twitter as well! Usually, I tend to post interesting links and articles I find around the web, on Twitter, so If you just want to be updated on some cool stuff, connect with me there.