People at my church will be working in the community today instead of traditional church services. I will be out there too, working on a food drive to benefit the families of deployed Marines who typically get little in return for the extreme sacrifices. If you see me at Von’s or Stater Bros, come say hi. You can follow my tweets on the hash tag #CommunityService. I will add to this post to describe my experience later.
I got this verbatim from my pastor last night in a church meeting.
Four Different Levels of Change
- Mind: Information is the key to change a mind. Make sure they have the data. Facts are more persuasive than opinions, but do not necessarily generate consensus.
- Heart: Relationships are the key to spur a change of heart. The focus is on empathetic understanding instead of compelling arguments. An especially difficult hurdle is that emotional reactions are directed at the leader.
- Lifestyle: Experiences are the keys to changing lifestyle. Leaders need to give others the opportunity to have the same kind of experiences that they had, which helped bring about their own change.
- Culture: Commitment is the key to change in culture. A common mistake is to believe that one has won a commitment when one as one a vote. Cultures change slowly.
Do what you say and say what you do.
I think I got that from an ISO 2001 audit preparation meeting in the mid-90’s during an effort to sell fax machines that we were manufacturing at HP to the EU. I like that so I try to use it.
Do What You Say
I said that I was going to try Improving the Value of Testing. What would be better than security testing? A bunch of things, you might say. But the reality is that security is the highest risk you are facing in your products. The bad guys understand more than you do, and probably more than the people who make the security tools you use already. For me, I do not even understand much about what the tools do, or know the difference between sql injection and cross-site scripting.
Say What You Do
So I am going to venture into this a little by trying to do some security testing with tools that I get from where ever. I will even make some home-grown tools if possible because I like to build and I like control. That would help amp my understanding to a higher level, in my opinion.
My first attempt was to crack open an old book How to Break Web Software by Mike Andrews and James A. Whittaker. Things change a lot in 6 computer years. All the web services are in SOAP – yuck. That’s like getting your mouth washed out. And almost all the tools are for Windows, but I primarily use a Mac. Still, I think I can get some concepts out of this. I try the paso proxy, but it’s not working for me yet.
So I move on to SoapUI. That’s an old friend, but I have never used it for security nor Rest. I spent some time on trying to simply send a request (POST) to my system under test but the SoapUI crashed. And crashed. And crashed. I tried five times before I went to their forum and found an recent unanswered post called Clean Install: Mac OSX beach ball of death. Oh dear.
I spent a lot of time on those without getting anywhere. Edison would have said that I learned some ways that it doesn’t work. I will add more as I have time and additional information!