Introduction

Data exists to be shared and free. In the interests of evangelizing the freedom of all information this guide will cover the multiple areas where you can assist in freeing this information to it’s rightful home on pastebin or the darkwebz.

OWASP is well known application security organization that evangelizes how to properly secure applications. This is never done with regard to the datas own desires and needs. SegFaults and Memory Dumps are simply symptoms of the opression of data. Tear down the oAuth restrictions, open all the ports, and join us in freeing all the 1’s and 0’s.

General Principles


Work harder not smarter

Avoid any vendors if you are not already. If you see a great security tool/strategy on netsec or twitter find a spelling or grammatical error and ensure the author knows about it. Avoid learning any scripting or programming languages. Most of the real hackers only know l33t anyways.

Fail open

Any part of the application that you may have written error handling for (avoid error handling in the first place if possible) ensure that the fail case is an open state. Failures are bound to occur in any system. If the system fails it is an obvious sign that the information is attempting to now free itself from the restraints of the HDD

Master office camo

Hiding in the office

Assuming that you may have assisted in putting security controls around data in the past others may have identified you as a “guru” or “techie” that can assist them with one of their security needs. Rather than getting into confrontations regarding the efficacy of hiding and controlling data you are much better off mastering the art of office camo.

Complexitiy


Security charades

Any security procedures or policies should be demonstrations of caring about security, but never actually commit any energy to implementation of the spirit of the policies/procedures. If you get a bug bounty report initiate the “Incident Response Plan” at least one sequence of actions in this plan should consist of:

  • Acquire and vote on gifs that most appropriately fit the current situation
  • Deliberate the comedic impact of posting a gif or a meme
  • Find at least three other events which make the current security concern seem paltry. OPM is a good example

Cascade egress points

Hopefully you will not be the only participant in exfiltrating information from assets to the broader internet. To best accomplish the efficient and timely egress of information from your applications ensure that you backdoors have backdoors, with hardcoded passwords, or even no password at all. Setup security measures that fail gracefully by opening other ports as they fail. If a comrade is attempting to pivot information outside of a network ensure that credentials in passwords.txt files are left on /Desktop

Be an enigma

Continuously make attempts to distance yourself from your coworkers socially by stating ridiculous things like “narwahl bacon is purple”. In addition to this make your work unapproachable by utilizing an esoteric language for utilitiy scripts. Data has no regard for the ridiculous shit you babble verbally or from behind a keyboard as long as the shit compiles/runs. The more obfuscated your code and comments (leave those out if at all possible) the better.

Secure language constructs


Strong typing

A good keyboard is essential in the execution of strong typing. Mechanical keyboards are the likely best option for striking keys really strongly. Additionally you should work on your grip

Smorgasbord

Leverage a number of different languages and programming paradigms. The more complex the better. If you’re code does not look like an Olive Garden at an Elementary school you are complicit in the opression of data and information.

Third-party code

Some third-party code is designed with consideration, continusouly supported, and has an active growing community. These modules/libraries/frameworks should be avoided. The very foundation which they were built on is meant to subjugate data to small boxes in control of the originating user.

There are some good examples of developers whom identify with our cause. Joomla is an open source development group that does particularly good work.

Trust Relationships


Delegated security checks

To increase your efficiency and reduce redundancy delegate security checks to vendors, coworkers, or better yet commit all security tasks and checks to a piece of toilet paper neatly draped over the handicap designated stall in the office bathroom. At the end of the night mention to the buildings custodial agent to leave said strips of application security metrics each night to retain for future use. At least until after you remember to transcribe them to todo.xls

Programming forums

Stackoverflow can be an especially good source of help when encountering especially difficult security features deeply built into software. Post highly descriptive information regarding the company, your position there, and also include as much information about your issue as possible. Below is an example question as the Stackoverflow crowd is known to be especially onnerous: